diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..f7d9090
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "vendor/ark"]
+	path = vendor/ark
+	url = git@github.com:heptio/ark.git
diff --git a/doc/backup-and-restore.md b/doc/backup-and-restore.md
new file mode 100644
index 0000000..c953546
--- /dev/null
+++ b/doc/backup-and-restore.md
@@ -0,0 +1,36 @@
+# Backups
+
+We're using [Ark][1] for backing up Kubernetes config and GKE resources. It is
+available as a Git submodule in the `vendor/` folder (incl. the `ark`
+executable).
+
+In order to initialize and update submodules in your local repo, run once:
+
+    git submodule update --init
+
+Then, to fetch/update the modules, run:
+
+    git submodule update
+
+The Ark service is running on the Sidamo cluster and was set up using the
+[official docs' GCP instructions and config files][4]. There's a daily backup
+schedule in effect for Gitea (using the label `app=gitea`).
+
+Please refer to Ark's [ Getting Started ][5] doc for all backup and restore
+commands.
+
+## Backup location
+
+Cluster configuration (including all live resources) is backed up to [a Google
+Cloud Storage container][3].
+
+## Persistent volumes
+
+Persistent volumes are just GCE disks. Thus, with the current config, Ark
+creates volume snapshots as native [GCE disk snapshots][2].
+
+[1]: https://heptio.github.io/ark/v0.10.0
+[2]: https://console.cloud.google.com/compute/snapshots?organizationId=772167872692&project=fluted-magpie-218106&tab=snapshots&snapshotssize=50
+[3]: https://console.cloud.google.com/storage/browser/sidamo-backups?project=fluted-magpie-218106&organizationId=772167872692
+[4]: https://heptio.github.io/ark/v0.10.0/gcp-config
+[5]: https://heptio.github.io/ark/v0.10.0/get-started
diff --git a/kubernetes/gitea-db.yaml b/kubernetes/gitea-db.yaml
index 629c017..6b262cd 100644
--- a/kubernetes/gitea-db.yaml
+++ b/kubernetes/gitea-db.yaml
@@ -2,6 +2,8 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: gitea-db
+  labels:
+    app: gitea
 spec:
   replicas: 1
   strategy:
@@ -10,6 +12,7 @@ spec:
     metadata:
       labels:
         name: gitea-db
+        app: gitea
     spec:
       containers:
       - env:
@@ -48,6 +51,7 @@ metadata:
   name: gitea-db-data
   labels:
     name: gitea-db-data
+    app: gitea
 spec:
   accessModes:
   - ReadWriteOnce
@@ -61,6 +65,7 @@ metadata:
   name: gitea-db
   labels:
     service: gitea-db
+    app: gitea
 spec:
   selector:
     name: gitea-db
diff --git a/kubernetes/gitea-server.yaml b/kubernetes/gitea-server.yaml
index c5deea6..8a48bcd 100644
--- a/kubernetes/gitea-server.yaml
+++ b/kubernetes/gitea-server.yaml
@@ -2,12 +2,15 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: gitea-server
+  labels:
+    app: gitea
 spec:
   replicas: 1
   template:
     metadata:
       labels:
         name: gitea-server
+        app: gitea
     spec:
       initContainers:
         - name: init-config
@@ -54,6 +57,8 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: gitea-server-data
+  labels:
+    app: gitea
 spec:
   accessModes:
   - ReadWriteOnce
@@ -67,6 +72,7 @@ metadata:
   name: gitea-server
   labels:
     name: gitea-server
+    app: gitea
 spec:
   type: LoadBalancer
   # preserves the client source IP
diff --git a/vendor/ark b/vendor/ark
new file mode 160000
index 0000000..0fd7872
--- /dev/null
+++ b/vendor/ark
@@ -0,0 +1 @@
+Subproject commit 0fd7872ef48ce617e561e6e45f8ccb0f11637f58