How to Efficiently Backup and Restore Your Kubernetes Cluster with Velero and Other Tools

Why backup Kubernetes clusters?

Accidental deletion of a namespace can cause loss of all resources in a cluster, forcing a time‑consuming re‑deployment. Using backup tools reduces downtime and manual effort.

1. etcd backup

etcd backup provides a full‑cluster snapshot that can restore the cluster to a previous state, but it cannot restore individual resources.

<code>#!/usr/bin/env bash
date
CACERT="/opt/kubernetes/ssl/ca.pem"
CERT="/opt/kubernetes/ssl/server.pem"
EKY="/opt/kubernetes/ssl/server-key.pem"
ENDPOINTS="192.168.1.36:2379"

ETCDCTL_API=3 etcdctl \
  --cacert="${CACERT}" --cert="${CERT}" --key="${EKY}" \
  --endpoints=${ENDPOINTS} \
  snapshot save /data/etcd_backup_dir/etcd-snapshot-`date +%Y%m%d`.db

# Keep backups for 30 days
find /data/etcd_backup_dir/ -name *.db -mtime +30 -exec rm -f {} \;</code>

2. Resource object backup

For finer‑grained backup of individual resources, tools such as Velero, PX‑Backup, and Kasten can be used.

Velero

Velero safely backs up and restores Kubernetes resources and persistent volumes, supports disaster recovery and migration.

<code># Create a backup every 6 hours
velero create schedule mybackup --schedule="0 */6 * * *"

# Create a daily backup of the web namespace
velero create schedule webbackup --schedule="@every 24h" --include-namespaces web

# Keep backups for 90 days (2160 hours)
velero create schedule weeklybackup --schedule="@every 168h" --ttl 2160h0m0s</code>

PX‑Backup

Enterprise‑grade backup solution for Kubernetes, providing fast recovery at the click of a button.

Kasten

Kasten K10 offers a scalable, secure system for backup/restore, disaster recovery, and mobility of Kubernetes applications.

Installation and usage of Velero

Velero can be installed via Helm, YAML manifests, or the CLI. After installation, CRDs appear in the velero namespace.

<code>velero install --use-restic</code>

Scheduled backups

Operators can create schedules to run backups automatically, specifying interval, included namespaces, and TTL.

Cluster migration backup

One‑time backups can be created for migration using velero backup create with appropriate namespace filters.

PVC backup and migration

For storage types such as Amazon EBS, Azure Disk, or Google Persistent Disk, Velero can snapshot PVs. Other storage can be backed up via plugins or annotations.

<code>apiVersion: v1
kind: Pod
metadata:
  annotations:
    backup.velero.io/backup-volumes: mypvc
  name: rbd-test
spec:
  containers:
  - name: web-server
    image: nginx
    volumeMounts:
    - name: mypvc
      mountPath: /var/lib/www/html
  volumes:
  - name: mypvc
    persistentVolumeClaim:
      claimName: rbd-pvc-zhf
      readOnly: false</code>

Hooks

Pre‑ and post‑backup hooks can run commands inside pods (e.g., fsfreeze ) to ensure filesystem consistency before taking snapshots.

<code>metadata:
  name: nginx-deployment
  namespace: nginx-example
spec:
  replicas: 1
  template:
    metadata:
      annotations:
        pre.hook.backup.velero.io/container: fsfreeze
        pre.hook.backup.velero.io/command: '["/sbin/fsfreeze","--freeze","/var/log/nginx"]'
        post.hook.backup.velero.io/container: fsfreeze
        post.hook.backup.velero.io/command: '["/sbin/fsfreeze","--unfreeze","/var/log/nginx"]'</code>

Other backup tools

PX‑Backup is a commercial product; Kanister focuses on data‑level backup such as etcd snapshots and MongoDB.