LLMpediaThe first transparent, open encyclopedia generated by LLMs

Velero

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Harbor (software) Hop 4
Expansion Funnel Raw 116 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted116
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Velero
NameVelero
DeveloperHeptio / VMware / Community
Initial release2017
Repositorygithub.com/vmware-tanzu/velero
Programming languageGo
Operating systemCross-platform
LicenseApache License 2.0

Velero Velero is an open-source backup, recovery, and migration tool for Kubernetes clusters designed to protect cluster resources and persistent volumes. It enables administrators and platform engineers to perform scheduled backups, restores, and cluster migrations across cloud providers and on-premises environments. Velero integrates with a range of storage providers, orchestration tooling, and continuous delivery systems to support disaster recovery and data mobility.

Overview

Velero provides snapshotting, object storage, and metadata capture for Kubernetes resources such as Pod, Deployment, StatefulSet, DaemonSet, ConfigMap, and Secret. It interfaces with object stores like Amazon S3, Google Cloud Storage, and Microsoft Azure Blob Storage to persist backups. Velero supports volume snapshotting through cloud provider snapshot APIs such as Amazon EBS, Google Persistent Disk, and Azure Managed Disks, and can coordinate with CSI drivers including CSI (Container Storage Interface). The project originated in the cloud-native ecosystem, aligning with tools like kubectl, Helm, Prometheus, Grafana, Istio, Envoy, Fluentd, Argo CD, Flux, Linkerd, Calico, Cilium, CoreDNS, etcd, Kube-State-Metrics, Kubernetes Operators, Knative, OpenShift, Rancher, GKE, EKS, and AKS.

History

Velero was initially developed at Heptio and introduced at community events alongside initiatives by Cloud Native Computing Foundation. Following the acquisition of Heptio by VMware, Velero continued development within VMware's Tanzu portfolio before evolving into a community-driven project hosted on GitHub. The roadmap and contributions have been shaped through collaborations with maintainers and contributors from organizations such as AWS, Google, Microsoft, Red Hat, Cisco, IBM, Pure Storage, NetApp, and independent contributors from CNCF-aligned companies. Velero releases have tracked advances in Kubernetes API versions, CSI (Container Storage Interface), and cloud provider snapshot capabilities, with notable enhancements synchronized with releases of Kubernetes 1.12, Kubernetes 1.14, and later LTS versions.

Architecture and Features

Velero's architecture consists of a server component running inside a Kubernetes cluster and a command-line client that interacts with cluster APIs and object storage. Core components include a controller, restic integration for filesystem-level backups, and a plugin system for cloud providers and storage backends. Features include scheduled backups, on-demand snapshots, point-in-time restores, selective resource restore, namespace mapping, label-based filtering, and support for CustomResourceDefinitions and AdmissionController-created resources. Velero integrates with snapshot capabilities of Amazon EBS Snapshots, Google Compute Engine Snapshots, and Azure Snapshot services, and leverages tools like Restic, Rook, Longhorn, OpenEBS, Velero Plugin for AWS, Velero Plugin for GCP, and Velero Plugin for Azure. It also supports hooks for pre- and post-backup/restore actions enabling workflows with Kustomize, Helmfile, Kubectl, Ansible, Terraform, Packer, Jenkins, GitLab CI/CD, CircleCI, Spinnaker, and Argo Workflows.

Installation and Deployment

Velero can be installed via its CLI, Helm charts, or manifest manifests applied with kubectl. Operators and platform teams often deploy Velero in conjunction with cluster lifecycle tools like kubeadm, kops, Kind, Minikube, OpenShift Installer, RKE, and cloud-managed services GKE, EKS, and AKS. Credentials for object storage and snapshot APIs are typically provisioned using Kubernetes Secrets and ServiceAccounts with role bindings such as RBAC to grant needed permissions. Deployment patterns include single-cluster backup, cross-cluster migration using federation approaches like Kubernetes Federation, and multi-tenant setups integrating with Open Policy Agent and Gatekeeper for policy enforcement. Backup storage lifecycle may be managed with object lifecycle rules in Amazon S3 Lifecycle, GCS Object Lifecycle Management, or Azure Blob Lifecycle Management.

Use Cases and Workflow

Common use cases include disaster recovery planning for Kubernetes workloads, cluster migration between cloud providers or regions, developer sandbox cloning, and compliance-driven retention of application state. Typical workflows begin with defining backup schedules and backup storage locations, tagging resources via Labels and Annotations, executing on-demand backups, and restoring resources with namespace mapping or selective resource inclusion. Integration scenarios include pairing Velero with Prometheus alerting for backup failures, using Grafana dashboards for backup metrics, and automating restores via Argo CD or Flux pipelines. Operators rely on Velero for restoring etcd-backed cluster resources and persistent data used by applications such as PostgreSQL, MySQL, MongoDB, Cassandra, Elasticsearch, Redis, and Kafka when orchestrated on Kubernetes.

Security and Compliance

Velero uses credential management patterns common to Kubernetes, employing Secrets and service accounts with least-privilege role bindings via RBAC. Encryption at rest is achieved by configuring object storage server-side encryption like Amazon S3 SSE, GCP CMEK, or Azure Storage Service Encryption and by enabling client-side encryption for additional assurance. Auditability is supported by emitting events compatible with Kubernetes Audit logs and by storing immutable backup artifacts in write-once object buckets integrated with IAM policies from AWS IAM, Google Cloud IAM, and Azure RBAC. Compliance workflows often map to standards maintained by ISO, SOC 2, HIPAA, and GDPR through retention policies and access controls at the cloud provider and infrastructure-as-code level.

Community and Development

Velero is developed as a community project on GitHub with contributions coordinated through issues, pull requests, and SIG-like working groups involving organizations such as VMware, AWS, Google, Microsoft, Red Hat, NetApp, and Heptio alumni. Roadmap discussions take place in community forums, mailing lists, and during conferences like KubeCon, CloudNativeCon, Velocity, and DevOpsDays. Ecosystem integrations and third-party plugins are maintained by vendors and the community, and the project publishes release notes and migration guides aligned with Kubernetes release cycles.

Category:Backup software