Skip to content

S3Backup

s3backups.backups.k8s.bnerd.com/v1

Scheduled backup of S3-compatible buckets to a Restic repository. Mounts the source bucket via rclone FUSE and runs Restic against the mounted filesystem.

Short name: s3bkp

Spec

spec.source (required)

Field Type Required Default Description
endpoint string Yes -- S3 endpoint URL (e.g., https://s3.eu-central-1.amazonaws.com)
bucket string Yes -- Source bucket name
prefix string No -- Only back up objects under this prefix
region string No -- AWS region for the source bucket
usePathStyle boolean No true Use path-style URLs (required for Ceph, MinIO)
noCheckBucket boolean No false Skip bucket existence check on mount
secretRef.name string Yes -- Secret with AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

spec.schedule

Type Default Description
string "0 3 * * *" Cron schedule for backup

spec.repository (required)

Field Type Required Description
type string Yes s3, gcs, azure, local, sftp, rest
url string Yes Repository URL
secretRef.name string Yes Secret with repository credentials + RESTIC_PASSWORD
secretRef.namespace string No Secret namespace

spec.host

Type Default Description
string {namespace}-{bucket} Restic host tag

spec.exclude

Type Description
string[] Patterns to exclude from backup

spec.retention

Field Type Default Validation Description
keepLast integer 15 min: 1 Keep the N most recent snapshots
keepDaily integer 7 min: 0 Keep daily snapshots for N days
keepWeekly integer 4 min: 0 Keep weekly snapshots for N weeks
keepMonthly integer 6 min: 0 Keep monthly snapshots for N months

spec.cache

Field Type Default Description
enabled boolean true Enable persistent cache PVC
size string "5Gi" Cache volume size
storageClass string -- Storage class
accessMode string "ReadWriteOnce" PVC access mode

spec.resources

Field Type Default
requests.memory string "256Mi"
requests.cpu string "200m"
limits.memory string "1Gi"
limits.cpu string "1000m"

spec.image

Field Type Default
repository string "registry.bnerd.com/public/restic"
tag string "0.18.1"
pullPolicy string "Always"

spec.suspended

Type Default Description
boolean false Suspend all CronJobs

spec.check

Field Type Default Description
enabled boolean false Enable periodic integrity checks
schedule string "0 4 * * *" Cron schedule
readDataSubset string "10%" Data subset to verify
resources object -- Resource requests/limits (same structure as spec.resources)

spec.restoreTest

Field Type Default Description
enabled boolean false Enable periodic restore testing
schedule string "0 5 * * *" Cron schedule
storage.type string "emptyDir" emptyDir or pvc
storage.size string "5Gi" Size
storage.storageClass string -- Storage class (only for pvc)
fileCount integer 50 Random files to test (1--500)
verifyChecksums boolean true Verify SHA-256 checksums
resources object -- Resource requests/limits

spec.webhooks

Field Type Description
success string URL to POST on success
failure string URL to POST on failure

spec.nodeSelector, spec.tolerations, spec.affinity

Same as VolumeBackup.

spec.jobConfig

Field Type Default Validation Description
keepSuccessfulJobs integer 3 0--10 Successful Jobs to retain
keepFailedJobs integer 3 0--10 Failed Jobs to retain

Status

Field Type Description
phase string Pending, Running, Succeeded, Failed
lastBackup date-time Timestamp of last backup
lastSnapshot string Last Restic snapshot ID
message string Status message
conditions[] array Status conditions (same structure as VolumeBackup)

Printer Columns

kubectl get s3backup displays:

Column Source
Bucket spec.source.bucket
Repository spec.repository.url
Schedule spec.schedule
Last Backup status.lastBackup
Phase status.phase
Age metadata.creationTimestamp