Velero

Website
Docs
- Custom resource and controllers
Helmchart
Docker hub image
Supported providers
Volume snapshots possible
No native encryption at rest
3rd party controllers
- velero-volume-controller
  - detects and adds relevant backup annotation to pods with volumes
  - Last commit 2022
- velero-pvc-watcher
  - detects PVCs with no restic backup and exposes a prometheus metric
  - Last commit 2021

Needs object store provider for backup

Limitations

hostPath volumes are not supported, but the local-path volume type is supported.
Volumes that are mounted with subPath are still backed up as a whole, not only the subPath

Install

Installation options

Arch: pamac install velero-bin

Usage

Stackspin velero docs

Important: A root-level backup bucket needs to exist. Create a bucket:

mc mb varac/velero

Manual backup - Warning: always include --from-schedule <SCHEDULE>, in order to apply the configured esource-policy:

velero create backup --from-schedule daily-backup

List backups:

velero get backups
kubectl get -A backups.velero.io

Details of backup:

velero backup describe --details manual-test1
velero backup logs velero-daily-20240924153213

Get name of last backup:

velero get backup | grep -v '^NAME' | head -1 | cut -d' ' -f 1

List backupstoragelocations:

kubectl get -A backupstoragelocations.velero.io
velero get backup-locations

List backuprepositories:

k get -A backuprepositories.velero.io
velero repo get

List podvolumebackups:

kubectl get -A podvolumebackups.velero.io

List podVolumes in backup set:

velero backup describe --details -o json manual3 | jq .status.backupVolumes.podVolumeBackups.podVolumeBackupsDetails

Troubleshooting

See WARNINGS tab in list:

velero get backup

Show warnings/errors of particular backup:

velero backup logs velero-daily-20250613153248 |grep -v "level=info"

List backups with warnings:

velero get backup -o json | jq '.items[] | select (.status.warnings != null ) | .metadata.name' | sort

List all backup warnings:

velero get backup -o json | jq -r '.items[] | select (.status.warnings != null ) | .metadata.name' | sort | \
  xargs -n 1 velero backup logs | grep -v 'level=info'

Show pod names with warnings:

velero get backup -o json | jq -r '.items[] | select (.status.warnings != null ) | .metadata.name' | sort | \
  xargs -n 1 velero backup logs | grep 'level=warning' | \
  tr ' ' '\n' | grep '^name=.*,$'

Show velero controller warnings/erros:

kubectl -n velero logs velero-5c4589f99d-srjrx -c velero | grep -v 'level=info'

Delete backups

Docs: Deleting Backups

Issues
- Implement backups.velero.ioabort running backup job

Delete the backup custom resource only and will not delete any associated data from object/block storage:

kubectl delete backups.velero.io <backupName> -n <veleroNamespace>

Delete the backup resource including all data in object/block storage:

velero backup delete <backupName>

Delete whole backuprepository:

kubectl -n velero delete backuprepositories.velero.io/monitoring-default-restic-tqx9l

File System Backup

Docs: File System Backup
local-path-provisioner lacks VolumeSnapshot support
Re-evaluate velero as backup solution
hostPath volumes are not supported. Local persistent volumes are supported.

Restic/Kopia repository password:

No way to override restic password: Enable users to set restic repo passwords
Support changing existing backup repository password

Solution:

Create repo password secret before installing velero

Monitoring

Velero comes with a native metrics exporter
Official Kubernetes/Tanzu/Velero dashboard
Obsolete: prometheus-velero-exporter
- Related Grafana dashboard: Velero Exporter Overview
Example Prometheus Rule to monitor Velero seems bad