π©Ί Vitals
- π’ Last active: 2026-07-16
- π¦ Latest release: v1.18.2 (2026-06-26)
- π Open issues: 754
- π Stars: 10.1k
What do these metrics mean?
- Last active: when code was last pushed, as of our last check. The dot is green when that was recent, grey otherwise. A long gap can mean a tool is finished and stable, not only unmaintained.
- Latest release: the most recent tagged, packaged version the maintainers published. Not every healthy project tags releases.
- Open issues: unresolved reports and requests. A high number is normal for a popular project and is not a warning on its own.
- Stars: how many people bookmarked the project on its forge. A rough popularity signal, not a measure of quality.
ποΈ Profile
- Official: velero.io
- Source: github.com/velero-io/velero
- License: Apache 2.0
- Deployment: Kubernetes (CLI Β· Operator)
- Data Model: Backs up to S3 / Azure Blob / GCS (Restic Β· Kopia)
- Jurisdiction: USA πΊπΈ (Broadcom, CNCF Sandbox pending)
- Compliance (SaaS): N/A (No SaaS offering)
- Compliance (Self-Hosted): Self-Hosted (User Managed)
- Complexity: Moderate (3/5) - Object storage, CSI snapshots & RBAC to configure
- Maintenance: Moderate (3/5) - Schedule management and restore-testing discipline
- Enterprise Ready: High (4/5) - Scheduled backups, CSI snapshots, Restic/Kopia, RBAC; multi-cluster UI via partners
1. The Executive Summary
What is it? Velero is a Kubernetes-native backup and disaster-recovery tool. It captures the two things storage snapshots usually miss together: the cluster's API resources (deployments, configmaps, RBAC, CRDs β the "shape" of your applications) and the data inside persistent volumes, writing both to object storage you control (S3, Azure Blob, GCS). That combination makes it the standard tool for three jobs β disaster recovery, cluster migration (lifting a namespace from one cluster to another), and routine backup of stateful workloads. It protects the volumes provisioned by Longhorn, Ceph, or any CSI driver: it is the protection layer that sits above the storage engines, not a competitor to them.
The Strategic Verdict:
- π΄ For Teams Needing a Managed Multi-Cluster UI: Caution. Velero is engine-first and CLI/CRD-driven; a centralized multi-cluster dashboard, an SSO-gated backup UI, and pre-built application hooks are largely deferred to commercial partners (CloudCasa, Kasten, Portworx). Teams wanting a single pane of glass across many clusters out of the box will weigh those layers.
- π’ For Kubernetes DR and Migration on Your Own Storage: Strong Buy. Velero delivers scheduled, restorable backups of both cluster state and volumes to storage you own, with no licensing and standard formats (Restic/Kopia, CSI snapshots) that keep backups portable and vendor-neutral.
2. The "Hidden" Costs (TCO Analysis)
| Cost Component | Kasten K10 (SaaS) | Velero (Self-Hosted) |
|---|---|---|
| Licensing | Per-node annual subscription | Apache-2.0, no license fee |
| Backup Storage | Vendor-guided, still your cloud cost | Your own S3 / Azure Blob / GCS |
| Management UI | Bundled multi-cluster dashboard | CLI/CRD core; UI via partners (optional) |
| Lock-in | Proprietary catalog & formats | Restic/Kopia + CSI snapshots (portable) |
3. The "Day 2" Reality Check
π Deployment & Operations
- Installation: Installed via the Velero CLI or Helm into an existing cluster, plus a "Backup Storage Location" pointing at an object store and, optionally, CSI snapshot integration. Backups and schedules are then defined as Kubernetes custom resources, so the whole system is driven declaratively rather than through a separate console.
- Scalability: A node agent handles volume data movement (Restic/Kopia) while the controller orchestrates schedules and retention. It scales per cluster; coordinating backup policy across many clusters is exactly the gap that commercial layers on top of Velero exist to fill.
π‘οΈ Security & Governance (Risk Assessment)
- Jurisdiction & Governance in Transition (USA πΊπΈ): Self-hosted with no call-home, so CLOUD Act exposure is moot β there is no vendor data path to compel. The honest concern is stewardship: Velero originated at Heptio, passed to VMware, and now sits under Broadcom, whose post-acquisition record on VMware licensing makes corporate ownership a legitimate worry. Two things de-risk it materially β the code is Apache-2.0 and forkable by a multi-vendor maintainer base (Red Hat, Microsoft, Broadcom), and a CNCF Sandbox donation was filed in February 2026 that would move governance to neutral custody. Until that completes, treat governance as improving, not yet settled.
- The Compliance Shift: Velero provides the backup mechanism; securing it is your responsibility. The object-storage buckets holding the backups, the encryption of the Restic/Kopia repositories, and the Kubernetes RBAC that prevents an unauthorized restore are all on you β and a backup system is itself a high-value target, because it holds a complete copy of everything you run.
- License vs the Commercial Layer: License risk is nil β Apache 2.0, no copyleft, no badgeware, no paywalled core. The nuance is ecosystem-shaped, not license-shaped: the enterprise conveniences (multi-cluster management, an SSO backup UI, validated application hooks) live in third-party commercial products built on top of Velero, not in a feature-forked edition. You can run the full engine free indefinitely; you pay only if you want someone else's management plane over it.
4. Market Landscape
π’ Proprietary Incumbents
- Kasten K10 (Veeam): The dominant proprietary Kubernetes backup platform; teams adopt Velero to escape per-node subscription licensing while keeping backups in object storage they control, accepting a CLI/CRD workflow in place of K10's managed UI.
- Cohesity: Enterprise data-protection and DR spanning VMs and increasingly Kubernetes; cloud-native teams choose Velero to back up clusters with a lightweight, Kubernetes-native tool rather than a heavyweight appliance-centric suite.
π€ Open Source Ecosystem
- K8up: A CNCF backup operator built on Restic; lighter and more opinionated than Velero, focused on backing up PVCs and application data rather than full cluster-resource capture and migration.
- Kanister: An application-centric, open-source data-management framework that expresses app-aware backup workflows as blueprints; commonly used alongside Velero's cluster-level backup rather than instead of it.