diff --git a/deploy/kubernetes/README.md b/deploy/kubernetes/README.md
index abf04ac..08e405d 100644
--- a/deploy/kubernetes/README.md
+++ b/deploy/kubernetes/README.md
@@ -12,7 +12,7 @@
 
 ## What do I get?
 1. Wrestlingdev deployed with 2 replicas. Autoscaling is turned on up to 4 replcias. 
-2. A standalone mariadb.
+2. A standalone mariadb that can back up to S3 compatable storage if you set the values in `deploy/kubernetes/secrets/secrets.yaml` and prometheus ready metrics
 3. A standalone memcahced.
 4. A single job runner to run wrestlingdev background jobs.
 
@@ -36,4 +36,4 @@ From a mysql shell> `CREATE USER ${username} IDENTIFIED BY '${password}'; GRANT
 Right now, we're also only using gmail for email.
 
 ## Recommended cloud machines
-In production, this runs on GKE. I have two node pools. The first is 2 x `n2-high-cpu-2` ($12.63/month preemptible). That pool can run 1 "copy" of the application. That means 2 x app pods, 1 x worker, 1 x memcached, and 1 x mariadb. The second node pool is an autoscale from 0-10 and is of the machine type `n1-standard-1` ($7.30/ month preemptible). This pool is scritly for scaling the app pods and the worker pods.
\ No newline at end of file
+In production, this runs on GKE. I have two node pools. The first is 2 x `n2-high-cpu-2` ($12.63/month preemptible). That pool can run 1 "copy" of the application. That means 2 x app pods, 1 x worker, 1 x memcached, and 1 x mariadb. The second node pool is an autoscale from 0-10 and is of the machine type `n1-standard-1` ($7.30/ month preemptible). This pool is strictly for scaling the app pods and the worker pods.
\ No newline at end of file
diff --git a/deploy/kubernetes/manifests/mariadb-standalone.yaml b/deploy/kubernetes/manifests/mariadb-standalone.yaml
index ba2768e..4d4e37e 100644
--- a/deploy/kubernetes/manifests/mariadb-standalone.yaml
+++ b/deploy/kubernetes/manifests/mariadb-standalone.yaml
@@ -26,13 +26,16 @@ spec:
     requests:
       storage: 20Gi
 ---
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: wrestlingdev-mariadb
   labels:
     app: wrestlingdev
 spec:
+  selector:
+    matchLabels:
+      app: wrestlingdev
   strategy:
     type: Recreate
   template:
@@ -40,6 +43,9 @@ spec:
       labels:
         app: wrestlingdev
         tier: mariadb
+      annotations:
+        prometheus.io/port: "9125"
+        prometheus.io/scrape: "true"
     spec:
       containers:
       - image: mariadb:10.3
@@ -63,6 +69,111 @@ spec:
           requests:
             memory: "256Mi"
             cpu: "0.2"
+      - image: jcwimer/mariadb-rclone-backup-docker:10.3
+        name: mariadb-backup
+        env:
+        - name: DB_PASSWORD
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: dbpassword
+        - name: CRON_SCHEDULE
+          value: "@hourly"  # hourly
+        - name: DB_USERNAME
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: dbusername
+        - name: DB_HOST
+          value: "127.0.0.1"
+        - name: DAYS_TO_KEEP
+          value: "7"
+        - name: RCLONE_TYPE
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: rclone_type
+        - name: S3_ACCESS_ID
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: s3_access_id
+        - name: S3_ACCESS_KEY
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: s3_access_key
+        - name: S3_ENDPOINT
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: s3_endpoint
+        - name: S3_REGION
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: s3_region
+        - name: RCLONE_EXTRA_ARGS
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: rclone_extra_args
+        - name: RCLONE_PATH
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: rclone_path
+        volumeMounts:
+        - name: wrestlingdev-mariadb-persistent-storage
+          mountPath: /var/lib/mysql
+        resources:
+          limits:
+            cpu: "0.2"
+            memory: "100Mi"
+          requests:
+            memory: "50Mi"
+            cpu: "0.1"
+      - image: prom/mysqld-exporter:v0.11.0
+        name: mariadb-exporter
+        ports:
+        - containerPort: 9125
+          name: http"
+        args:
+        - --web.listen-address=0.0.0.0:9125
+        - --web.telemetry-path=/metrics
+        - --collect.heartbeat
+        - --collect.heartbeat.database=sys_operator
+        env:
+        - name: DB_PASSWORD
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: dbpassword
+        - name: DB_USERNAME
+          valueFrom:
+           secretKeyRef:
+             name: wrestlingdev-secrets
+             key: dbusername
+        - name: DB_HOST
+          value: "127.0.0.1:3306"
+        - name: DATA_SOURCE_NAME
+          value: $(DB_USERNAME):$(DB_PASSWORD)@($(DB_HOST))/
+        - name: DAYS_TO_KEEP
+          value: "7"
+        resources:
+          limits:
+            cpu: "100m"
+            memory: "128Mi"
+          requests:
+            memory: "32Mi"
+            cpu: "10m"
+        livenessProbe:
+          httpGet:
+            path: /metrics
+            port: 9125
+          initialDelaySeconds: 30
+          periodSeconds: 30
+          timeoutSeconds: 30
       volumes:
       - name: wrestlingdev-mariadb-persistent-storage
         persistentVolumeClaim:
diff --git a/deploy/kubernetes/secrets/secrets.yaml b/deploy/kubernetes/secrets/secrets.yaml
index 1719af9..bf9f796 100644
--- a/deploy/kubernetes/secrets/secrets.yaml
+++ b/deploy/kubernetes/secrets/secrets.yaml
@@ -5,13 +5,24 @@ metadata:
 type: Opaque
 #data:
 stringData:
-  dbusername: root
-  dbpassword: PUT_SECRET_HERE
-  dbhost: wrestlingdev-mariadb (if using the mariadb-standalone from this repo, otherwise use your hostname for your database)
-  devisesecretkey: PUT_SECRET_HERE get from running rails secret
-  railssecretkey: PUT_SECRET_HERE get from running rails secret
-  emailpassword: PUT_EMAIL_PASSWORD_HERE
+  # REQUIRED
+  dbusername: root # if using the mariadb-standalone from this repo, otherwise use your username for your database
+  dbpassword: PUT_SECRET_HERE # db password
+  dbhost: wrestlingdev-mariadb # if using the mariadb-standalone from this repo, otherwise use your hostname for your database
+  devisesecretkey: PUT_SECRET_HERE # get from running rails secret
+  railssecretkey: PUT_SECRET_HERE # get from running rails secret
+  emailpassword: PUT_EMAIL_PASSWORD_HERE # gmail password
   gmailemail: PUT EMAIL ADDRESS HERE
+  # OPTIONAL
+  # DELETE THESE LINES IF YOU'RE NOT USING THEM
   influxdb_database: PUT INFLUXDB DATABASE NAME HERE
   influxdb_hostname: PUT INFLUXDB HOSTNAME OR IP HERE
-  influxdb_port: PUT INFLUXDB PORT HERE
\ No newline at end of file
+  influxdb_port: PUT INFLUXDB PORT HERE
+  rclone_type: s3
+  rclone_extra_args: # example --no-check-certificate for self signed ssl minio certs
+  rclone_path: # path to put the backup, for example this would be the bucket name for s3
+  # required if rclone_type is s3
+  s3_access_id:
+  s3_access_key:
+  s3_endpoint:
+  s3_region: