storage

Longhorn S3 Backup Config Generator

Generate Longhorn S3 backup configuration: credentials Secret, BackupTarget settings, StorageClass, and RecurringJob YAML. Works with Hetzner Object Storage, AWS S3, and any S3-compatible endpoint.

Generator

Inputs

S3 Endpoint URL

Hetzner Object Storage: https://s3.eu-central-1.amazonaws.com — or your MinIO endpoint.

S3 Bucket Name

S3 Region

Hetzner Object Storage region: eu-central-1. AWS: your bucket region.

Backup Schedule (cron)

Cron schedule for recurring backups. Default: daily at 2am UTC.

Volume Replica Count

Output — longhorn-s3-backup.yaml

# Generated by K8sCalc — longhorn-s3-backup-config-generator
#
# STEP 1 — Create the S3 credentials secret
# Replace YOUR_ACCESS_KEY_ID and YOUR_SECRET_ACCESS_KEY with real values.
# Apply with: kubectl apply -f longhorn-s3-secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: longhorn-s3-secret
  namespace: longhorn-system
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: "YOUR_ACCESS_KEY_ID"
  AWS_SECRET_ACCESS_KEY: "YOUR_SECRET_ACCESS_KEY"
  AWS_ENDPOINTS: "https://s3.eu-central-1.amazonaws.com"
  AWS_CERT: ""
---
# STEP 2 — Configure Longhorn backup target via Helm values or UI
# In Longhorn UI: Settings → Backup Target
#   Backup Target:             s3://my-longhorn-backups@eu-central-1/
#   Backup Target Credential Secret: longhorn-system/longhorn-s3-secret
#
# Or patch via kubectl:
# kubectl -n longhorn-system patch settings.longhorn.io backup-target \
#   --type=merge -p '{"spec":{"value":"s3://my-longhorn-backups@eu-central-1/"}}'
#
# kubectl -n longhorn-system patch settings.longhorn.io backup-target-credential-secret \
#   --type=merge -p '{"spec":{"value":"longhorn-s3-secret"}}'
---
# STEP 3 — Default StorageClass with 3 replicas and recurring backup
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: longhorn-s3-backed
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
provisioner: driver.longhorn.io
allowVolumeExpansion: true
reclaimPolicy: Retain
parameters:
  numberOfReplicas: "3"
  staleReplicaTimeout: "2880"
  fromBackup: ""
  recurringJobSelector: '[{"name":"backup","isGroup":true}]'
---
# STEP 4 — Recurring backup job (runs on schedule: 0 2 * * *)
apiVersion: longhorn.io/v1beta2
kind: RecurringJob
metadata:
  name: backup
  namespace: longhorn-system
spec:
  cron: "0 2 * * *"
  task: backup
  groups:
    - default
  retain: 14
  concurrency: 1
  labels: {}

Longhorn S3 Backup Architecture

Longhorn provides two levels of data protection: local snapshots (on-disk) and remote backups (S3). For true disaster recovery — surviving a full cluster loss — you need remote S3 backups.

Backup vs Snapshot

	Snapshot	Backup
Storage location	Same disk as volume	S3 (remote)
Survives node failure	Partially (with replicas)	Yes
Survives cluster loss	No	Yes
Speed	Fast	Slower (upload)
Use case	Quick recovery, dev	Disaster recovery

Backup Process

1.Longhorn takes a volume snapshot
2.Computes incremental diff since last backup
3.Compresses and uploads delta blocks to S3
4.Updates backup metadata

The incremental nature means backups after the first are small — only changed blocks are uploaded.

Hetzner Object Storage Setup

1.Create bucket: Hetzner Console → Object Storage → Create Bucket
2.Generate credentials: Object Storage → Access Keys → Add Key
3.Use endpoint: https://s3.eu-central-1.amazonaws.com
4.Region: eu-central-1

Hetzner S3 costs €0.0119/GB/month — a 100 GB backup costs ~€1.19/month.

RecurringJob Groups

Longhorn uses RecurringJob groups to apply backup schedules to volumes. When you create a StorageClass with recurringJobSelector: '[{"name":"backup","isGroup":true}]', all volumes created from that StorageClass automatically inherit the backup schedule.

Frequently Asked Questions

Does Longhorn support Hetzner Object Storage as a backup target?

Yes. Hetzner Object Storage is S3-compatible. Use the endpoint https://s3.eu-central-1.amazonaws.com with region eu-central-1. Create the bucket in the Hetzner Console and generate an access key under Object Storage → Access Keys.

What is a RecurringJob in Longhorn?

A RecurringJob is a Longhorn CRD that defines scheduled snapshot or backup operations. The 'backup' task takes a snapshot and uploads it to the configured S3 target. The 'snapshot' task only takes a local snapshot without uploading. For disaster recovery, always use 'backup' to push to S3.

How do I restore a Longhorn volume from S3 backup?

In Longhorn UI: Backup → select your backup → Restore. You can restore to a new PVC or directly replace an existing volume. For full cluster disaster recovery, restore etcd first (the cluster state), then restore Longhorn volumes.

Is the access key stored securely in the generated YAML?

The generated YAML uses placeholder values (YOUR_ACCESS_KEY_ID). Replace these before applying. In production, use an external secrets manager (Vault, Sealed Secrets) to inject the secret, rather than storing credentials in plain YAML files or Git.

Related Calculators

Longhorn Storage etcd Backup Size