The Redis Operator provides two CRDs for backup management: RedisBackup for on-demand backups and RedisScheduledBackup for automated backup schedules.
Backup Methods
Two backup methods are supported:
RDB (Redis Database)
Point-in-time snapshot of the entire dataset. Recommended for most use cases.
- Format: Binary RDB file
- Size: Compact, compressed
- Speed: Fast for restore
- Consistency: Atomic snapshot
AOF (Append-Only File)
Log of all write operations. Useful for audit trails or granular recovery.
- Format: Text-based command log archive
- Size: Larger than RDB
- Speed: Slower restore (replays commands)
- Consistency: Per-operation durability
On-Demand Backups
Create a RedisBackup resource to trigger an immediate backup.
Basic Backup
apiVersion: redis.io/v1
kind: RedisBackup
metadata:
name: my-cluster-backup-001
namespace: default
spec:
clusterName: my-cluster
target: prefer-replica
method: rdb
destination:
s3:
bucket: redis-backups
path: production/my-cluster
region: us-east-1
Create the backup
kubectl apply -f backup.yaml
Monitor progress
kubectl get redisbackup my-cluster-backup-001 -o wide
Pending → Running → CompletedCheck backup details
kubectl get redisbackup my-cluster-backup-001 -o yaml
status.backupPath, status.backupSize, and status.completedAt.Backup Targets
The target field controls which pod executes the backup:
prefer-replica (default) - Prefer a replica to avoid impact on primaryprimary - Always run on the primary pod
Backups always run on a single pod. The operator selects an available replica if prefer-replica is set, falling back to primary if no replicas are available.
S3-Compatible Storage
Backups are stored in S3-compatible object storage. Configure credentials via a Secret:
apiVersion: v1
kind: Secret
metadata:
name: backup-credentials
namespace: default
type: Opaque
stringData:
AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
RedisCluster spec:
apiVersion: redis.io/v1
kind: RedisCluster
metadata:
name: my-cluster
spec:
instances: 3
backupCredentialsSecret:
name: backup-credentials
# ... other fields
Never commit backup credentials to version control. Use sealed secrets, external secrets operator, or cloud-native secret management.
Scheduled Backups
Automate backups with RedisScheduledBackup using cron expressions.
Daily Backup Schedule
apiVersion: redis.io/v1
kind: RedisScheduledBackup
metadata:
name: my-cluster-daily
namespace: default
spec:
clusterName: my-cluster
schedule: "0 2 * * *" # 2 AM daily
target: prefer-replica
method: rdb
destination:
s3:
bucket: redis-backups
path: production/my-cluster
region: us-east-1
successfulBackupsHistoryLimit: 7
failedBackupsHistoryLimit: 3
Schedule Syntax
Use standard cron format:
┌───────────── minute (0 - 59)
│ ┌───────────── hour (0 - 23)
│ │ ┌───────────── day of month (1 - 31)
│ │ │ ┌───────────── month (1 - 12)
│ │ │ │ ┌───────────── day of week (0 - 6) (Sunday to Saturday)
│ │ │ │ │
* * * * *
0 2 * * * - Daily at 2 AM0 */6 * * * - Every 6 hours0 0 * * 0 - Weekly on Sunday at midnight0 0 1 * * - Monthly on the 1st at midnight
History Limits
Control backup retention with history limits:
successfulBackupsHistoryLimit: 7 # Keep last 7 successful backups
failedBackupsHistoryLimit: 3 # Keep last 3 failed backups
The operator only deletes RedisBackup CRs, not the backup files in object storage. Implement lifecycle policies in your S3 bucket for automatic cleanup.
Suspend Scheduled Backups
Temporarily pause scheduled backups:
kubectl patch redisscheduledbackup my-cluster-daily \
--type merge \
-p '{"spec":{"suspend":true}}'
kubectl patch redisscheduledbackup my-cluster-daily \
--type merge \
-p '{"spec":{"suspend":false}}'
Monitoring Backups
List All Backups
kubectl get redisbackups -n default
Check Backup Status
kubectl describe redisbackup my-cluster-backup-001
Metrics
The operator exposes backup metrics:
redis_last_successful_backup_timestamp{cluster="my-cluster"} - Timestamp of last successful backupredis_backup_phase_count{phase="Completed"} - Count of completed backupsredis_backup_phase_count{phase="Failed"} - Count of failed backups
Alerts
The default PrometheusRule includes a RedisBackupMissing alert that fires when no successful backup has completed within 24 hours (configurable).
Restore from Backup
Restore a cluster from a backup using the bootstrap field.
Restore only works during cluster creation. You cannot restore into an existing cluster with data.
Create Cluster from Backup
apiVersion: redis.io/v1
kind: RedisCluster
metadata:
name: my-cluster-restored
namespace: default
spec:
instances: 3
imageName: redis:7.2
storage:
size: 10Gi
backupCredentialsSecret:
name: backup-credentials
bootstrap:
backupName: my-cluster-backup-001
Verify backup exists
kubectl get redisbackup my-cluster-backup-001 -o yaml
status.phase is Completed and status.backupPath is set.Create the cluster
kubectl apply -f restore-cluster.yaml
Monitor restore progress
kubectl get rediscluster my-cluster-restored -o wide -w
Healthy.Verify data
Connect to the restored cluster and verify data integrity:kubectl exec -it my-cluster-restored-0 -- redis-cli
> DBSIZE
> GET sample-key
Backup Workflow Details
Understanding the internal backup process:
Cluster validation
Operator verifies the target cluster exists and is in Healthy phase.
Pod selection
Based on target field, operator selects a replica (if available) or primary pod.
Backup trigger
Operator sends POST /v1/backup to the instance manager on the target pod at internal/controller/backup/executor.go:26.
RDB/AOF generation
Instance manager executes:
- RDB: Triggers
BGSAVE or copies latest dump.rdb
- AOF: Packages AOF files into an archive
Upload to S3
Instance manager uploads the backup artifact to the configured S3 destination.
Status update
Operator updates RedisBackup status with:
backupPath - S3 key/pathbackupSize - Size in bytesartifactType - rdb or aof-archivecompletedAt - Completion timestamp
Best Practices
Backup Timing
- Schedule backups during low-traffic periods (e.g., 2-4 AM)
- Use
prefer-replica to avoid primary impact
- Avoid overlapping backup windows
Retention Strategy
- Production: 7+ daily backups, 4+ weekly backups, 12 monthly backups
- Staging: 3-7 daily backups
- Development: 1-3 daily backups
Disaster Recovery
- Store backups in a different region than the cluster
- Test restore procedures quarterly
- Document RPO (Recovery Point Objective) and RTO (Recovery Time Objective)
- Keep at least one off-cluster backup for catastrophic failures
S3 Bucket Configuration
{
"Rules": [
{
"Id": "ExpireOldBackups",
"Status": "Enabled",
"Expiration": {
"Days": 30
},
"Filter": {
"Prefix": "production/"
}
},
{
"Id": "TransitionToGlacier",
"Status": "Enabled",
"Transitions": [
{
"Days": 7,
"StorageClass": "GLACIER"
}
]
}
]
}
Enable S3 versioning and cross-region replication for production backups.
Troubleshooting
Backup Stuck in Pending
Cause: Cluster not in Healthy phase.
Solution: Check cluster status and resolve any issues:
kubectl get rediscluster my-cluster -o jsonpath='{.status.phase}'
kubectl describe rediscluster my-cluster
Backup Failed with S3 Error
Cause: Invalid credentials or bucket permissions.
Solution: Verify credentials and IAM policy:
kubectl get secret backup-credentials -o yaml
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::redis-backups/*",
"arn:aws:s3:::redis-backups"
]
}
]
}
Restore Not Working
Cause: Restore can only run on a new cluster, not existing clusters.
Solution: Delete the existing cluster first or create a new cluster with a different name:
kubectl delete rediscluster my-cluster
kubectl apply -f restore-cluster.yaml