Known limitations
Known limitations identify platforms, devices, or functions that are not supported by this release of the product, or that do not interoperate correctly with it. Review these limitations carefully.
-
Multiple applications in a single namespace cannot be restored collectively to a different namespace
-
Astra Control does not support apps that use multiple storage classes per namespace
-
Astra Control does not automatically assign default buckets for cloud instances
-
Clones of apps installed using pass-by-reference operators can fail
-
In-place restore operations of apps that use a certificate manager are not supported
-
OLM-enabled and cluster-scoped operator deployed apps not supported
-
Snapshots might fail for Kubernetes 1.25 or later clusters with certain snapshot controller versions
-
Backups and snapshots might not be retained during removal of an Astra Control Center instance
-
In-place restore operations to ontap-nas-economy storage classes fail
The same cluster cannot be managed by two Astra Control Center instances
If you want to manage a cluster on another Astra Control Center instance, you should first unmanage the cluster from the instance on which it is managed before you manage it on another instance. After you remove the cluster from management, verify that the cluster is unmanaged by executing this command:
oc get pods n -netapp-monitoring
There should be no pods running in that namespace or the namespace should not exist. If either of those are true, the cluster is unmanaged.
Astra Control Center cannot manage two identically named clusters
If you try to add a cluster with the same name of a cluster that already exists, the operation will fail. This issue most often occurs in a standard Kubernetes environment if you have not changed the cluster name default in Kubernetes configuration files.
As a workaround, do the following:
-
Edit your
kubeadm-config
ConfigMap:kubectl edit configmaps -n kube-system kubeadm-config
-
Change the
clusterName
field value fromkubernetes
(the Kubernetes default name) to a unique custom name. -
Edit kubeconfig (
.kube/config
). -
Update cluster name from
kubernetes
to a unique custom name (xyz-cluster
is used in the examples below). Make the update in bothclusters
andcontexts
sections as shown in this example:apiVersion: v1 clusters: - cluster: certificate-authority-data: ExAmPLERb2tCcjZ5K3E2Njk4eQotLExAMpLEORCBDRVJUSUZJQ0FURS0txxxxXX== server: https://x.x.x.x:6443 name: xyz-cluster contexts: - context: cluster: xyz-cluster namespace: default user: kubernetes-admin name: kubernetes-admin@kubernetes current-context: kubernetes-admin@kubernetes
A user with namespace RBAC constraints can add and unmanage a cluster
A user with namespace RBAC constraints should not be allowed to add or unmanage clusters. Due to a current limitation, Astra does not prevent such users from unmanaging clusters.
A member with namespace constraints cannot access the cloned or restored apps until admin adds the namespace to the constraint
Any member
user with RBAC constraints by namespace name/ID can clone or restore an app to a new namespace on the same cluster or to any other cluster in their organization's account. However, the same user cannot access the cloned or restored app in the new namespace. After a clone or restore operation creates a new namespace, the account admin/owner can edit the member
user account and update role constraints for the affected user to grant access to the new namespace.
Restrictive role constraints can be ignored for resources on non-connector clusters
-
If the resources being accessed belong to clusters that have the latest Astra Connector installed: When a user is assigned multiple roles through LDAP group membership, the constraints from the roles are combined. For example, if a user with a local Viewer role joins three groups that are bound to the Member role, the user now has Viewer role access to the original resources as well as Member role access to the resources gained through group membership.
-
If the resources being accessed belong to clusters that do not have Astra Connector installed: When a user is assigned multiple roles through LDAP group membership, the constraints from the most permissive role are the only ones that take effect.
Multiple applications in a single namespace cannot be restored collectively to a different namespace
If you manage multiple applications in a single namespace (by creating multiple app definitions in Astra Control), you cannot restore all of the applications to a different single namespace. You need to restore each application to its own separate namespace.
Astra Control does not support apps that use multiple storage classes per namespace
Astra Control supports apps that use a single storage class per namespace. When you add an app to a namespace, be sure the app has the same storage class as other apps in the namespace.
Astra Control does not automatically assign default buckets for cloud instances
Astra Control does not automatically assign a default bucket for any cloud instance. You need to manually set a default bucket for a cloud instance. If a default bucket is not set, you won't be able to perform app clone operations between two clusters.
Clones of apps installed using pass-by-reference operators can fail
Astra Control supports apps installed with namespace-scoped operators. These operators are generally designed with a "pass-by-value" rather than "pass-by-reference" architecture. The following are some operator apps that follow these patterns:
-
For K8ssandra, in-place restore operations are supported. A restore operation to a new namespace or cluster requires that the original instance of the application to be taken down. This is to ensure that the peer group information carried over does not lead to cross-instance communication. Cloning of the app is not supported.
Astra Control might not be able to clone an operator that is designed with a “pass-by-reference” architecture (for example, the CockroachDB operator). During these types of cloning operations, the cloned operator attempts to reference Kubernetes secrets from the source operator despite having its own new secret as part of the cloning process. The clone operation might fail because Astra Control is unaware of the Kubernetes secrets in the source operator.
During clone operations, apps that need an IngressClass resource or webhooks to function properly must not have those resources already defined on the destination cluster. |
In-place restore operations of apps that use a certificate manager are not supported
This release of Astra Control Center does not support in-place restore of apps with certificate managers. Restore operations to a different namespace and clone operations are supported.
OLM-enabled and cluster-scoped operator deployed apps not supported
Astra Control Center does not support application management activities with cluster-scoped operators.
Apps deployed with Helm 2 are not supported
If you use Helm to deploy apps, Astra Control Center requires Helm version 3. Managing and cloning apps deployed with Helm 3 (or upgraded from Helm 2 to Helm 3) is fully supported. For more information, refer to Astra Control Center requirements.
Snapshots might fail for Kubernetes 1.25 or later clusters with certain snapshot controller versions
Snapshots for Kubernetes clusters running version 1.25 or later can fail if version v1beta1 of the snapshot controller APIs are installed on the cluster.
As a workaround, do the following when upgrading existing Kubernetes 1.25 or later installations:
-
Remove any existing Snapshot CRDs and any existing snapshot controller.
Backups and snapshots might not be retained during removal of an Astra Control Center instance
If you have an evaluation license, be sure you store your account ID to avoid data loss in the event of Astra Control Center failure if you are not sending ASUPs.
In-place restore operations to ontap-nas-economy storage classes fail
If you perform an in-place restore of an application (restore the app to its original namespace), and the app's storage class uses the ontap-nas-economy
driver, the restore operation can fail if the snapshot directory is not hidden. Before restoring in-place, follow the instructions in Enable backup and restore for ontap-nas-economy operations to hide the snapshot directory.
LDAP user and group limitations
Astra Control Center supports up to 5,000 remote groups and 10,000 remote users.
Astra Control does not support an LDAP entity (user or group) that has a DN containing an RDN with a trailing '\' or trailing space.
S3 buckets in Astra Control Center do not report available capacity
Before backing up or cloning apps managed by Astra Control Center, check bucket information in the ONTAP or StorageGRID management system.
Astra Control Center does not validate the details you enter for your proxy server
Ensure that you enter the correct values when establishing a connection.
Existing connections to a Postgres pod causes failures
When you perform operations on Postgres pods, you shouldn't connect directly within the pod to use the psql command. Astra Control requires psql access to freeze and thaw the databases. If there is a pre-existing connection, the snapshot, backup, or clone will fail.
The Activity page displays up to 100000 events
The Astra Control Activity page can display up to 100,000 events. To view all logged events, retrieve the events using the Astra Control API.
SnapMirror does not support applications using NVMe over TCP for storage backends
Astra Control Center does not support NetApp SnapMirror replication for storage backends that are using the NVMe over TCP protocol.