An Introduction to Velero for Kubernetes Backup & Restore

This article is part of a series of blog posts on using Velero for Kubernetes backup, restore, migration & disaster recovery.

All articles in this series explore Velero in the context of AWS Elastic Kubernetes Service (EKS).

Stay tuned as we publish more articles in the coming weeks & months. Here’s a sneak preview of what’s to come:

  1. An Introduction to Velero for Kubernetes Backup & Restore
  2. Velero for Kubernetes Backup: Install & Configure
  3. Backup & Restore Stateless Workloads with Velero for Kubernetes
  4. Velero for Kubernetes: Backup & Restore Stateful Workloads with AWS EBS Snapshots
  5. Velero for Kubernetes: Backup & Restore Stateful Workloads with Restic for Velero
  6. Monitoring Velero Kubernetes Backups & Automated Alerting for Backup Failures


Velero is an open source, VMware-backed tool to backup, restore, migrate, and perform DR on Kubernetes cluster resources & persistent volumes.

Unlike other Kubernetes backup solutions, Velero does not access etcd directly. Instead it uses Kubernetes APIs for all operations.

This has a number of advantages:

  1. Velero doesn’t need access to etcd. This is great in cases where you don’t have access to etcd yourself, like in AWS EKS & other managed Kubernetes offerings.
  2. You can backup individual objects (using label selectors), or restrict your backups to certain resource types, or backup everything in a namespace.
  3. In cases where your cluster has multiple etcd servers, perhaps serving aggregated API resources, Velero can still backup those.

Velero Architecture

Velero consists of a server that runs on the cluster & a CLI to interact with it.

Velero CRDs

Each Velero operation is a custom resource, defined with a Kubernetes Custom Resource Definition (CRD) & stored in etcd. Velero includes controllers that process the CRDs to perform backups, restores, etc.

Velero creates the following CRDs:


Restic for Velero

Velero comes with an additional (optional) component called restic, that handles data backup at a file system level if required. The only other option to backup data is to snapshot the underlying EBS volume. The AWS plugin for Velero can do that, if file system backups are not needed. Restic is not installed by default when you install Velero.

The Velero service account has β€œcluster admin” role but can be scoped down with RBAC. We will learn how to do this in another atricle in this series.

WARNING: Cluster backups are not strictly atomic. If Kubernetes objects are being created or edited at the time of backup, they might not be included in the backup.


In this article, we got familiar with Velero for Kubernetes & explored how it works.

How do you use Velero? Do you prefer other backup solutions over Velero? Let us know in the comments below. 😊

About the Author ✍🏻

Harish KM is a Principal DevOps Engineer at QloudX & a top-ranked AWS Ambassador since 2020. πŸ‘¨πŸ»β€πŸ’»

With over a decade of industry experience as everything from a full-stack engineer to a cloud architect, Harish has built many world-class solutions for clients around the world! πŸ‘·πŸ»β€β™‚οΈ

With over 20 certifications in cloud (AWS, Azure, GCP), containers (Kubernetes, Docker) & DevOps (Terraform, Ansible, Jenkins), Harish is an expert in a multitude of technologies. πŸ“š

These days, his focus is on the fascinating world of DevOps & how it can transform the way we do things! πŸš€

Leave a Reply

Your email address will not be published. Required fields are marked *