Astra Control Center requirements

Contributors netapp-mwallis netapp-dbagwell

Get started by verifying support for your Kubernetes clusters, apps, licenses, and web browser.

Kubernetes cluster general requirements

Astra Control Center requires one of the following types of host clusters:

  • Red Hat OpenShift Container Platform 4.6.8, 4.7, or 4.8

  • Rancher 2.5

  • Kubernetes 1.19 to 1.21 (including 1.21.x)

The cluster must meet the following general requirements so you can discover and manage it from Astra Control Center.

  • At least 300GB available in backend ONTAP storage capacity

  • 3 controller nodes with 4 CPU cores, 16GB RAM, and 120GB of available storage each

  • 3 worker nodes with at least 12 CPU cores, 32GB RAM, and 50GB of available storage each

  • Service type "LoadBalancer" available for ingress traffic to be sent to services in the OpenShift cluster

  • A method for pointing the FQDN of Astra Control Center to the load balanced IP address

  • Astra Trident 21.04 or newer installed and configured if NetApp ONTAP version 9.5 or newer will be used as a storage backend

  • Astra Trident 21.10.1 or newer installed and configured if Astra Trident will be used as a storage backend

Note These requirements assume that Astra Control Center is the only application running on the OpenShift cluster. If the cluster is running additional applications, adjust these minimum requirements accordingly.
  • Image registry: You must have an existing private Docker image registry to which you can push Astra Control Center build images. You need to provide the URL of the image registry where you will upload the images.

  • Astra Trident / ONTAP configuration: Astra Control Center requires that a storage class be created and set as the default storage class. Astra Control Center supports the following ONTAP drivers provided by Astra Trident:

    • ontap-nas

    • ontap-nas-flexgroup

    • ontap-san

    • ontap-san-economy

If you are planning to manage the Kubernetes cluster from Astra Control Center as well as use the cluster to host the Astra Control Center installation, the cluster has the following additional requirements:

  • The most recent version of the Kubernetes snapshot-controller component is installed

  • An Astra Trident volumesnapshotclass object has been defined by an administrator

  • A default Kubernetes storage class exists on the cluster

  • At least one storage class is configured to use Astra Trident

  • A method for pointing the FQDN of Astra Control Center to the external IP address of the Astra Control Center service


During app cloning, Astra Control Center needs to allow OpenShift to mount volumes and change the ownership of files if necessary. Because of this, you need to configure an ONTAP volume export policy to allow volume operations to complete successfully. You can do so with the following commands:

export-policy rule modify -vserver <storage virtual machine name> -policyname <policy name> -ruleindex 1 -superuser sysm --anon 65534

Note If you plan to add a second OpenShift cluster as a managed compute resource, you need to ensure that the Astra Trident Volume Snapshot feature is enabled. See the official Astra Trident instructions to enable and test Volume Snapshots with Astra Trident.

App management requirements

Astra Control has the following app management requirements:

  • Licensing: To manage apps using Astra Control Center, you need an Astra Control Center license.

  • Namespaces: Astra Control requires that an app not span more than a single namespace, but a namespace can contain more than one app.

  • StorageClass: If you install an app with a StorageClass explicitly set and you need to clone the app, the target cluster for the clone operation must have the originally specified StorageClass. Cloning an application with an explicitly set StorageClass to a cluster that does not have the same StorageClass will fail.

  • Kubernetes resources: Apps that use Kubernetes resources not collected by Astra Control might not have full app data management capabilities. Astra Control collects the following Kubernetes resources:

    • ClusterRole

    • ClusterRoleBinding

    • ConfigMap

    • CustomResourceDefinition

    • CustomResource

    • DaemonSet

    • Deployment

    • DeploymentConfig

    • Ingress

    • MutatingWebhook

    • PersistentVolumeClaim

    • Pod

    • ReplicaSet

    • RoleBinding

    • Role

    • Route

    • Secret

    • Service

    • ServiceAccount

    • StatefulSet

    • ValidatingWebhook

Supported app installation methods

Astra Control supports the following application installation methods:

  • Manifest file: Astra Control supports apps installed from a manifest file using kubectl. For example:

    kubectl apply -f myapp.yaml
  • Helm 3: If you use Helm to install apps, Astra Control requires Helm version 3. Managing and cloning apps installed with Helm 3 (or upgraded from Helm 2 to Helm 3) are fully supported. Managing apps installed with Helm 2 is not supported.

  • Operator-deployed apps: Astra Control supports apps installed with namespace-scoped operators. The following are some apps that have been validated for this installation model:

Note An operator and the app it installs must use the same namespace; you might need to modify the deployment .yaml file for the operator to ensure this is the case.

Access to the internet

You should determine whether you have outside access to the internet. If you do not, some functionality might be limited, such as receiving monitoring and metrics data from NetApp Cloud Insights, or sending support bundles to the NetApp Support Site.


Astra Control Center requires an Astra Control Center license for full functionality. Obtain an evaluation license or full license from NetApp. Without a license, you will be unable to:

  • Define custom apps

  • Create snapshots or clones of existing apps

  • Configure data protection policies

If you want to try Astra Control Center, you can use a 90-day evaluation license.

Service type "LoadBalancer" for on-premises Kubernetes clusters

Astra Control Center uses a service of the type "LoadBalancer" (svc/traefik in the Astra Control Center namespace), and requires that it be assigned an accessible external IP address. If load balancers are permitted in your environment and you don’t already have one configured, you can use MetalLB to automatically assign an external IP address to the service. In the internal DNS server configuration, you should point the chosen DNS name for Astra Control Center to the load-balanced IP address.

Note MetalLB version 0.11.0 is not supported.

Networking requirements

The cluster that hosts Astra Control Center communicates using the following TCP ports. You should ensure that these ports are allowed through any firewalls, and configure firewalls to allow any HTTPS egress traffic originating from the Astra network. Some ports require connectivity both ways between the cluster hosting Astra Control Center and each managed cluster (noted where applicable).

Product Port Protocol Direction Purpose

Astra Control Center




UI / API access: Ensure this port is open both ways between the cluster hosting Astra Control Center and each managed cluster

Astra Control Center



  • Ingress (to cluster hosting Astra Control Center)

  • Egress (random port from the node IP address of each worker node of each managed cluster)

Metrics data to metrics consumer: Ensure each managed cluster can access this port on the cluster hosting Astra Control Center

Astra Trident




Node pod communication

Astra Trident




Metrics endpoint

Supported web browsers

Astra Control Center supports recent versions of Firefox, Safari, and Chrome with a minimum resolution of 1280 x 720.

What’s next

View the quick start overview.