Astra Control Center requirements
Suggest changes
PDFs
Get started by verifying the readiness of your operational environment, application clusters, applications, licenses, and web browser.
Operational environment requirements
Astra Control Center has been validated on the following types of operational environments:
-
Cisco IKS with Kubernetes 1.22
-
Google Anthos 1.11 or 1.12 (See Google Anthos cluster requirements)
-
Rancher Kubernetes Engine (RKE):
-
RKE 1.3.12 with Rancher 2.6.5 and 2.6.6
-
RKE 1.3.13 with Rancher 2.6.8
-
RKE 2 (v1.23.6+rke2r1) with Rancher 2.6.5 and 2.6.6
-
RKE 2 (v1.24.x) with Rancher 2.6.8
-
-
Red Hat OpenShift Container Platform 4.8 through 4.11
-
Upstream Kubernetes 1.23 to 1.25 (Astra Trident 22.10 or newer required for Kubernetes 1.25)
-
VMware Tanzu Kubernetes Grid: (See VMware Tanzu Kubernetes Grid cluster requirements)
-
VMware Tanzu Kubernetes Grid 1.5
-
VMware Tanzu Kubernetes Grid Integrated Edition 1.13 and 1.14
-
Ensure that the operating environment you choose to host Astra Control Center meets the basic resource requirements outlined in the environment's official documentation. Astra Control Center requires the following resources in addition to the environment's resource requirements:
| Component | Requirement |
|---|---|
CPU extensions |
The CPUs in all nodes of the hosting environment must have AVX extensions enabled. |
Storage backend capacity |
At least 500GB available |
Worker nodes |
At least 3 worker nodes total, with 4 CPU cores and 12GB RAM each |
FQDN address |
An FQDN address for Astra Control Center |
Astra Trident |
Astra Trident 22.01 or newer installed and configured |
|
These requirements assume that Astra Control Center is the only application running in the operational environment. If the environment is running additional applications, adjust these minimum requirements accordingly. |
-
Image registry: You must have an existing private Docker image registry to which you can push Astra Control Center build images. You need to provide the URL of the image registry where you will upload the images.
-
Astra Trident / ONTAP configuration:
-
You need to configure at least one Astra Trident storage class on the cluster. If a default storage class is configured, ensure that it is the only storage class with the default designation.
-
Ensure that the worker nodes in your cluster are configured with the appropriate storage drivers so that the pods can interact with the backend storage. Astra Control Center supports the following ONTAP drivers provided by Astra Trident:
-
ontap-nas
-
ontap-san
-
ontap-san-economy (not supported for app replication)
-
-
Supported storage backends
Astra Control Center supports the following storage backends.
-
NetApp ONTAP 9.5 or newer AFF, FAS, and ASA systems
-
NetApp ONTAP 9.8 or newer AFF, FAS, and ASA systems for SnapMirror-based application replication
-
NetApp ONTAP Select 9.5 or newer
-
NetApp ONTAP Select 9.8 or newer for SnapMirror-based application replication
-
NetApp Cloud Volumes ONTAP 9.5 or newer
To use Astra Control Center, verify that you have the following ONTAP licenses, depending on what you need to accomplish:
-
FlexClone
-
SnapMirror: Optional. Needed only for replication to remote systems using SnapMirror technology. Refer to SnapMirror license information.
-
S3 license: Optional. Needed only for ONTAP S3 buckets
To check whether your ONTAP system has the required licenses, refer to Manage ONTAP licenses.
Access to the internet
You should determine whether you have outside access to the internet. If you do not, some functionality might be limited, such as receiving monitoring and metrics data from NetApp Cloud Insights, or sending support bundles to the NetApp Support Site.
License
Astra Control Center requires an Astra Control Center license for full functionality. Obtain an evaluation license or full license from NetApp. You need a license to protect your applications and data. Refer to Astra Control Center features for details.
You can try Astra Control Center with an evaluation license, which lets you use Astra Control Center for 90 days from the date you download the license. You can sign up for a free trial by registering here.
To set up the license, refer to use a 90-day evaluation license.
To learn more about how licenses work, see Licensing.
For details about licenses needed for ONTAP storage backends, refer to Supported storage backends.
Ingress for on-premises Kubernetes clusters
You can choose the type of network ingress Astra Control Center uses. By default, Astra Control Center deploys the Astra Control Center gateway (service/traefik) as a cluster-wide resource. Astra Control Center also supports using a service load balancer, if they are permitted in your environment. If you would rather use a service load balancer and you don't already have one configured, you can use the MetalLB load balancer to automatically assign an external IP address to the service. In the internal DNS server configuration, you should point the chosen DNS name for Astra Control Center to the load-balanced IP address.
|
|
The load balancer should use an IP address located in the same subnet as the Astra Control Center worker node IP addresses. |
|
|
If you are hosting Astra Control Center on a Tanzu Kubernetes Grid cluster, use the kubectl get nsxlbmonitors -A command to see if you already have a service monitor configured to accept ingress traffic. If one exists, you should not install MetalLB, because the existing service monitor will override any new load balancer configuration.
|
For more information, see Set up ingress for load balancing.
Networking requirements
The operational environment that hosts Astra Control Center communicates using the following TCP ports. You should ensure that these ports are allowed through any firewalls, and configure firewalls to allow any HTTPS egress traffic originating from the Astra network. Some ports require connectivity both ways between the environment hosting Astra Control Center and each managed cluster (noted where applicable).
|
|
You can deploy Astra Control Center in a dual-stack Kubernetes cluster, and Astra Control Center can manage applications and storage backends that have been configured for dual-stack operation. For more information about dual-stack cluster requirements, see the Kubernetes documentation. |
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
Client PC |
Astra Control Center |
443 |
HTTPS |
UI / API access - Ensure this port is open both ways between the cluster hosting Astra Control Center and each managed cluster |
Metrics consumer |
Astra Control Center worker node |
9090 |
HTTPS |
Metrics data communication - ensure each managed cluster can access this port on the cluster hosting Astra Control Center (two-way communication required) |
Astra Control Center |
Hosted Cloud Insights service (https://www.netapp.com/cloud-services/cloud-insights/) |
443 |
HTTPS |
Cloud Insights communication |
Astra Control Center |
Amazon S3 storage bucket provider |
443 |
HTTPS |
Amazon S3 storage communication |
Astra Control Center |
NetApp AutoSupport (https://support.netapp.com) |
443 |
HTTPS |
NetApp AutoSupport communication |
Supported web browsers
Astra Control Center supports recent versions of Firefox, Safari, and Chrome with a minimum resolution of 1280 x 720.
Additional requirements for application clusters
Keep in mind these requirements if you plan to use these Astra Control Center features:
-
Application cluster requirements: Cluster management requirements
-
Managed application requirements: Application management requirements
-
Additional requirements for app replication: Replication prerequisites
-
Google Anthos cluster requirements
When hosting Astra Control Center on a Google Anthos cluster, note that Google Anthos includes the MetalLB load balancer and the Istio ingress gateway service by default, enabling you to simply use the generic ingress capabilities of Astra Control Center during installation. See Configure Astra Control Center for details.
VMware Tanzu Kubernetes Grid cluster requirements
When hosting Astra Control Center on a VMware Tanzu Kubernetes Grid (TKG) or Tanzu Kubernetes Grid Integrated Edition (TKGi) cluster, keep in mind the following considerations.
-
Disable the TKG or TKGi default storage class enforcement on any application clusters intended to be managed by Astra Control. You can do this by editing the
TanzuKubernetesClusterresource on the namespace cluster. -
Be aware of specific requirements for Astra Trident when you deploy Astra Control Center in a TKG or TKGi environment. For more information, see the Astra Trident documentation.
|
|
The default VMware TKG and TKGi configuration file token expires ten hours after deployment. If you use Tanzu portfolio products, you must generate a Tanzu Kubernetes Cluster configuration file with a non-expiring token to prevent connection issues between Astra Control Center and managed application clusters. For instructions, visit the VMware NSX-T Data Center Product Documentation. |
What's next
View the quick start overview.