Frequently Asked Questions¶
General Questions¶
What is Velero Dashboard?¶
Velero Dashboard is a web-based UI for managing Velero backup and restore operations across multiple Kubernetes clusters. It provides centralized management, OIDC authentication, and fine-grained RBAC.
Is this an official Velero project?¶
No, this is a community project that builds on top of Velero. It's not officially maintained by the Velero team.
What is Velero?¶
Velero is an open-source tool for backing up and restoring Kubernetes cluster resources and persistent volumes. The Dashboard provides a UI for Velero's functionality.
Do I need to install Velero separately?¶
Yes, Velero must be installed in each Kubernetes cluster you want to manage. The Dashboard is just a UI layer on top of Velero.
Technical Questions¶
What programming language is it written in?¶
The backend is written in Python using the Flask framework. The frontend uses Jinja2 templates with Bootstrap for styling.
Does it require a database?¶
No! The Dashboard is completely stateless. All data comes from Kubernetes clusters in real-time. Configuration is file-based.
Can it scale horizontally?¶
Yes, you can run multiple replicas of the Dashboard. Sessions are filesystem-based by default, but you can configure Redis for session storage in multi-replica deployments.
What Kubernetes versions are supported?¶
The Dashboard uses the official Python Kubernetes client and should work with Kubernetes 1.20+. Tested primarily with 1.24-1.28.
What Velero versions are supported?¶
Tested with Velero 1.10-1.12. Should work with any version that uses the velero.io/v1 API.
Authentication & Security¶
What OIDC providers are supported?¶
Any standard OIDC provider should work: - Dex (included in Helm chart) - Keycloak - Auth0 - Okta - Azure AD - Google Identity Platform
Can I use it without OIDC?¶
OIDC is required for authentication. However, Dex is bundled in the Helm chart and can be configured with static users for simple setups.
How does the RBAC system work?¶
The Dashboard uses Casbin for RBAC with a domain-based model. Permissions are defined in config/casbin_policy.csv and support complex patterns like cluster-specific, namespace-specific, or environment-specific access.
Is it secure for production use?¶
Yes, when properly configured: - OIDC authentication with session-based access - Fine-grained RBAC with Casbin - No hardcoded credentials - TLS support via Ingress - Regularly updated dependencies
Always follow the Production Checklist.
Can I integrate with my existing RBAC?¶
The Dashboard has its own RBAC system (Casbin) separate from Kubernetes RBAC. You need to configure both: 1. Kubernetes RBAC for the Dashboard's service account to access Velero resources 2. Casbin RBAC for user permissions within the Dashboard
Deployment Questions¶
Can I run it locally for development?¶
Yes! Just install dependencies with pip install -r requirements.txt, configure your clusters, and run python app.py.
Do I need Docker?¶
No, but Docker is the recommended deployment method. You can also run it directly with Python or deploy to Kubernetes with Helm.
Can I deploy without Kubernetes?¶
Yes, you can deploy with Docker or run it as a systemd service. However, Kubernetes deployment with Helm is the most tested and recommended approach for production.
What resources does it need?¶
Minimal: - Memory: 256-512 MB (depends on number of clusters/resources) - CPU: 100m-250m - Storage: ~100 MB for Docker image
Can I deploy it in the same namespace as Velero?¶
Yes, but it's recommended to use a separate namespace (e.g., velero-dashboard) to keep concerns separated.
Multi-Cluster Questions¶
How many clusters can it manage?¶
There's no hard limit, but performance depends on: - Number of Velero resources per cluster - Network latency to each cluster - Dashboard resources (memory/CPU)
Tested with up to 20 clusters without issues.
Can clusters be in different clouds?¶
Yes! You can manage clusters across AWS, GCP, Azure, on-premises, or any combination. As long as the Dashboard can reach the Kubernetes API server, it works.
How does it authenticate to multiple clusters?¶
Each cluster is configured individually with either: 1. Kubeconfig file (includes all auth details) 2. Service account token + CA certificate
The Dashboard doesn't need to be deployed in the managed clusters.
Can I add/remove clusters without restart?¶
Yes! The cluster configuration file (config/clusters.yaml) supports hot-reloading. Changes are picked up automatically within seconds.
Backup & Restore Questions¶
Can I create backups through the Dashboard?¶
Yes, you can create on-demand backups by specifying: - Namespace(s) to backup - Labels/selectors - Included/excluded resources - TTL (time to live) - Storage location
Can I restore backups?¶
Yes, you can create restore operations from existing backups with options for: - Namespace mapping - Excluded resources - Restore PVs - Preserve node ports
Can I schedule recurring backups?¶
Yes, you can create Velero schedules with cron expressions through the Dashboard.
Can I download backup data?¶
You can view backup logs, but not download the actual backup data. Use the Velero CLI or the Kopia repository browser for that.
Does it support velero backup locations?¶
Yes, you can view, create, and manage Backup Storage Locations (BSL) and Volume Snapshot Locations (VSL).
Kopia Repository Browser¶
What is the Kopia repository browser?¶
A feature that lets you browse Kopia backup repositories without performing a restore. You can view snapshots and their contents.
Do I need Kopia installed?¶
Yes, the kopia binary must be available in the container or on the system where the Dashboard runs. The Docker image includes it by default.
What storage backends are supported?¶
Any S3-compatible storage that Velero supports: - Amazon S3 - MinIO - Wasabi - Google Cloud Storage (via S3 compatibility) - Azure Blob Storage (via S3 compatibility)
Can I restore files from the browser?¶
Not yet. Currently, it's read-only for browsing and verification. Use Velero CLI for actual restores.
Configuration Questions¶
Where are configuration files located?¶
- Clusters:
config/clusters.yaml - Permissions:
config/casbin_policy.csv - Casbin model:
casbin.conf(usually doesn't need changes)
Do configuration changes require restart?¶
No! Both cluster configuration and Casbin policies support hot-reloading. Changes are detected and applied automatically.
Can I use environment variables instead of files?¶
For cluster and policy configuration, files are required. However, you can use environment variables for application settings (OIDC, Flask config, etc.).
How do I backup the Dashboard configuration?¶
The configuration is just files, so you can: 1. Version control them in Git 2. Include the namespace in Velero backups 3. Store in ConfigMaps and backup those
Troubleshooting Questions¶
The dashboard shows "Access Denied" for everything¶
Your username is not in the Casbin policy file. Add yourself:
Check the Profile page to see your exact username as the system sees it.
Clusters show as "Disconnected"¶
Common causes: - API server not reachable - Invalid credentials (token/kubeconfig) - Certificate validation failure - Network firewall blocking access
See Troubleshooting Guide for detailed solutions.
OIDC login fails with redirect errors¶
Usually a configuration mismatch:
- Verify redirect URI matches in OIDC provider
- Check that APP_URL is set correctly
- Try enabling Dex proxy: USE_DEX_PROXY=True
Configuration changes aren't taking effect¶
- Check file permissions (must be readable)
- Look for reload messages in logs
- If using Docker, verify volume mounts
- Some filesystems (NFS) may not support inotify - try restart
Integration Questions¶
Can I integrate with Prometheus?¶
Not yet, but it's on the roadmap. You can monitor the pods with standard Kubernetes metrics.
Can I integrate with Slack/email for notifications?¶
The Dashboard itself doesn't send notifications. Use Velero's built-in notification features instead.
Is there an API?¶
The Dashboard has a web UI that uses internal Flask routes. There's no public REST API yet, but it's planned for future versions.
Can I integrate with ArgoCD/FluxCD?¶
Yes, you can deploy the Dashboard with ArgoCD or Flux. The Helm chart is GitOps-friendly. Manage the values.yaml in your Git repo.
Contribution Questions¶
Is it open source?¶
Check the repository for license information. (Note: Update this based on your actual license)
Can I contribute?¶
Contributions are welcome! See the Contributing Guide for details.
How do I report bugs?¶
Open an issue on GitHub with: - Description of the bug - Steps to reproduce - Expected vs actual behavior - Logs (sanitized!) - Environment details
How do I request features?¶
Open a feature request issue on GitHub. Provide: - Use case description - Why the feature is needed - Proposed solution (if you have ideas)
Migration Questions¶
Can I migrate from Velero CLI to the Dashboard?¶
Yes! The Dashboard doesn't replace Velero or the CLI. It's an additional interface. You can use both simultaneously.
Does switching to the Dashboard affect existing backups?¶
No, the Dashboard just manages Velero resources. Your existing backups, schedules, and configurations remain unchanged.
Can I go back to CLI-only after using the Dashboard?¶
Yes, absolutely. The Dashboard doesn't modify Velero's behavior or data format. You can uninstall the Dashboard anytime and continue using the CLI.
Still have questions?¶
- Check the Troubleshooting Guide
- Search GitHub Issues
- Open a new issue if your question isn't answered