Encrypted, deduplicated backups for clusters, manifests, and persistent volumes

Protect your Kubernetes infrastructure at every level. Plakar backs up etcd for disaster recovery, manifests for granular inspection and restore, and persistent volumes via CSI snapshots. All encrypted, deduplicated, and portable across environments.

Start
Read the Kubernetes docs

Kubernetes is resilient by design, but not immune to data loss

Kubernetes is built for high availability, but availability is not the same as data protection. etcd can be lost. Manifests can be deleted or misconfigured. Persistent volumes hold stateful data that no cluster feature automatically protects. Plakar addresses each of these failure modes independently, giving you a layered backup strategy that covers the full lifecycle of a cluster.

Why protecting Kubernetes clusters matters

#

Kubernetes manages the full lifecycle of your workloads, but it does not protect the data that keeps those workloads running. Three distinct layers are at risk:

  • etcd: The key-value store that holds all cluster state. If too many nodes fail simultaneously, etcd cannot recover on its own. Without an independent backup, the cluster configuration is gone.
  • Manifests: Resource definitions, namespace configurations, and workload specs can be accidentally deleted, overwritten by bad deployments, or lost during a cluster migration. Kubernetes versioning does not give you a restore point.
  • Persistent Volumes: Stateful workloads store data in PVCs that live outside the cluster’s built-in resilience model. A misconfigured storage class, a deleted PVC, or a failed migration can result in permanent data loss.

Each layer requires a different backup strategy. Plakar handles all three.

What happens when a cluster is compromised?

#

Kubernetes clusters are increasingly targeted by attackers who gain access through misconfigured RBAC, leaked credentials, or supply chain vulnerabilities. The consequences can be severe:

  • Total state loss: With sufficient API access, an attacker can delete namespaces, wipe persistent volumes, and corrupt etcd — in seconds.
  • Ransomware on persistent storage: PVCs attached to compromised pods can be encrypted or exfiltrated without any cluster-level protection.
  • No clean rollback: Without independent snapshots stored outside the cluster, there is no verified state to recover from.

Plakar stores snapshots in an isolated Kloset, encrypted end-to-end and independent of the cluster itself. The backups remain intact even if the cluster is fully compromised.

How Plakar protects your Kubernetes infrastructure

#

Plakar covers Kubernetes backups at three levels, each independent and composable:

  • etcd backup: A full snapshot of cluster state, intended as the last line of defense in a catastrophic failure scenario.
  • Manifest backup: All Kubernetes resources across the cluster (or scoped to a specific namespace) stored as a browsable, searchable Plakar snapshot. Restore the full cluster, a single namespace, or one deployment. Browse past snapshots to investigate what the cluster looked like at any point in time.
  • Persistent volume backup: PVC contents captured via CSI driver snapshots, ingested into a Kloset store, and restorable into any PVC, on the same cluster or a different one.

Because Plakar connectors are composable, data is not locked to a single environment. A persistent volume backed up from one cluster can be restored to another, archived to S3, or exported as a portable ptar archive.

Ready to protect your Kubernetes data?

Kubernetes docs

Security by design

Reduce your attack surface by keeping encryption keys out of storage. With true end-to-end encryption, your data is protected before it leaves the source and remains unreadable even to your storage provider.

  • End-to-end encryption with modern crypto (no compromise on "at-rest/in-transit")
  • Immutable snapshots with verifiable integrity
  • Tamper-proof metadata and audit logs
  • Zero-trust-friendly architecture
"You don't have to trust your storage provider."
Plakar demo

Regroup all your data protection workflows in one platform

From edge devices to SaaS platforms and hybrid clouds, Plakar keeps your data safe, synced, and instantly restorable: all from one unified tool.

For SaaS, endpoints & edge

Whether you're backing up remote laptops, on-premise servers or third-party SaaS data, Plakar gives you full control. Immutable backups, minimal storage, full flexibility. Even in disconnected environments.

In your data center

Legacy systems or critical data. All backed up with the same simplicity. Plakar integrates directly into your infrastructure with powerful CLI, orchestration support, and instant recovery.

Across clouds

Cloud-native or multi-cloud? No problem. Plakar works seamlessly with object storage, S3-compatible services, and hybrid environments, without locking you in or slowing you down.

Discover Plakar, book a demo or join a community call

Plakar is not another complex "backup project".
Gain peace of mind with little investment while protecting what matters.

Demo

Pages

Solutions

Resources

Newsletter