How do I install Velero — Backup, Migrate & Disaster Recovery for Kubernetes?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

Velero — Backup, Migrate & Disaster Recovery for Kubernetes

What Velero Does

Backup: Back up Kubernetes resources and persistent volumes
Restore: Restore backed-up resources to the same or different cluster
Disaster Recovery: Recover from cluster failures
Cluster Migration: Move workloads between clusters (cloud to cloud, on-prem to cloud)
Scheduled Backups: Automated periodic backups with retention policies
Selective Backup: Filter by namespace, label, or resource type
Volume Snapshots: Native cloud volume snapshots (EBS, GCE PD, Azure Disk)
File System Backup: Restic/Kopia-based file-level backups for any volume
Hooks: Pre/post backup/restore hooks for app-consistent backups
CSI Support: Container Storage Interface snapshot integration
Multi-Cloud: AWS, Azure, GCP, Alibaba Cloud, Digital Ocean, and more

Architecture

┌─────────────────────────────────────────────┐
│          Kubernetes Cluster                  │
│                                              │
│  ┌──────────────┐  ┌──────────────────┐     │
│  │ Velero Server│  │  Your Workloads  │     │
│  │              │  │  - Deployments   │     │
│  │  Controllers │  │  - Services      │     │
│  │  - Backup    │  │  - ConfigMaps    │     │
│  │  - Restore   │  │  - Secrets       │     │
│  │  - Schedule  │  │  - PVCs          │     │
│  └──────┬───────┘  └──────────────────┘     │
└─────────┼────────────────────────────────────┘
          │
          ▼
┌──────────────────────────────────────────────┐
│  Backup Storage Location                     │
│  ┌────────────┐  ┌────────────┐             │
│  │ S3 / GCS / │  │ Volume     │             │
│  │ Azure Blob │  │ Snapshots  │             │
│  └────────────┘  └────────────┘             │
└──────────────────────────────────────────────┘

Installation

AWS S3

# Create S3 bucket
aws s3 mb s3://velero-backups-mycluster

# Create IAM user with S3 access
aws iam create-user --user-name velero

# Save credentials to file
cat > credentials-velero <<EOF
[default]
aws_access_key_id=YOUR_KEY
aws_secret_access_key=YOUR_SECRET
EOF

# Install Velero
velero install 
  --provider aws 
  --plugins velero/velero-plugin-for-aws:v1.9.0 
  --bucket velero-backups-mycluster 
  --backup-location-config region=us-west-2 
  --snapshot-location-config region=us-west-2 
  --secret-file ./credentials-velero

MinIO (Self-Hosted)

# Assuming MinIO is already running
velero install 
  --provider aws 
  --plugins velero/velero-plugin-for-aws:v1.9.0 
  --bucket velero 
  --secret-file ./credentials-velero 
  --use-volume-snapshots=false 
  --backup-location-config region=minio,s3ForcePathStyle=true,s3Url=http://minio.minio.svc:9000

Usage Examples

Basic Backup

# Backup entire cluster
velero backup create cluster-backup

# Backup specific namespace
velero backup create nginx-backup --include-namespaces nginx-app

# Backup by label selector
velero backup create app-backup --selector app=frontend

# Backup with TTL (auto-delete after 30 days)
velero backup create weekly-backup --ttl 720h

Scheduled Backups

# Daily backup at 1am
velero schedule create daily --schedule "0 1 * * *"

# Weekly backup on Sundays
velero schedule create weekly 
  --schedule "@weekly" 
  --ttl 720h 
  --include-namespaces production

# View schedules
velero schedule get

# Trigger schedule immediately
velero backup create --from-schedule daily

Restore

# List backups
velero backup get

# Describe backup
velero backup describe cluster-backup

# Restore entire backup
velero restore create --from-backup cluster-backup

# Restore to different namespace
velero restore create --from-backup nginx-backup 
  --namespace-mappings nginx-app:nginx-test

# Restore only specific resources
velero restore create --from-backup cluster-backup 
  --include-resources deployments,configmaps

# Restore with labels filter
velero restore create --from-backup cluster-backup 
  --selector environment=production

Cluster Migration

# On source cluster
velero backup create migration-backup --include-namespaces myapp

# Wait for completion
velero backup describe migration-backup

# Switch kubectl context to destination cluster
kubectl config use-context destination-cluster

# Install Velero on destination with same backup storage
velero install --provider aws ... (same config)

# Restore
velero restore create --from-backup migration-backup

Backup Hooks

# Pre-backup hook: Flush database
apiVersion: v1
kind: Pod
metadata:
  annotations:
    pre.hook.backup.velero.io/container: postgres
    pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "pg_dumpall > /backup/dump.sql"]'
    post.hook.backup.velero.io/container: postgres
    post.hook.backup.velero.io/command: '["/bin/bash", "-c", "rm /backup/dump.sql"]'
spec:
  containers:
    - name: postgres
      image: postgres:16

Volume Backups

# Use CSI snapshots (recommended for modern clusters)
velero backup create app-backup 
  --include-namespaces production 
  --snapshot-volumes=true 
  --features=EnableCSI

# Use Restic for file-level backup (works with any storage)
velero backup create app-backup 
  --include-namespaces production 
  --default-volumes-to-fs-backup

Backup Storage Backends

Provider	Plugin	Volume Snapshots
AWS	velero-plugin-for-aws	EBS
Azure	velero-plugin-for-microsoft-azure	Azure Disk
GCP	velero-plugin-for-gcp	GCE PD
Alibaba	velero-plugin-for-alibabacloud	Cloud Disk
DigitalOcean	velero-plugin-for-do	Block Storage
MinIO/S3-compat	AWS plugin	Via CSI
vSphere	velero-plugin-for-vsphere	vSphere volumes

Key Features

Restic/Kopia File System Backup

For storage without native snapshots or CSI:

# Enable file system backup by default
velero install 
  --use-node-agent 
  --default-volumes-to-fs-backup 
  ...

# Backup includes all volumes automatically
velero backup create app-backup --include-namespaces production

Backup Compression

apiVersion: velero.io/v1
kind: Backup
metadata:
  name: compressed-backup
spec:
  storageLocation: default
  includedNamespaces:
    - production
  snapshotVolumes: true
  ttl: 720h0m0s

Retention & Cleanup

# Delete old backups
velero backup delete old-backup

# Delete all backups older than 30 days
velero backup delete --confirm 
  --label-selector 'velero.io/backup-name!='

# Automatic cleanup via schedule TTL

Velero vs Alternatives

Feature	Velero	Kasten K10	Portworx PX-Backup	Stash
Open Source	Yes (Apache-2.0)	No	No	Yes (Apache-2.0)
Cluster backup	Yes	Yes	Yes	Yes
Volume snapshots	Native cloud + CSI	Yes	Native	Restic
App-consistent	Via hooks	Yes (Kanister)	Yes	Via hooks
Migration	Yes	Yes	Yes	Limited
Multi-cloud	Yes	Yes	Yes	Yes
Pricing	Free	$0.25/GB	Paid	Free
Complexity	Medium	Low (GUI)	Medium	Medium

FAQ

Q: Can Velero back up databases? A: Yes, but it needs to be configured correctly to guarantee consistency. A simple approach is to use backup hooks to pause database writes or run a dump before backup. For databases like PostgreSQL, we recommend combining the database's native backup tool with Velero for configs and persistent volumes.

Q: How much space does backup storage need? A: It depends on the data volume. Velero backs up Kubernetes resource definitions (a few MB) plus persistent volume data (actual size). Enabling compression can reduce space by 30-50%. An S3 lifecycle policy is recommended to automatically clean up old backups.

Q: Can I migrate across clouds? A: Yes — this is one of Velero's core use cases. Back up to S3 from the source cluster, then in the target cluster (potentially on a different cloud) use the same backup storage configuration and run a restore. Storage classes and network configurations may need adjustment.

Sources & Credits

GitHub: vmware-tanzu/velero — 10K+ ⭐ | Apache-2.0
Official site: velero.io