Automated backups with AWS S3
This page covers setting up scheduled full cluster backups using Velero with AWS S3 storage. For Ziti database-only snapshots that run automatically without any setup, see Backup overview.
Prerequisites
- A running Kubernetes cluster with NetFoundry Self-Hosted installed
- An AWS S3 bucket with IAM credentials (see S3/IAM prerequisites)
- Credentials saved to
./velero/s3-credentials-velero
Run the backup setup script
The included backup script handles Velero CLI installation, Velero deployment to the cluster, and scheduled backup creation:
./velero/velero_backup.sh
The script will:
- Check if the Velero CLI is installed, and install it if not.
- Verify AWS credentials are available (from the environment or the credentials file).
- Prompt for the S3 bucket name.
- Install the Velero plugin to the
veleronamespace if not already present. The install method differs based on your cluster type:- K3s: Uses filesystem-based backup with
--default-volumes-to-fs-backupand--use-node-agent. - Multi-node clusters (EKS, etc.): Uses CSI volume snapshots with
--features=EnableCSI.
- K3s: Uses filesystem-based backup with
- Prompt for the backup interval (in hours) and create scheduled backups for both the Ziti namespaces
(
ziti,cert-manager) and the support namespaces (support,beats), with a 7-day retention.
Verify backups
After setup, check that scheduled backups are configured:
velero schedule get
View completed backups:
velero backup get
Get details on a specific backup:
velero backup describe --details <backup-name>
Create an on-demand backup
To trigger a backup immediately outside the schedule:
velero backup create <backup-name> \
--include-namespaces ziti,cert-manager \
--include-cluster-resources \
--ttl 168h
To also back up the support stack:
velero backup create <backup-name>-support \
--include-namespaces support,beats \
--include-cluster-resources \
--ttl 168h