Release notes
Upgrade Astra Control Center
Suggest changes
PDFs
To upgrade Astra Control Center, download the installation bundle from the NetApp Support Site and complete these instructions. You can use this procedure to upgrade Astra Control Center in internet-connected or air-gapped environments.
-
Before you upgrade, refer to operational environment requirements to ensure your environment still meets the minimum requirements for Astra Control Center deployment. Your environment should have the following:
-
A supported Astra Trident version
To determine the version you are running, run the following command against your existing Astra Control Center:kubectl get tridentversion -n trident
Refer to Astra Trident documentation to upgrade from an older version.
You must upgrade to Astra Trident 22.10 PRIOR to upgrading to Kubernetes 1.25. -
A supported Kubernetes distribution
To determine the version you are running, run the following command against your existing Astra Control Center:kubectl get nodes -o wide -
Sufficient cluster resources
To determine cluster resources, run the following command in your existing Astra Control Center cluster:kubectl describe node <node name> -
A registry you can use to push and upload Astra Control Center images
-
A default storage class
To determine your default storage class, run the following command against your existing Astra Control Center:kubectl get storageclass
-
-
(OpenShift only) Ensure all cluster operators are in a healthy state and available.
kubectl get clusteroperators
-
Ensure all API services are in a healthy state and available.
kubectl get apiservices
-
Log out of your Astra Control Center UI before you begin the upgrade.
The Astra Control Center upgrade process guides you through the following high-level steps:
|
Do not delete the Astra Control Center operator (for example, kubectl delete -f astra_control_center_operator_deploy.yaml) at any time during the Astra Control Center upgrade or operation to avoid deleting pods.
|
|
Perform upgrades in a maintenance window when schedules, backups, and snapshots are not running. |
Download and extract Astra Control Center
-
Go to the Astra Control Center product downloads page on the NetApp Support Site. You can select the latest version or another version you want from the drop-down menu.
-
Download the bundle containing Astra Control Center (
astra-control-center-[version].tar.gz). -
(Recommended but optional) Download the certificates and signatures bundle for Astra Control Center (
astra-control-center-certs-[version].tar.gz) to verify the signature of the bundle:tar -vxzf astra-control-center-certs-[version].tar.gzopenssl dgst -sha256 -verify certs/AstraControlCenter-public.pub -signature certs/astra-control-center-[version].tar.gz.sig astra-control-center-[version].tar.gzThe output will show
Verified OKafter successful verification. -
Extract the images from the Astra Control Center bundle:
tar -vxzf astra-control-center-[version].tar.gz
Remove the NetApp Astra kubectl plugin and install it again
You can use the NetApp Astra kubectl command line plugin to push images to a local Docker repository.
-
Determine if you have the plug-in installed:
kubectl astra
-
Take one of these actions:
-
If the plugin is installed, the command should return the kubectl plugin help. To remove an existing version of kubectl-astra, run this command:
delete /usr/local/bin/kubectl-astra. -
If the command returns an error, the plugin is not installed and you can proceed to the next step to install it.
-
-
Install the plugin:
-
List the available NetApp Astra kubectl plugin binaries, and note the name of the file you need for your operating system and CPU architecture:
The kubectl plugin library is part of the tar bundle and is extracted into the folder kubectl-astra.ls kubectl-astra/ -
Move the correct binary into the current path and rename it to
kubectl-astra:cp kubectl-astra/<binary-name> /usr/local/bin/kubectl-astra
-
Add the images to your local registry
-
Complete the appropriate step sequence for your container engine:
-
Change to the root directory of the tarball. You should see this file and directory:
acc.manifest.bundle.yaml
acc/ -
Push the package images in the Astra Control Center image directory to your local registry. Make the following substitutions before running the
push-imagescommand:-
Replace <BUNDLE_FILE> with the name of the Astra Control bundle file (
acc.manifest.bundle.yaml). -
Replace <MY_FULL_REGISTRY_PATH> with the URL of the Docker repository; for example, "https://<docker-registry>".
-
Replace <MY_REGISTRY_USER> with the user name.
-
Replace <MY_REGISTRY_TOKEN> with an authorized token for the registry.
kubectl astra packages push-images -m <BUNDLE_FILE> -r <MY_FULL_REGISTRY_PATH> -u <MY_REGISTRY_USER> -p <MY_REGISTRY_TOKEN>
-
-
Change to the root directory of the tarball. You should see this file and directory:
acc.manifest.bundle.yaml
acc/ -
Log in to your registry:
podman login <YOUR_REGISTRY> -
Prepare and run one of the following scripts that is customized for the version of Podman you use. Substitute <MY_FULL_REGISTRY_PATH> with the URL of your repository that includes any sub-directories.
Podman 4export REGISTRY=<MY_FULL_REGISTRY_PATH> export PACKAGENAME=acc export PACKAGEVERSION=23.04.2-7 export DIRECTORYNAME=acc for astraImageFile in $(ls ${DIRECTORYNAME}/images/*.tar) ; do astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image: //') astraImageNoPath=$(echo ${astraImage} | sed 's:.*/::') podman tag ${astraImageNoPath} ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath} podman push ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath} donePodman 3export REGISTRY=<MY_FULL_REGISTRY_PATH> export PACKAGENAME=acc export PACKAGEVERSION=23.04.2-7 export DIRECTORYNAME=acc for astraImageFile in $(ls ${DIRECTORYNAME}/images/*.tar) ; do astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image: //') astraImageNoPath=$(echo ${astraImage} | sed 's:.*/::') podman tag ${astraImageNoPath} ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath} podman push ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath} done
The image path the script creates should resemble the following, depending on your registry configuration: https://netappdownloads.jfrog.io/docker-astra-control-prod/netapp/astra/acc/23.04.2-7/image:version
Install the updated Astra Control Center operator
-
Change the directory:
cd manifests
-
Edit the Astra Control Center operator deployment yaml (
astra_control_center_operator_deploy.yaml) to refer to your local registry and secret.vim astra_control_center_operator_deploy.yaml
-
If you use a registry that requires authentication, replace or edit the default line of
imagePullSecrets: []with the following:imagePullSecrets: [{name: astra-registry-cred}] -
Change
[your_registry_path]for thekube-rbac-proxyimage to the registry path where you pushed the images in a previous step. -
Change
[your_registry_path]for theacc-operatorimage to the registry path where you pushed the images in a previous step. -
Add the following values to the
envsection:- name: ACCOP_HELM_UPGRADETIMEOUT value: 300m
apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: acc-operator-controller-manager namespace: netapp-acc-operator spec: replicas: 1 selector: matchLabels: control-plane: controller-manager strategy: type: Recreate template: metadata: labels: control-plane: controller-manager spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 image: [your_registry_path]/kube-rbac-proxy:v4.8.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect env: - name: ACCOP_LOG_LEVEL value: "2" - name: ACCOP_HELM_UPGRADETIMEOUT value: 300m image: [your_registry_path]/acc-operator:23.04.36 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 300m memory: 750Mi requests: cpu: 100m memory: 75Mi securityContext: allowPrivilegeEscalation: false imagePullSecrets: [] securityContext: runAsUser: 65532 terminationGracePeriodSeconds: 10
-
-
Install the updated Astra Control Center operator:
kubectl apply -f astra_control_center_operator_deploy.yaml
Sample response:
namespace/netapp-acc-operator unchanged customresourcedefinition.apiextensions.k8s.io/astracontrolcenters.astra.netapp.io configured role.rbac.authorization.k8s.io/acc-operator-leader-election-role unchanged clusterrole.rbac.authorization.k8s.io/acc-operator-manager-role configured clusterrole.rbac.authorization.k8s.io/acc-operator-metrics-reader unchanged clusterrole.rbac.authorization.k8s.io/acc-operator-proxy-role unchanged rolebinding.rbac.authorization.k8s.io/acc-operator-leader-election-rolebinding unchanged clusterrolebinding.rbac.authorization.k8s.io/acc-operator-manager-rolebinding configured clusterrolebinding.rbac.authorization.k8s.io/acc-operator-proxy-rolebinding unchanged configmap/acc-operator-manager-config unchanged service/acc-operator-controller-manager-metrics-service unchanged deployment.apps/acc-operator-controller-manager configured
-
Verify pods are running:
kubectl get pods -n netapp-acc-operator
Upgrade Astra Control Center
-
Edit the Astra Control Center custom resource (CR):
kubectl edit AstraControlCenter -n [netapp-acc or custom namespace]
-
Change the Astra version number (
astraVersioninside ofspec) to the version you are upgrading to:spec: accountName: "Example" astraVersion: "[Version number]"
-
Verify that your image registry path matches the registry path you pushed the images to in a previous step. Update
imageRegistryinside ofspecif the registry has changed since your last installation.imageRegistry: name: "[your_registry_path]" -
Add the following to your
crdsconfiguration inside ofspec:crds: shouldUpgrade: true
-
Add the following lines within
additionalValuesinside ofspecin the Astra Control Center CR:additionalValues: nautilus: startupProbe: periodSeconds: 30 failureThreshold: 600 -
Save and exit the file editor. The changes will be applied and the upgrade will begin.
-
(Optional) Verify that the pods terminate and become available again:
watch kubectl get pods -n [netapp-acc or custom namespace]
-
Wait for the Astra Control status conditions to indicate that the upgrade is complete and ready (
True):kubectl get AstraControlCenter -n [netapp-acc or custom namespace]
Response:
NAME UUID VERSION ADDRESS READY astra 9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f 23.04.2-7 10.111.111.111 True
To monitor upgrade status during the operation, run the following command: kubectl get AstraControlCenter -o yaml -n [netapp-acc or custom namespace]
To inspect the Astra Control Center operator logs, run the following command:
kubectl logs deploy/acc-operator-controller-manager -n netapp-acc-operator -c manager -f
Verify system status
-
Log in to Astra Control Center.
-
Verify that the version has been upgraded. See the Support page in the UI.
-
Verify that all your managed clusters and apps are still present and protected.