diff --git a/README.md b/README.md
index fbe7c58..2a30b58 100644
--- a/README.md
+++ b/README.md
@@ -74,22 +74,17 @@ it's just a base monitoring to answer the question: "Is it up?".
 4. Create secret for Alertmanager config:
    `kubectl -n posmon create secret generic alertmanager-posmon --from-file=contrib/alertmanager.yaml`
 
-## Backup configuration
+## Backup
 
-Example contents of `backup.env`:
+Backup is done using [K8up](https://k8up.io/).
 
-```
-RESTIC_REPOSITORY=rclone:myremote:posbackup
-RESTIC_PASSWORD=extremelysecurepassword
-RCLONE_CONFIG_FWUCLOUD_TYPE=webdav
-RCLONE_CONFIG_FWUCLOUD_URL=https://nextcloud.example.com/remote.php/webdav/
-RCLONE_CONFIG_FWUCLOUD_VENDOR=nextcloud
-RCLONE_CONFIG_FWUCLOUD_USER=backupuser
-RCLONE_CONFIG_FWUCLOUD_PASS=encryptedpassword
-PGDATABASE=odoodbname
-```
+1. Install K8up
+2. Apply manifests under `contrib/backup`
+
+### Restore
+
+tbd...
 
-Restore of DB:
 
 ```
 createdb -T template0 restoretest
diff --git a/backup/Dockerfile b/backup/Dockerfile
deleted file mode 100644
index 9ce20c5..0000000
--- a/backup/Dockerfile
+++ /dev/null
@@ -1,25 +0,0 @@
-FROM alpine:latest
-
-ENV RESTIC_VERSION=0.9.1 \
-    RCLONE_VERSION=1.42
-
-RUN set -x; wget -O /tmp/restic.bz2 https://github.com/restic/restic/releases/download/v${RESTIC_VERSION}/restic_${RESTIC_VERSION}_linux_arm.bz2 && \
-    bzip2 -d /tmp/restic.bz2 && \
-    mv /tmp/restic /usr/local/bin/restic && \
-    chmod +x /usr/local/bin/restic
-
-RUN set -x; wget -O /tmp/rclone.zip https://downloads.rclone.org/v${RCLONE_VERSION}/rclone-v${RCLONE_VERSION}-linux-arm.zip && \
-    unzip /tmp/rclone.zip && \
-    mv rclone-v${RCLONE_VERSION}-linux-arm/rclone /usr/local/bin/rclone && \
-    chmod +x /usr/local/bin/rclone && \
-    rm -rf rclone-* /tmp/rclone.zip && \
-    mkdir -p /root/.config/rclone && \
-    touch /root/.config/rclone/rclone.conf
-
-RUN apk add --no-cache bash ca-certificates postgresql && \
-    mkfifo -m 0666 /var/log/cron.log && \
-    ln -s /var/log/cron.log /var/log/crond.log
-
-ADD crondwrapper.sh resticbackup.sh /usr/local/bin/
-
-ENTRYPOINT ["crondwrapper.sh"]
diff --git a/backup/crondwrapper.sh b/backup/crondwrapper.sh
deleted file mode 100755
index a2079e8..0000000
--- a/backup/crondwrapper.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env bash
-
-echo "${BACKUP_SCHEDULE} resticbackup.sh >> /var/log/cron.log 2>&1" > /etc/crontabs/root
-
-# start cron
-default_crontabs_dir=/etc/crontabs
-crond -L /var/log/cron.log -c ${CRONTABS_DIR:-$default_crontabs_dir}
-
-# trap SIGINT and SIGTERM signals and gracefully exit
-trap "echo \"stopping cron\"; kill \$!; exit" SIGINT SIGTERM
-
-# start "daemon"
-while true
-do
-    cat /var/log/cron.log & wait $!
-done
diff --git a/backup/resticbackup.sh b/backup/resticbackup.sh
deleted file mode 100755
index 3116f1d..0000000
--- a/backup/resticbackup.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env bash
-
-set -x
-
-echo "[$(date)] Starting backup"
-
-# Dump Postgres DB - parameters are read from env vars
-pg_dump -Fc > /data/odoo_data.dump
-
-# Backup data with restic
-restic backup --hostname posbox /data
-restic forget --prune --keep-last 10
-
-echo "[$(date)] Backup ended"
diff --git a/deployment/db-statefulset.yaml b/deployment/db-statefulset.yaml
index aa402db..7b985bb 100644
--- a/deployment/db-statefulset.yaml
+++ b/deployment/db-statefulset.yaml
@@ -13,6 +13,8 @@ spec:
   replicas: 1
   template:
     metadata:
+      annotations:
+        appuio.ch/backupcommand: pg_dumpall
       labels:
         app: db
     spec:
@@ -27,8 +29,12 @@ spec:
           value: postgres
         - name: POSTGRES_PASSWORD
           value: odoo
+        - name: PGPASSWORD
+          value: odoo
         - name: POSTGRES_USER
           value: odoo
+        - name: PGUSER
+          value: odoo
         ports:
         - containerPort: 5432
           name: postgres
@@ -38,6 +44,8 @@ spec:
   volumeClaimTemplates:
   - metadata:
       name: db-data
+      annotations:
+        appuio.ch/backup: "true"
     spec:
       accessModes:
       - ReadWriteOnce
diff --git a/deployment/odoo-pvc.yaml b/deployment/odoo-pvc.yaml
index ca79b2f..ece40c2 100644
--- a/deployment/odoo-pvc.yaml
+++ b/deployment/odoo-pvc.yaml
@@ -5,6 +5,8 @@ metadata:
     app: odoo
   name: odoo-data
   namespace: pos
+  annotations:
+    appuio.ch/backup: "true"
 spec:
   accessModes:
   - ReadWriteOnce
diff --git a/docker-compose.yml b/docker-compose.yml
index 5414f85..06ea3d2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -48,20 +48,6 @@ services:
     networks:
       localnet:
         ipv4_address: 10.5.0.4
-#  backup:
-#    build: ./backup
-#    environment:
-#      - PGHOST=db
-#      - PGUSER=odoo
-#      - PGPASSWORD=odoo
-#      - BACKUP_SCHEDULE=0 19 * * *
-#    env_file: backup.env
-#    volumes:
-#      - odoo-db-data:/data/pg_raw:ro
-#      - /home/pi:/data/home-pi:ro
-#    networks:
-#      localnet:
-#        ipv4_address: 10.5.0.5
 volumes:
   odoo-web-data:
   odoo-db-data: