Backup copies of information, software and systems shall be maintained and regularly tested in accordance with the agreed topic-specific policy on backup.
KubeAid integrates Velero, Zalando PGO, and CloudNativePG (CNPG) to automatically back up Kubernetes resources, persistent volumes, and databases (including Keycloak) according to defined schedules. Sealed Secrets private keys are also backed up using custom scripts to ensure recovery of encrypted secrets.
Backups are stored in write-only object storage buckets (S3, R2D2), with strict IAM policies that prevent reading, deletion, or overwriting of existing backups. Data is encrypted and optionally replicated to offsite locations for resilience. SeaweedFS can also be deployed as an S3-compatible backup store, providing a scalable, object-based storage solution that integrates seamlessly with KubeAid backup workflows.
Backup jobs are actively monitored via Prometheus exporters and Alertmanager, with automated alerts for failures, delays, or issues. Alerts integrate with operational channels such as mattermost channel where we get notified about the alerts/incidents via our in-house alert processor and dispatcher tool opsmondo.