Skip to main content
Velero is an open-source tool for backing up and restoring Kubernetes cluster resources and persistent volumes. It’s essential for disaster recovery and cluster migration.

Prerequisites

  • Running Kubernetes cluster
  • AWS account with S3 access
  • AWS CLI installed and configured

Installing Velero Client

1

Download Velero

wget https://github.com/vmware-tanzu/velero/releases/download/v1.13.0/velero-v1.13.0-linux-amd64.tar.gz
2

Extract Archive

tar -xvf velero-v1.13.0-linux-amd64.tar.gz
3

Install Binary

cp velero-v1.13.0-linux-amd64/velero /usr/local/bin
4

Verify Installation

velero --help

AWS Configuration

Install and Configure AWS CLI

# Download AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

# Configure credentials
aws configure

Create S3 Bucket

BUCKET=<YOUR_BUCKET>
REGION=<YOUR_REGION>

aws s3api create-bucket \
    --bucket $BUCKET \
    --region $REGION \
    --create-bucket-configuration LocationConstraint=$REGION
Ensure you remove “block public access” settings from the S3 bucket for Velero to function properly.

Setting Up IAM Permissions

1

Create IAM User

aws iam create-user --user-name velero
2

Create Policy Document

cat > velero-policy.json <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeVolumes",
                "ec2:DescribeSnapshots",
                "ec2:CreateTags",
                "ec2:CreateVolume",
                "ec2:CreateSnapshot",
                "ec2:DeleteSnapshot"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::${BUCKET}/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::${BUCKET}"
            ]
        }
    ]
}
EOF
3

Attach Policy to User

aws iam put-user-policy \
  --user-name velero \
  --policy-name velero \
  --policy-document file://velero-policy.json
4

Create Access Key

aws iam create-access-key --user-name velero
Save the access key ID and secret access key from the output.

Create Credentials File

cat > ~/credentials-velero <<EOF
[default]
aws_access_key_id=<AWS_ACCESS_KEY_ID>
aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>
EOF

Installing Velero Server

velero install \
    --provider aws \
    --plugins velero/velero-plugin-for-aws:v1.9.0 \
    --bucket $BUCKET \
    --backup-location-config region=$REGION \
    --snapshot-location-config region=$REGION \
    --secret-file ./credentials-velero

Verify Installation

# Check Velero resources
kubectl -n velero get all

# Check Velero logs
kubectl logs deployment/velero -n velero

Backup Examples

Namespace Backup

1

Create Test Namespace

kubectl create namespace prod
# Deploy some applications
2

Backup Namespace

velero backup create prod-backup --include-namespaces prod
3

Simulate Disaster

kubectl delete ns prod
kubectl get ns
4

Restore from Backup

velero restore create --from-backup prod-backup

Entire Cluster Backup

velero backup create <backup-name>

Label-Based Backup

Backup resources based on labels: 
velero backup create <backup-name> --selector <key>=<value>

Scheduled Backups

1

Create Backup Schedule

Create a daily backup at 5 AM using cron syntax:
velero schedule create morning-daily --schedule="0 5 * * *"
2

Trigger Manual Backup from Schedule

velero backup create --from-schedule morning-schedule
Scheduled backups use standard cron syntax:
  • 0 5 * * * - Every day at 5:00 AM
  • 0 */6 * * * - Every 6 hours
  • 0 0 * * 0 - Every Sunday at midnight

Managing Backups

List Backups

velero get backups

Describe Backup

velero backup describe <backup-name>
velero backup logs <backup-name>

Delete Backups

# Deletes the backup CR but keeps data in S3
kubectl delete backup <backupName> -n velero
Use velero backup delete to completely remove backups from both Kubernetes and object storage. Using kubectl delete only removes the Kubernetes resource.

Backup to Different Cluster

Velero supports backing up from one cluster and restoring to another:
  1. Install Velero on both clusters pointing to the same S3 bucket
  2. Take backup on source cluster
  3. Run restore on target cluster
# On target cluster
velero restore create --from-backup prod-backup

Uninstalling Velero

kubectl delete namespace/velero clusterrolebinding/velero
kubectl delete crds -l component=velero

Best Practices

  • Schedule regular backups for critical namespaces
  • Test restore procedures regularly
  • Monitor backup status and set up alerts
  • Use retention policies to manage storage costs
  • Keep Velero plugins updated
  • Document your backup and restore procedures
Velero backups are stored in S3, making them resilient to cluster failures. Always verify backups appear in your S3 bucket after creation.

Build docs developers (and LLMs) love

Get started for freeTalk to us