Skip to main content
K8sCalc

kubernetes

Velero Backup Schedule Generator

Generate Velero BackupStorageLocation and Schedule CRDs for automated Kubernetes cluster backups to S3, GCS, Hetzner Object Storage, or MinIO.

Velero: Kubernetes Backup and Restore

Velero is the standard open-source tool for Kubernetes backup, restore, and cluster migration.

Architecture

Cluster → Velero controller → Object storage (S3/GCS/Azure)
              ↓
         CSI snapshots or Restic/Kopia for PV data

Install Velero

bash
# With Hetzner Object Storage (S3-compatible)
velero install \
  --provider aws \
  --plugins velero/velero-plugin-for-aws:latest \
  --bucket my-k8s-backups \
  --backup-location-config region=eu-central-1,s3Url=https://s3.eu-central-1.amazonaws.com \
  --secret-file ./credentials-velero \
  --use-node-agent  # enables Restic for PV backup

Manual Backup

bash
velero backup create manual-$(date +%Y%m%d) --include-namespaces production
velero backup describe manual-20260529

Restore to a New Cluster

bash
# Install Velero on new cluster pointing to same backup bucket
velero restore create --from-backup daily-backup-20260529

Key Terms

Full glossary →

kubeadm

A tool for bootstrapping Kubernetes clusters. It automates the setup of control plane components and joining worker nodes, following Kubernetes best practices.

etcd

A distributed key-value store used by Kubernetes to store all cluster state and configuration. etcd is the single source of truth for the entire cluster.

cert-manager

A Kubernetes controller for automating TLS certificate management. cert-manager can issue certificates from Let's Encrypt, Vault, or internal CAs, and automatically renews them.

Helm

A package manager for Kubernetes. Helm charts bundle Kubernetes manifests into reusable packages with configurable values, versioned and published to chart repositories.

Frequently Asked Questions

What does Velero back up?

Velero backs up Kubernetes API objects (Deployments, Services, ConfigMaps, Secrets, PVCs, etc.) as JSON exported from the API server. It also backs up persistent volume data using either CSI snapshots or Restic/Kopia file-level backup. etcd backups and Velero backups are complementary — Velero is easier to use for application-level restore, etcd backups are for full cluster recovery.

How is Velero different from etcd backup?

etcd backup is a binary snapshot of the entire cluster state — useful for full cluster disaster recovery but opaque to inspect. Velero backs up at the API object level — you can restore individual namespaces, specific resources, or entire clusters. Velero also handles PV data. Use both: daily etcd backups for full DR, Velero for application-level restores.

How do I restore from a Velero backup?

velero restore create --from-backup <backup-name>. To restore a specific namespace: velero restore create --from-backup <backup-name> --include-namespaces production. To restore a specific resource: velero restore create --from-backup <backup-name> --include-resources deployments. List available backups: velero backup get.

Does Velero back up Secrets and encrypted data?

Yes — Velero exports Secrets as Kubernetes API objects. If you have encryption at rest enabled, Secrets are decrypted by the API server before Velero exports them. The backup in S3 will contain plain Secret data. Secure your backup bucket with appropriate IAM policies and consider server-side encryption on the S3 bucket itself.

Related Guides

kubernetes

CI/CD for Kubernetes with GitHub Actions: A Complete Guide (2026)

A practical walkthrough of building a full GitHub Actions pipeline that builds a container image, pushes it to a registry, and deploys to Kubernetes — with secrets handling, rollback, and Helm support.

kubernetes

ArgoCD vs Flux: Choosing a GitOps Tool for Kubernetes in 2026

A no-fluff comparison of ArgoCD and Flux for GitOps on Kubernetes — covering architecture, UI, Helm support, multi-tenancy, and when to pick each one.

kubernetes

Hetzner vs DigitalOcean for Kubernetes in 2026: An Honest Comparison

Hetzner is 3–5× cheaper than DigitalOcean for equivalent Kubernetes compute. But DO has managed K8s, better global coverage, and a larger app marketplace. Here's when each is the right choice.