This guide provides a practical, production-oriented walkthrough of installing, configuring, and troubleshooting Velero for backing up a K3s cluster. It focuses on reliability and reproducibility rather than theory.
1. Overview
Velero is an open-source tool designed to:
- Back up Kubernetes resources (Deployments, Services, CRDs, etc.)
- Optionally back up persistent volumes
- Restore workloads to the same or a different cluster
In K3s environments, Velero is commonly used for:
- Disaster recovery
- Cluster migration
- CI/CD environment replication
2. Installing Velero CLI on Linux
2.1 Download
You already identified the correct approach. Use:
curl -L https://github.com/velero-io/velero/releases/download/v1.18.0/velero-v1.18.0-linux-amd64.tar.gz | tar xz
This downloads and extracts:
velero-v1.18.0-linux-amd64/
2.2 Install binary system-wide
cd velero-v1.18.0-linux-amd64
sudo mv velero /usr/local/bin/
2.3 Verify installation
velero version
Expected output:
Client:
Version: v1.18.0
At this stage, the server part is not yet installed — that comes next.
3. Preparing Storage Backend
Velero requires object storage (S3-compatible).
Supported options:
- AWS S3
- MinIO (recommended for on-prem)
- Hetzner Object Storage
- Azure Blob / GCP
3.1 Create credentials file
Example:
cat <<EOF > credentials-velero
[default]
aws_access_key_id=<ACCESS_KEY>
aws_secret_access_key=<SECRET_KEY>
EOF
4. Installing Velero in K3s
Velero runs inside the cluster as a controller.
4.1 Installation command
Example (S3-compatible storage):
velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.8.0 \
--bucket velero \
--secret-file ./credentials-velero \
--use-volume-snapshots=false \
--backup-location-config \
region=hel1,s3ForcePathStyle="true",s3Url=https://<OBJECT_STORAGE_ENDPOINT>:<PORT-IF-NEEDED>
Key parameters explained
--provider aws
Required even for S3-compatible systems--plugins
Enables S3 integration--bucket
Must already exist in storageregion=minio
Required (even if not AWS) - any region will works3ForcePathStyle="true"
Required for most non-AWS providerss3Url
Must be reachable from inside the cluster
4.2 Verify installation
kubectl get pods -n velero
Expected:
velero-xxxxx Running
4.3 Validate storage
velero backup-location get
Expected:
PHASE: Available
This is the most important health indicator.
5. Creating Backups
5.1 Full cluster backup
velero backup create full-backup
5.2 Check status
velero backup get
Expected:
STATUS: Completed
5.3 Detailed inspection
velero backup describe full-backup --details
6. Restoring from Backup
velero restore create --from-backup full-backup
This will:
- recreate resources
- restore metadata
- optionally restore volumes (if configured)
7. Automating Backups
Example: daily backup at 02:00
velero schedule create daily-backup \
--schedule="0 2 * * *"
8. Persistent Volume Backups (Important)
By default (as in your setup):
--use-volume-snapshots=false
This means:
- Kubernetes objects are backed up
- Persistent data is NOT
Options:
Option A — CSI snapshots (preferred)
Requires storage support
Option B — Node-agent (Restic)
--use-node-agent
Without this, your backups are incomplete for stateful workloads.
9. Troubleshooting
9.1 CLI works but server not found
Error:
no matches for velero.io/v1
Cause:
- Velero not installed in cluster
Fix:
- run
velero install
9.2 Backup fails with FailedValidation
Common causes:
- missing region
- invalid storage config
- bucket not reachable
Fix:
Ensure:
region: minio
9.3 MissingRegion error
MissingRegion: could not find region configuration
Fix:
Add:
region=minio
9.4 Storage unavailable
BackupStorageLocation is in unavailable state
Check:
velero backup-location get
If not Available, verify:
- endpoint URL (must be reachable from cluster)
- credentials
- bucket existence
9.5 Connection timeout
dial tcp ... i/o timeout
Cause:
- cluster cannot reach storage
Fix:
- verify network access from pod:
kubectl run test --rm -it --image=busybox -- sh
wget -O- https://<endpoint>
9.6 Incorrect protocol (HTTP vs HTTPS)
Many providers require HTTPS.
Incorrect:
http://...
Correct:
https://...
9.7 Plugin process exited (not an error)
plugin process exited
This is normal behavior:
- plugin runs per request
- exits after execution
No action required.
9.8 Inconsistent logs (0/0/1 state)
available/unavailable/unknown: 0/0/1
Occurs during startup.
Ignore if:
velero backup-location get
shows:
Available
10. Recovery Strategy for K3s
To restore a cluster on a new server:
- Install K3s
- Install Velero
- Configure same storage
- Run:
velero restore create --from-backup <backup-name>
This reconstructs:
- workloads
- configs
- namespaces
11. Best Practices
- Always verify backups with test restores
- Use external object storage (not same node)
- Automate backups (schedules)
- Enable volume backup for production workloads
- Version control your Velero installation config
Top comments (0)