The backups addon can be used to backup the most important
parts of a cluster, including:
etcd PKI (certificates and keys used by Kubernetes to access the
- Kubernetes PKI (certificates and keys used by Kubernetes and clients)
The addon uses Restic to upload backups, encrypt them, and handle
By default, backups are done every 30 minutes and are
kept for 48 hours. If you need retention, please adjust the restic CLI flags
restic forget --prune --keep-last <NEW AMOUNT OF HOURS>.
In order to use this addon, you need an S3 bucket or Restic-compatible
repository for storing backups.
Using The Addon
You can enable the addon via the KubeOneCluster manifest. Make sure to replace
the placeholder values in the
params stanza with the appropriate values.
- name: backups-restic
Original addon source can be found in kubeone repository.
Credentials are fetched automatically via the
AWS_SECRET_ACCESS_KEY environment variables. If you want to use non-default
credentials, update the