OADP Qcow2 incremental backup workflow

OADP glues the VirtualMachineBackup together.

• Summary: OADP orchestrates the VirtualMachineBackup, moving qcow2's off cluster to s3 and local cluster cleanup.
• References:
  • Vep 25: https://github.com/kubevirt/enhancements/blob/main/veps/sig-storage/incremental-backup.md
  • OADP: https://github.com/openshift/oadp-operator/pull/2037/
  • Storage Agnostic CBT using qemu: https://issues.redhat.com/browse/CNV-61530
• Related PR's:
  • VMBackup: support incremental backup
  • Add checkpoint redefinition support for incremental backups after VM restart

Initial Configuration

OADP Config:

• kubevirt-datamover plugin enabled. vconfiguration.velero.defaultPlugins.
• ConfigMap w/ VolumePolicy created w/
  • policy: kubevirt, Not: skip, backup or fsbackup. With volume matching to the VM w/ label
  • kubevirt = skip in the volume policy

KubeVirt Config:

• https://github.com/kubevirt/enhancements/blob/main/veps/sig-storage/incremental-backup.md#enabledisable-qemu-backup-1
• user enables incremental backup on VM
  • This in turn creates the VM State PV/PVC combo for backups. VM restart required

OADP / KubeVirt VirtualMachineBackupo / Qcow2 snapshot

sequenceDiagram
    autonumber
    participant Velero as OADP_Velero
    participant Plugin as KV_DataMover_Plugin
    participant API as K8s_API
    participant Controller as DataMover_Controller
    participant KubeVirt as KubeVirt_System
    participant S3 as S3_Storage

    Note over Velero, S3: **1. Initiation**
    Velero->>API: Create Backup CR
    Velero->>Plugin: Execute Plugin (per VM instance)
    Plugin->>Plugin: Check Prerequisites<br/>(VolumePolicy match, PVC exists)
    Plugin->>API: Create DataUpload CR<br/>(spec: datamover=kubevirt)

    Note over Velero, S3: **2. Preparation**
    API-->>Controller: Watch Event: New DataUpload CR
    Controller->>S3: Get latestCheckpoint (if incremental)
    S3-->>Controller: Return Checkpoint Info (or nil)
    Controller->>API: Create Temp PVC (OADP_VMB_TEMP)
    API-->>Controller: PVC Ready
    Controller->>API: Create VirtualMachineBackup (VMB) CR<br/>(Ref: Temp PVC, latestCheckpoint)
     Controller->>API: Create VirtualMachineBackupTracker (VMBT)

    Note over Velero, S3: **3. Execution (KubeVirt)**
    API-->>KubeVirt: Watch Event: New VMB CR
    KubeVirt->>KubeVirt: Execute VMB Backup (Push Mode)<br/>Writes qcow2/delta to OADP_VMB_TEMP
    KubeVirt->>API: Update VMB Status: Ready/Complete

    Note over Velero, S3: **4. Data Movement**
    API-->>Controller: Watch Event: VMB Complete
    Controller->>Controller: Create DM pod and mount OADP_VMB_TEMP
    Controller->>S3: Upload Backup Data<br/>(qcow2 snapshot/delta)
    Controller->>S3: Upload Metadata<br/>(VMB CR, Tracker JSON)
    Controller->>S3: Update latestCheckpoint
    Controller->>Controller: Unmount OADP_VMB_TEMP

    Note over Velero, S3: **5. Cleanup**
    Controller->>API: Delete VMB CR
    Controller->>API: Delete Temp PVC (OADP_VMB_TEMP)
    Controller->>API: Update DataUpload Status: Completed
    API-->>Plugin: DataUpload Completed
    Plugin->>Velero: Plugin Execution Success

Loading

Steps from the above workflow in a list

• Flow:
  • Velero creates a Backup CR.
  • Plugin checks prerequisites (VolumePolicy, PVC match).
  • Plugin creates DataUpload CR.
• Preparation:
  • DM_Controller watches DataUpload.
  • DM_Controller creates a temporary PVC (OADP_VMB_TEMP).
  • DM_Controller creates VirtualMachineBackup (VMB) CR, pointing to the temp PVC and referencing the latestCheckpoint from s3 if incremental.
• Execution (KubeVirt):
  • KubeVirt system executes the VMB (Push mode) into OADP_VMB_TEMP.
  • KubeVirt updates VMB status to "Ready/Complete".
  • Data Movement:
    • DM_Controller detects VMB completion.
    • DM_Controller mounts OADP_VMB_TEMP.
    • DM_Controller uploads data to S3:
    • qcow2 snapshot / delta.
    • VMB CR metadata / Tracker JSON.
    • DM_Controller updates latestCheckpoint in S3 for future incrementals.
• Cleanup:
  • Resources (VMB, temp PVC) are cleaned up.
  • DataUpload status updated to Completed.

Possible enhancements

• add a label / annotation to the du/dd w/ the datamover type so customers can sort by kubevirt, in extended oc get du/dd
• dataupload needs to reference the vm it needs to connect to.

Task breakdown

• Velero upstream changes (Allowing users to set volume policy actions other than velero-supported ones)
• Plugin work
  • Async BIA which creates DU
  • DeleteItemAction to handle cleanup on backup deletion
• Controller work
  • Detailed design for s3 usage
    • custom prefix, parallel to BSL-specified prefix
    • full API spec for json files which map the list qcow2 snapshots to VM+backup, with the checkpoint ID for each, etc.)
  • Basic controller impl
  • datamover pod/uploader actions
• Restore work
  • RIA (if needed)
  • controller work

Task breakdown ( Gantt )

gantt
    title OADP Qcow2 Incremental Backup Task Breakdown
    dateFormat  YYYY-MM-DD
    axisFormat  %m-%d

    section Velero Upstream
    Velero Upstream Changes (Policy Actions)       :upstream, 2026-01-20, 10d

    section Plugin Work / Controller Design
    Async BIA which creates DU                     :bia, 2026-01-20, 10d
    Detailed Design (S3 Usage & API Spec)          :design, 2026-01-20, 5d
    DeleteItemAction (Cleanup)                     :cleanup, after bia,  5d

    section Controller Work
    Basic Controller Impl                          :ctrl_basic, after design, 15d
    DataMover Pod/Uploader Actions                 :dm_actions, after ctrl_basic, 10d

    section Restore Work
    Restore Work (RIA & Controller)                :restore, after dm_actions, 15d

Loading

Older Notes:

2. An OADP / Velero Cr created a. ( opens question ) datamover = kubevirt b. SnapMoveData: true c. Backup cr specifies the volumepolicy and has a match

3. Velero process the backup

   • kubevirt-datamover-plugin:
   • checks the requisites, plugin will run on every vm instance in namespace
     • supported / prereqs?
     • volumepolicy matches PVC for VM.
     • dataUpload with spec, datamover = kubevirt
     • if all reqs are OK.. creates dataupload cr

4. KubeVirt DataMoverController

   • OADP temporary PVC OADP_VMB_TEMP ( temp ) point to the VirtualMachineBackup, in the vmb spec
   • creates VirtualMachineBackup that points to OADP_VMB_TEMP / Tracker ( if needed )
   • once the VMB is complete

5. In the OADP DataMoverController

• Now OADP mounts PVC OADP_VMD_TEMP
• Uploads:
  • qcow2 snapshot
  • vmb cr, vmb-tracker or json w/ the data.
  • this could be stored as a json list of image names in s3 so OADP understands the incremental order

6. On incremental backup.. OADP checks the latestCheckpoint from S3 latestCheckpoint The checkpoint of the latest backup, updated by the backup controller. This checkpoint will serve as the base for the next incremental backup when providing this tracker as a reference. This struct will consist of the needed information to redefine Libvirt's checkpoint XML and will consist of:

RESTORE: Scott has this :)