Backup Management

Path: /backup

Unexpected failures or data loss can occur at any time during service operation. The [Backup Management] page allows you to easily manage backups and recovery for Velero, Control Plane, and Docker/Podman containers, enabling quick system recovery in case of emergencies.

Permission Notice

If you cannot access this page, please request permission from your organization administrator.

---

Why Do You Need Backups?

Backups protect your services in the following situations:

• System Failure Recovery: Quickly restore to a previous state after server failures, disk corruption, etc.
• Undo Incorrect Changes: Recover accidentally deleted configurations or data
• Migration Support: Transfer data when moving to a new environment.
• Audit and Compliance: Preserve system state at specific points in time to meet audit requirements.

The Golden Rule of Backups

Follow the 3-2-1 rule: Keep at least 3 backup copies on 2 different types of media, with 1 stored at a remote location. KIOPS's external storage integration makes this easy.

---

Supported Backup Types

KIOPS supports backups for various runtime environments:

• Velero Backup: Targets Kubernetes clusters. Stores workloads (Deployments, Services, etc.) and PV data to external object storage. Used for fine-grained namespace- and resource-level backup and restore.
• Control Plane Backup: Targets Kubernetes master nodes. Backs up etcd snapshots and PKI certificates (/etc/kubernetes/pki) as a single bundle to object storage. Used for cluster-level DR (Disaster Recovery) requiring full cluster reconstruction.
• Docker Backup: Targets Docker hosts. Backs up containers, volumes, and images. Used for protecting Docker-based services.
• Podman Backup: Targets Podman hosts. Backs up containers, volumes, and images. Used for protecting Podman-based services.

Velero vs Control Plane Backup

These two K8s backup types protect different targets. Velero protects application workloads and persistent volume data, while Control Plane Backup protects the cluster itself (etcd state + PKI certificates). For complete DR coverage, it is recommended to operate both.

---

Exploring the UI Layout

The Backup Management page consists of three tabs:

• Backup List: Backup management. Create, view, delete backups, and execute restores.
• Storage Management: Connect and manage external storage (S3, Object Storage). (Shown when you have storage view permission.)
• Recovery History: Recovery records. View past restore operation results.

The setup wizard and statistics are not separate tabs — they are provided through the installation status area (Start Setup Wizard button) at the top of the page and the header statistics cards.

Information Available in the Backup List

Each backup item displays the following information:

• Name: Unique name identifying the backup.
• Type: Velero, Control Plane, Docker, or Podman.
• File Size: Size of the backup file.
• Creation Time: Date and time when the backup was created.
• Status: Success, Failed, or In Progress.
• Storage: Displays the name and endpoint URL of the external storage where the backup is stored. Shows - when no external storage is used.

For each backup, you can perform Restore, Delete, and Download actions.

---

Getting Started: Backup Setup Wizard

If this is your first time using the backup feature, the setup wizard will guide you step by step.

How to Run the Setup Wizard

1. Navigate to the [Backup Management] page from the left menu.
2. The setup wizard appears automatically on first access.
   • If you've already completed setup, click the Start Setup Wizard button in the installation status area at the top of the page.
3. Select Backup Target: Choose the environment to back up.
   • For Kubernetes environments, select Velero or Control Plane Backup
   • For Docker/Podman environments, select the corresponding option.
4. Configure Storage: Choose where to store backup files.

• Local: Store on server disk. Advantages: Fast backup/restore speed. Considerations: Risk of backup loss if server fails.
• Object Storage: On-premises S3-compatible storage. KIOPS supports auto-installation, and it can be used within your local network.
• S3: AWS S3 or compatible storage. Advantages: High durability, remote storage. Considerations: Requires network bandwidth.

5. Schedule Settings (optional): Set up automatic backup frequency.
6. Click Finish to complete the setup.

Recommended Settings

For production environments, we recommend setting up external storage + automatic scheduling together. Even if there's a problem with the local server, you can recover backups from the remote storage.

---

Creating a Control Plane Backup

Control Plane Backup stores the etcd snapshot and PKI certificates from a Kubernetes master node as a single bundle in object storage. Use this for DR scenarios requiring full cluster reconstruction.

Step-by-Step Guide

1. Select the Backup List tab on the Backup Management page.
2. Click the Create Backup button, then select Control Plane as the backup type. (K8s backups let you choose between Velero / Control Plane.)
3. In the backup creation modal, enter the following information:

• Select Infrastructure: Select the Kubernetes cluster to back up. Master node information is loaded automatically.
• Backup Name: Enter an easy-to-identify name. Default: cp-YYYYMMDD-HHmmss
• Master Node SSH Credentials: Enter the SSH username and password to access the master node.
• Sudo Password: Enter the sudo password required for etcd snapshot creation.

4. Click the Create Backup button.
5. The backup is complete when the status changes to Success in the Control Plane Backup list.

SSH Credential Storage Notice

SSH credentials entered during a Control Plane Backup are not stored on the server. You will need to re-enter them at restore time, so keep your credentials stored in a safe location.

What Gets Backed Up

The backend automatically connects to the master node via SSH, then performs: etcd snapshot → PKI certificate archive → object storage upload, in sequence.

---

Velero Backup Options

When creating a Velero backup, you can configure the following options.

Include PVC Data

• Checkbox: Include PVC Data (default: enabled)
• When enabled, backs up the actual data stored in PersistentVolumes (using File System Backup method).
• Required for complete recovery of stateful workloads such as databases and caches.

NFS Environment Note

In NFS-based storage environments, backing up PVC data may cause performance impact. Schedule backups during low-traffic hours, or disable this option if not needed.

Resource Filtering

Set the scope of resources to include in the backup:

• Exclude PV/PVC (Recommended): Includes only application resources such as Deployments, Services, and ConfigMaps. PersistentVolume-related resources are excluded.
• App Resources Only: Includes only core app resources such as Deployments, StatefulSets, Services, ConfigMaps, Secrets, and Ingresses.
• All Resources: Backs up all resources without any filters.

---

Creating Docker/Podman Backups

In Docker or Podman environments, you can selectively back up containers, volumes, and images.

Step-by-Step Guide (Docker)

1. Select the Backup List tab on the Backup Management page.
2. Click the Create Backup button.
3. In the backup creation modal, configure the following:

• Type: Select Docker.
• Target Host: Select the Docker host to back up.
• Backup Targets: Choose from containers, volumes, images.

4. Click the Start Backup button.

Step-by-Step Guide (Podman)

Podman backup follows the same process as Docker.

Backup Target Selection Guide

• Containers: State of running containers. Select when you need to restore container configuration and state.
• Volumes: Persistent data volumes. Select when data preservation is critical (databases, files).
• Images: Container images. Select when you want to preserve specific image versions.

Practical Advice

In most cases, volumes are the most important. Containers and images can be recreated, but data stored in volumes cannot be recovered without backups.

---

Connecting External Storage

To store backups more securely, connect external storage. You can recover from remote storage even if there's a problem with the local server.

Supported Storage

• Object Storage (SeaweedFS): S3-compatible object storage. Suitable for on-premises and private cloud environments.
• AWS S3: Amazon's cloud storage. Suitable for public cloud and hybrid environments.
• S3-Compatible: Other storage supporting S3 API. Suitable for various environments.

Connection Setup Steps

1. Select the Storage Management tab.
2. Click the Add Storage button.
3. Select the storage type and enter connection information:

Object Storage Settings:

• Endpoint: Object storage server address. Example: http://your-storage-server:8333
• Access Key: Access key. Example: your-access-key.
• Secret Key: Secret key.
• Bucket Name: Storage bucket. Example: kiwi-backups.

AWS S3 Settings:

• Region: AWS region. Example: us-east-1.
• Access Key: AWS access key. Example: AKIA...
• Secret Key: AWS secret key.
• Bucket Name: S3 bucket. Example: my-backup-bucket.

4. Click the Test Connection button to verify the settings are correct.
5. If the test succeeds, click the Save button.

What is Object Storage?

An S3-compatible object storage system. KIOPS supports SeaweedFS as the default auto-install option, and also supports registering AWS S3 or other S3-compatible storage directly.

Infrastructure Pre-selection

When you open the modal to link storage to a specific Kubernetes infrastructure, the currently selected infrastructure is automatically pre-selected. This lets you complete the link quickly without having to choose the infrastructure again.

Security Note

Storage credentials (Access Key, Secret Key) are stored encrypted within KIOPS. However, following the principle of least privilege, we recommend creating a dedicated user account for backups.

---

Restoring from a Backup

When problems occur, you can restore your system from a previous backup.

Pre-Restore Checklist

Check the following before starting a restore:

• Verify the backup is from the correct point in time
• Create a backup of the current state first (to revert if needed after restore)
• Communicate with the team if service interruption is required during restore
• Have the administrator password ready

Restore Steps

1. Find the backup to restore in the Backup List tab.
2. Click the Restore button for that backup.
3. Review what will be restored in the restore preview screen.

K8s (Control Plane) Restore Screen:

Docker/Podman Restore Screen:

4. Read and acknowledge the warnings carefully.
5. Click the Start Restore button.
6. Enter the administrator password for security verification.
7. Wait for the restore to complete.
8. After restore completes, verify the system is functioning normally.

Important

The restore operation overwrites current data. Be sure to back up the current state before restoring. If problems occur after restore, you can revert using the backup you just created.

---

Setting Up Automatic Backup Schedules

Manual backups are easy to forget. Set up automatic schedules to ensure backups are created regularly.

Schedule Configuration Steps

1. Check the installation status area at the top of the page.
2. Click the Schedule Settings button.
3. Configure the backup frequency:

• Frequency: Options include Daily, Weekly, Monthly. Recommended: Production: Daily / Development: Weekly.
• Execution Time: Desired time. Recommended: Early morning hours with low traffic.
• Retention Policy: Number of backups to keep or retention period. Recommended: Minimum 7 days or 7 copies.

4. Click the Save button.

Recommended Retention Policies

• Production: Backup Frequency: Daily, Retention Period: 30 days. Reason: Issues may take time to discover.
• Staging: Backup Frequency: Weekly, Retention Period: 14 days. Reason: For testing before production deployment.
• Development: Backup Frequency: Weekly, Retention Period: 7 days. Reason: Only basic protection needed.

Automatic Cleanup

Setting a retention policy automatically deletes old backups, saving storage space. However, be careful not to set it too short, as you may not have backups when you need them.

---

Quick Reference: Feature Access Methods

• Run Setup Wizard: Installation status area at the top of the page > Start Setup Wizard.
• Create Control Plane Backup: Backup List tab > Create Backup > Type: Control Plane.
• Create Docker/Podman Backup: Backup List tab > Create Backup > Type: Docker/Podman.
• Connect External Storage: Storage Management tab > Add Storage.
• Restore Backup: Backup List tab > Restore button for target backup.
• Delete Backup: Backup List tab > Delete button (trash icon) for target backup.

---

Glossary

If you encounter unfamiliar terms, refer to the explanations below:

• Control Plane Backup: A K8s cluster-level backup that bundles etcd snapshots and PKI certificates together and stores them in object storage.
• etcd: A distributed key-value store that holds all state data for Kubernetes clusters. Acts as the cluster's "memory".
• Snapshot: A capture of data state exactly as it was at a specific moment. Like taking a photograph to preserve that instant.
• Object Storage: A storage system that stores files as objects. S3 and SeaweedFS are representative examples.
• Bucket: The top-level container for files in object storage. Similar concept to a folder.
• Access Key / Secret Key: Authentication credentials for accessing object storage. Similar to ID/password.

---

Notes and Best Practices

Backup Considerations

Best Practices

• Regular Backup Testing: Perform actual restore tests at least quarterly to verify backups are working correctly.
• Use Multiple Storage Locations: Using both local and external storage together is more secure.
• Set Up Backup Notifications: Configure alerts to be notified of backup failures.

Cautions

• Back Up Current State Before Restore: Restore operations cannot be undone, so back up the current state first.
• Large Backup Considerations: Large backups may affect network bandwidth, so perform them during low-traffic hours.
• Credential Management: External storage credentials are stored encrypted, but regular key rotation is recommended.