Velero Kubernetes Backup and Disaster Recovery Cheat Sheet

Updated 2026-05-22

Velero is an open-source tool maintained under the VMware Tanzu umbrella that lets you safely back up, restore, and migrate Kubernetes cluster resources and persistent volumes to and from object storage. It matters because stateful Kubernetes workloads need point-in-time recovery, cluster migration paths, and disaster recovery runbooks — gaps that no native Kubernetes primitive fills. The key mental model: Velero treats object storage as the source of truth and continuously syncs backup CRDs from storage back into the cluster, which is what makes cross-cluster and cross-cloud restore patterns work.

What This Cheat Sheet Covers

This topic spans 19 focused tables and 152 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Velero Architecture — Core ComponentsTable 2: Velero CRDs (Custom Resource Definitions)Table 3: BackupStorageLocation and VolumeSnapshotLocation ConfigurationTable 4: Backup Operations — CLI and Spec ReferenceTable 5: Scheduled Backups and Retention PoliciesTable 6: Resource FilteringTable 7: Volume Backup Methods — Snapshots vs. File System BackupTable 8: Backup Hooks — Pre and Post CommandsTable 9: Restore Hooks — Init Container and ExecTable 10: Restore Operations — CLI and BehaviorTable 11: Cloud Provider PluginsTable 12: Cross-Cluster and Cross-Cloud Migration PatternsTable 13: Disaster Recovery WorkflowTable 14: RPO and RTO Planning with Velero SchedulesTable 15: Encryption and SecurityTable 16: Observability — CLI and Prometheus MetricsTable 17: Common Pitfalls and TroubleshootingTable 18: Multi-Tenant Backup StrategiesTable 19: Velero vs. Alternative Kubernetes Backup Tools

Table 1: Velero Architecture — Core Components

Velero runs in-cluster as a Deployment plus an optional DaemonSet, both working together with a set of Custom Resource Definitions that represent every backup and restore operation as Kubernetes objects.

Component	Example	Description
Velero server (Deployment)	`kubectl get deploy velero -n velero`	• The central control-plane pod • hosts all backup/restore controllers, watches for CRD events, and orchestrates operations
Node Agent (DaemonSet)	`velero install --use-node-agent`	• Runs one pod per node • handles File System Backup (Kopia-based) and CSI Snapshot Data Movement via `PodVolumeBackup`/`PodVolumeRestore` controllers
BackupController	Watches `Backup` CRDs, triggers API queries	Controller loop that validates `Backup` objects, queries the API server for matching resources, and uploads the tarball to object storage.
RestoreController	Watches `Restore` CRDs, applies resources	Fetches the backup tarball from object storage, pre-processes resources, and applies them to the target cluster one by one in dependency order.

Table 1: Velero Architecture — Core Components

Component	Example	Description
Velero server (Deployment)	`kubectl get deploy velero -n velero`	• The central control-plane pod • hosts all backup/restore controllers, watches for CRD events, and orchestrates operations
Node Agent (DaemonSet)	`velero install --use-node-agent`	• Runs one pod per node • handles File System Backup (Kopia-based) and CSI Snapshot Data Movement via `PodVolumeBackup`/`PodVolumeRestore` controllers
BackupController	Watches `Backup` CRDs, triggers API queries	Controller loop that validates `Backup` objects, queries the API server for matching resources, and uploads the tarball to object storage.
RestoreController	Watches `Restore` CRDs, applies resources	Fetches the backup tarball from object storage, pre-processes resources, and applies them to the target cluster one by one in dependency order.