diff --git a/authentik/admin/api/system.py b/authentik/admin/api/system.py
index 42cbe7c5e..f531825fe 100644
--- a/authentik/admin/api/system.py
+++ b/authentik/admin/api/system.py
@@ -8,6 +8,7 @@ from typing import TypedDict
 from django.utils.timezone import now
 from drf_spectacular.utils import extend_schema
 from gunicorn import version_info as gunicorn_version
+from kubernetes.config.incluster_config import SERVICE_HOST_ENV_NAME
 from rest_framework.fields import SerializerMethodField
 from rest_framework.permissions import IsAdminUser
 from rest_framework.request import Request
@@ -61,7 +62,7 @@ class SystemSerializer(PassiveSerializer):
             "python_version": python_version,
             "gunicorn_version": ".".join(str(x) for x in gunicorn_version),
             "environment": "kubernetes"
-            if "KUBERNETES_PORT" in os.environ
+            if SERVICE_HOST_ENV_NAME in os.environ
             else "compose",
             "architecture": platform.machine(),
             "platform": platform.platform(),
diff --git a/authentik/api/v2/config.py b/authentik/api/v2/config.py
index fe291fe9d..0641d41f7 100644
--- a/authentik/api/v2/config.py
+++ b/authentik/api/v2/config.py
@@ -1,9 +1,10 @@
 """core Configs API"""
-from os import path
+from os import environ, path
 
 from django.conf import settings
 from django.db import models
 from drf_spectacular.utils import extend_schema
+from kubernetes.config.incluster_config import SERVICE_HOST_ENV_NAME
 from rest_framework.fields import BooleanField, CharField, ChoiceField, ListField
 from rest_framework.permissions import AllowAny
 from rest_framework.request import Request
@@ -20,6 +21,7 @@ class Capabilities(models.TextChoices):
 
     CAN_SAVE_MEDIA = "can_save_media"
     CAN_GEO_IP = "can_geo_ip"
+    CAN_BACKUP = "can_backup"
 
 
 class ConfigSerializer(PassiveSerializer):
@@ -45,6 +47,13 @@ class ConfigView(APIView):
             caps.append(Capabilities.CAN_SAVE_MEDIA)
         if GEOIP_READER.enabled:
             caps.append(Capabilities.CAN_GEO_IP)
+        if SERVICE_HOST_ENV_NAME in environ:
+            # Running in k8s, only s3 backup is supported
+            if CONFIG.y("postgresql.s3_backup"):
+                caps.append(Capabilities.CAN_BACKUP)
+        else:
+            # Running in compose, backup is always supported
+            caps.append(Capabilities.CAN_BACKUP)
         return caps
 
     @extend_schema(responses={200: ConfigSerializer(many=False)})
diff --git a/schema.yml b/schema.yml
index b329a4eef..4600f7a56 100644
--- a/schema.yml
+++ b/schema.yml
@@ -16203,6 +16203,7 @@ components:
       enum:
       - can_save_media
       - can_geo_ip
+      - can_backup
       type: string
     CaptchaChallenge:
       type: object