Skip to content

Overview

What is Velero Dashboard?

Velero Dashboard is a Flask-based web application that provides a centralized interface for managing Velero backup and restore operations across multiple Kubernetes clusters. It simplifies disaster recovery workflows and backup management for platform teams and DevOps engineers.

Why Velero Dashboard?

While Velero provides excellent CLI tools and Kubernetes CRDs for backup management, operating at scale across multiple clusters can be challenging:

  • CLI Fatigue: Switching between clusters and namespaces with kubectl and velero commands
  • No Central View: Difficult to see backup status across all clusters
  • Access Control: Hard to provide self-service capabilities with fine-grained permissions
  • Audit Trail: Limited visibility into who performed which operations

Velero Dashboard solves these problems by providing:

  • Single Pane of Glass: View and manage all clusters from one interface
  • Self-Service: Enable developers to manage their own backups
  • RBAC: Fine-grained access control per cluster, namespace, and environment
  • Audit: Track all backup/restore operations through OIDC authentication

Key Capabilities

Multi-Cluster Management

  • Connect to multiple Kubernetes clusters simultaneously
  • Hot-reload cluster configuration without restart
  • Support for both kubeconfig and token-based authentication
  • Cluster grouping by environment (dev, staging, production)

Velero Resource Management

Manage all Velero resources through the web interface:

  • Backups: Create on-demand backups, view status, download logs, delete old backups
  • Restores: Create restore operations, monitor progress, view logs
  • Schedules: Create and manage recurring backup schedules
  • Backup Storage Locations (BSL): Configure where backups are stored
  • Volume Snapshot Locations (VSL): Configure volume snapshot providers
  • Repositories: View Velero restic/kopia repositories

Kopia Repository Browser

Browse Kopia backup repositories without performing a restore:

  • List all snapshots in a repository
  • View snapshot metadata (size, timestamp, tags)
  • Browse files within snapshots
  • Useful for verification and selective restore planning

Enterprise Authentication & Authorization

  • OIDC Authentication: Single Sign-On via OpenID Connect
  • Dex Integration: Built-in Dex proxy for easy OIDC setup
  • Casbin RBAC: Domain-based access control model
  • Predefined Roles: admin, operator, viewer roles
  • Environment-Specific Access: Grant access to specific environments only
  • Hot-Reload Policies: Update permissions without restart

Architecture Highlights

  • Stateless Design: No database required, all state in Kubernetes
  • Lightweight: Flask-based, minimal resource footprint
  • Container-Ready: Docker image with multi-stage builds
  • Kubernetes-Native: Helm chart for easy deployment
  • CI/CD Ready: GitLab CI pipeline included

Who Should Use This?

Platform Teams

Provide self-service backup capabilities to development teams while maintaining control over policies and compliance.

DevOps Engineers

Manage disaster recovery workflows across multiple environments without context-switching between CLI tools.

SREs

Test restore procedures, verify backup integrity, and manage backup schedules from a central dashboard.

Compliance Teams

Audit backup operations with OIDC authentication and role-based access control.

Next Steps