Velero Operator system architecture

System architecture

This guide describes the main features of Velero Operator charm’s architecture.

The Velero Operator charm is implemented as a Command Line Interface (CLI) tool, using a dedicated Velero core library that wraps and invokes the official velero CLI for all operations. The charm also uses Lightkube to interact with Kubernetes resources and strictly separates installation, configuration, and runtime reconciliation.

Core orchestration

The charm encapsulates Velero installation and management through the Velero class, which:

  • Installs Velero using velero install with minimal flags.
  • Adds provider plugins and configures storage backends (S3/Azure).
  • Manages Kubernetes resources like Custom Resource Definitions (CRDs), Secrets, ClusterRoles, and Deployments.
  • Validates system state using built-in checkers for deployment, node agent, and storage location readiness.

Storage configuration via plugin system

The charm supports S3 and Azure backends through a shared VeleroStorageProvider interface. Each provider supplies:

  • Plugin container image.
  • Cloud-specific configuration (e.g., AWS region, Azure credentials).
  • Custom BackupStorageLocation and VolumeSnapshotLocation resources.

Secure Kubernetes resource management

All credentials are stored in Kubernetes Secret resources, never exposed through the charm config.

CRDs, service accounts, and role bindings are created dynamically using Lightkube and parsed directly from Velero’s own dry-run install output.

Declarative metrics integration

A Prometheus-compatible ClusterIP service is created automatically, using Lightkube primitives, to expose Velero metrics on port 8085 under /metrics.

Node agent support

A Velero DaemonSet is deployed across all nodes to support file system backups if enabled. The charm tracks and manages this resource independently.

Single backend enforcement

The charm enforces a single active storage backend at a time to avoid conflicting configurations. Multiple simultaneous relations result in a Blocked state.

Action-gated CLI access

A run action allows users to invoke selected Velero subcommands, backup, restore, schedule, with input validation and logging.

Arbitrary or unsupported commands are rejected for safety.