Everything you need to trust your backups
A complete backup restore validation framework, built as a native Kubernetes Operator. Install once, validate forever.
Automated nightly validation
Schedule cron-based restore tests that run unattended. Every backup is restored into a sandbox and validated — every night, not once a year. Define the schedule in your RestoreTest CRD and let Kymaros handle the rest.
- Cron-based scheduling with standard Kubernetes cron syntax
- Parallel or sequential test execution
- Automatic retry on transient failures
- Slack, PagerDuty, and webhook notifications on completion
schedule: "0 2 * * *" # Every night at 2 AMZero-impact sandbox isolation
Every test runs in an ephemeral namespace with NetworkPolicy deny-all and ResourceQuota. Fully isolated from production. The namespace is automatically created before each test and deleted after — no manual cleanup, no leftover resources.
- NetworkPolicy deny-all ingress and egress by default
- ResourceQuota to limit CPU, memory, and storage
- LimitRange defaults for every container
- Automatic namespace cleanup after each test
sandbox:
networkPolicy: deny-all
resourceQuota:
cpu: "4"
memory: 8Gi
ttlAfterFinished: 300 # cleanup after 5 min6-level confidence scoring
Not just 'did it restore?' — Kymaros validates across 6 sequential levels, each adding depth. The result is a confidence score from 0 to 100 that tells you exactly how trustworthy your backup is.
- Restore Integrity (25 pts) — Velero restore completed without errors
- Resource Completeness (20 pts) — all expected resources are present
- Pod Startup (20 pts) — all pods reach Ready state
- Health Checks (20 pts) — HTTP probes, exec commands, TCP connections pass
- Cross-Namespace Dependencies (10 pts) — external service reachability
- RTO Compliance (5 pts) — actual restore time meets your SLA target
Velero restore completed without errors
all expected resources are present
all pods reach Ready state
HTTP probes, exec commands, TCP connections pass
external service reachability
actual restore time meets your SLA target
Real RTO measurement
Measures actual time from restore trigger to application healthy. Compare against your SLA target. Know your real RTO — not your hoped-for RTO. Track trends over time to detect degradation before it becomes a problem.
- Measures wall-clock time from restore start to all health checks passing
- Compare against configurable SLA target (e.g. rtoTarget: 15m)
- RTO trend analytics over 90 days (Team tier)
- Alerts when RTO exceeds target or regresses significantly
validation:
rtoTarget: 15m # alert if restore takes longerWorks with your backup tool
Kymaros is not a backup tool — it validates the restores from your existing backup tool. Native Velero support is free. Kasten K10 and TrilioVault adapters are available in the Team tier. The adapter interface is pluggable — adding a new backup tool is implementing one Go interface.
- Velero — native support, free tier
- Kasten K10 — Team tier
- TrilioVault — Team tier
- Custom adapters via the BackupAdapter Go interface
backupSource:
provider: velero
backupName: my-app-backup
namespace: veleroAudit-ready compliance reports
Generate evidence mapped to SOC 2 (CC7.5), ISO 27001 (Control 8.13), DORA (Article 11-12), HIPAA, and PCI-DSS. 365 documented DR tests per year — automatically. Your auditor gets timestamped evidence with confidence scores, not a slide deck.
- SOC 2 Availability TSC — CC7.5 evidence
- ISO 27001 Control 8.13 — backup & recovery testing
- DORA Article 11-12 — ICT resilience testing
- PDF export with test count, coverage, score trends, RTO data
- CSV export for SIEM integration (Enterprise)
Ready to validate your backups?
Start free with the Community tier. Upgrade to Team when you need compliance reports.