Skip to main content
HashnodePratik N Borkar's blogPratik N Borkar's blog

Command Palette

Search for a command to run...

Velero on OCI OKE: Complete Kubernetes Backup, Restore & Scheduled Backup Guide (Production Ready)

Published
4 min read
Velero on OCI OKE: Complete Kubernetes Backup, Restore & Scheduled Backup Guide (Production Ready)
P
Pratik N Borkar

I’m Pratik Borkar, a Technical Architecture specializing in Oracle Cloud Infrastructure (OCI) and Kubernetes. I have extensive experience designing, automating, and optimizing cloud environments using Terraform, CI/CD pipelines, and container orchestration tools. I enjoy sharing hands-on guides and real-world implementations that help engineers simplify cloud operations, improve scalability, and adopt Infrastructure as Code best practices. When I’m not automating infrastructure, I explore new DevOps tools, contribute to open-source projects, and write about cloud-native technologies.

Kubernetes workloads running on Oracle Kubernetes Engine (OKE) require a reliable backup and disaster recovery strategy. Velero is one of the most trusted open-source tools to back up and restore Kubernetes cluster resources and persistent volumes.

In this guide, you’ll learn how to:

  • Install Velero on OKE

  • Configure OCI Object Storage (S3-compatible)

  • Take namespace backups (e.g., monitoring)

  • Restore workloads

  • Set up production-grade scheduled backups

Why Use Velero on OKE?

Velero provides:

  • Backup & restore of Kubernetes resources

  • Disaster recovery for namespaces and apps

  • Migration between clusters

  • Scheduled backups (cron-based)

  • OCI Object Storage integration (S3-compatible API)

Architecture Overview

Velero works by:

  1. Backing up Kubernetes objects (YAML manifests)

  2. Storing them in OCI Object Storage bucket

  3. Optionally backing up volumes (via node-agent or snapshots)

Prerequisites

Before installing Velero:

  • OKE Cluster up and running

  • kubectl and velero binary configured

  • OCI Object Storage bucket created

  • S3-compatible credentials file (/root/credentials-velero

IAM Permissions

Allow group <Group-Name>to manage object-family in tenancy
Allow group <Group-Name> to manage object-family in compartment <compartment_name>

Install Velero on OKE (OCI Object Storage)

Run the following command:

# Create credentials file
cat > /root/credentials-velero << EOF
[default]
aws_access_key_id = your_oci_access_key
aws_secret_access_key = your_oci_secret_key
EOF

# Install Velero
velero install \
  --provider aws \
  --image docker.io/velero/velero:v1.16.2 \
  --plugins docker.io/velero/velero-plugin-for-aws:v1.12.2 \
  --bucket Velero-Backup \
  --prefix OKE-DEMO-DEV \
  --use-volume-snapshots=false \
  --secret-file /root/credentials-velero \
  --backup-location-config \
    region=<region>,s3ForcePathStyle=true,s3Url=https://<namespace>.compat.objectstorage.<region>.oraclecloud.com \
  --use-node-agent \
  --wait

Important Tip (Production Naming)

--prefix OKE-DEMO-DEV

Replace this with meaningful naming like:

  • Cluster name

  • Environment (prod/dev)

  • Tenancy namespace

Example:

--prefix OKE-DEMO-DEV

Verify Backup Storage Location

After installation, verify:

velero backup-location get

[root@demo ~]# velero backup-location get
NAME      PROVIDER   BUCKET/PREFIX                PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
default   aws        Velero-Backup/OKE-DEMO-DEV   Available   2026-04-21 12:29:27 +0000 GMT   ReadWrite     true
[root@demo ~]#

Expected output:

  • PHASE : Available

  • ACCESS MODE: ReadWrite

  • DEFAULT: true

If not available → check IAM Permissions, credentials, bucket name, or endpoint.

Backup Kubernetes Namespaces (Monitoring Example)

Backup Monitoring Namespace

velero backup create monitoring-app --include-namespaces monitoring

Verify Backup Status

[root@demo ~]# velero backup get
NAME             STATUS      ERRORS   WARNINGS   CREATED                         EXPIRES   STORAGE LOCATION   QUEUE POSITION   SELECTOR
monitoring-app   Completed   0        0          2026-04-21 10:09:03 +0000 GMT   29d       default                             <none>
[root@demo ~]#

Check details:

velero backup describe monitoring-app

Quick status check:

[root@demo ~]# velero backup describe monitoring-app | grep Phase:
Phase:  Completed
[root@demo ~]#

Expected:

Phase: Completed

Restore Namespace from Backup

To restore the monitoring namespace:

velero restore create --from-backup monitoring-app

Restore with Namespace Mapping (Optional)

velero restore create \
  --from-backup monitoring-app \
  --namespace-mappings monitoring=monitoring-restore

Production-Grade Scheduled Backups

Manual backups are not enough for production. Use Velero schedules.

Daily Backup (Production) velero schedule create monitoring-daily
--schedule "0 2 * * *"
--include-namespaces monitoring
--ttl 168h

Runs daily at 2 AM & Retains backups for 7 days

Weekly Full Backup velero schedule create full-weekly
--schedule "0 1 * * 0"
--ttl 720h

This Runs every Sunday & Retains for 30 days

Best Practices for Production (OKE + Velero)

1. Naming Convention

Use structured prefixes:

prod-oke-cluster1
dev-oke-cluster1

2. Backup Strategy

Type Frequency Retention
Namespace (monitoring) Daily 7 days
Full cluster Weekly 30 days
Critical apps Hourly (optional) 24 hours

3. Security

  • Store credentials securely

  • Use OCI IAM policies

  • Restrict bucket access

4. Testing Restore (VERY IMPORTANT)

Always test:

velero restore create --from-backup monitoring-app

Backup without restore testing = risk

5. Monitoring Velero

Check logs:

kubectl logs deployment/velero -n velero
#kubernetes#devops#cloud-computing#oci#velero#kubernets-backup#disaster-recovery#cloud-native#kubernetes-operators#kubernetes-security#oracle-cloud#oke#backup-and-recovery#sre#platform-engineering

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

P

Pratik N Borkar's blog

13 posts