Quick Start¶

This guide walks you through creating your first volume backup using an S3-compatible repository. By the end, you will have a scheduled daily backup running as a Kubernetes CronJob.

Prerequisites¶

The backup operator is installed and running
An S3-compatible storage bucket (AWS S3, MinIO, Ceph, etc.)
S3 access credentials and a Restic repository password
A PersistentVolumeClaim you want to back up

Step 1: Create a Credentials Secret¶

apiVersion: v1
kind: Secret
metadata:
  name: backup-credentials
  namespace: default
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: "your-access-key-id"
  AWS_SECRET_ACCESS_KEY: "your-secret-access-key"
  RESTIC_PASSWORD: "your-restic-repository-password"

kubectl apply -f secret.yaml

The RESTIC_PASSWORD is used to encrypt your backup repository. Store it safely -- you cannot restore without it.

Step 2: Create a VolumeBackup¶

apiVersion: backups.k8s.bnerd.com/v1
kind: VolumeBackup
metadata:
  name: my-first-backup
  namespace: default
spec:
  volumeClaimRef:
    name: my-data-pvc

  schedule: "0 3 * * *"

  repository:
    type: s3
    url: s3:s3.amazonaws.com/my-backup-bucket/my-data
    secretRef:
      name: backup-credentials

  retention:
    keepLast: 15
    keepDaily: 7
    keepWeekly: 4
    keepMonthly: 6

kubectl apply -f volumebackup.yaml

Step 3: Verify the CronJob¶

The operator creates a CronJob that triggers at the configured schedule:

kubectl get cronjob

NAME              SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
my-first-backup   0 3 * * *    False     0        <none>          10s

Step 4: Trigger a Manual Backup¶

Instead of waiting for the next scheduled run, trigger one immediately:

kubectl create job --from=cronjob/my-first-backup manual-test

Step 5: Check the Job¶

kubectl get jobs -l volume-backup-name=my-first-backup

Watch the logs to see Restic in action:

kubectl logs job/manual-test -f

A successful backup log ends with a summary showing the snapshot ID, files processed, and data added.

Step 6: Verify Status¶

kubectl get volumebackup my-first-backup

NAME              VOLUME        REPOSITORY                                    SCHEDULE      LAST BACKUP            PHASE
my-first-backup   my-data-pvc   s3:s3.amazonaws.com/my-backup-bucket/my-data  0 3 * * *     2025-03-15T03:00:00Z   Succeeded

What Happens Under the Hood¶

The operator detects the new VolumeBackup resource
It creates a cache PVC (my-first-backup-cache, 5Gi by default) for faster incremental backups
It creates a CronJob that runs on the configured schedule
Each CronJob run mounts the source PVC and the cache PVC, then executes:
- restic init (only on first run, initialises the repository)
- restic backup (backs up the configured paths)
- restic forget --prune (applies retention policy)
The operator reconciles every 5 minutes, updating status and metrics

Next Steps¶

Enable integrity checks to verify your repository regularly
Enable restore testing for automated recovery validation
Set up monitoring with Prometheus alerts and a Grafana dashboard
Restore data from a backup snapshot
Explore other backends: GCS, Azure, OpenStack Snapshots