Kubernetes Backup Strategy: Velero, Snapshots, and Disaster Recovery

Install Velero with the appropriate storage provider plugin: `velero install --provider aws --bucket my-backups --secret-file ./credentials`. Velero stores backups in object storage (S3, GCS, Azure Blob) and uses volume snapshots for PersistentVolumes. Configure a default backup storage location and a volume snapshot location. Velero supports both file-system backups (using Kopia or Restic to copy PV data to object storage) and CSI volume snapshots (which create cloud-native disk snapshots). File-system backups work across any storage provider; CSI snapshots are faster but provider-specific.

Create scheduled backups with `velero schedule create daily-backup --schedule='0 2 * * *' --ttl 720h`. This runs a full cluster backup daily at 2 AM and retains backups for 30 days. For critical namespaces, create additional schedules with shorter intervals. Use `--include-namespaces` to back up specific namespaces and `--include-resources` to back up specific resource types. Exclude large, reproducible resources like cached data to reduce backup size and duration. Test restore procedures regularly: a backup you have never tested is not a backup.

Velero can restore backups to a different cluster, enabling disaster recovery. Set up a secondary cluster in another region with Velero configured to the same object storage bucket. To recover, run `velero restore create --from-backup daily-backup-20250307020000`. Velero recreates namespaces, deployments, services, configmaps, secrets, and PVCs. For PersistentVolumes, it restores from volume snapshots or file-system backups. Test this cross-cluster restore quarterly to ensure your DR plan actually works. Document the restore procedure and keep it accessible outside of the cluster.