Skip to main content

Upgrade Astra Control Center

Contributors netapp-dbagwell

To upgrade Astra Control Center, download the installation bundle from the NetApp Support Site and complete these instructions. You can use this procedure to upgrade Astra Control Center in internet-connected or air-gapped environments.

These instructions describe the upgrade process for Astra Control Center from the second-most recent release to this current release. You cannot upgrade directly from a version that is two or more releases behind the current release. If your installed Astra Control Center version is many versions behind the latest release, you might need to perform chain upgrades to more recent versions until your installed Astra Control Center is only one version behind the latest release. For a complete list of released versions, see the release notes.

Before you begin

Before you upgrade, ensure your environment still meets the minimum requirements for Astra Control Center deployment. Your environment should have the following:

  • A supported Astra Trident version

    Expand for steps

    Determine the Trident version you are running:

    kubectl get tridentversion -n trident
    Note Upgrade Astra Trident, if required, using these instructions.
Important The 23.10 release is the last release of Astra Control Center that will support Astra Trident. It is strongly recommended that you enable Astra Control Provisioner to access advanced management and storage provisioning features beyond those that Astra Trident provides. You must both upgrade to Astra Control Center 23.10 and enable Astra Control Provisioner to use this extended functionality. Astra Control Provisioner will not work with earlier releases of Astra Control Center.
  • A supported Kubernetes distribution

    Expand for steps

    Determine the Kubernetes version you are running:

    kubectl get nodes -o wide
  • Sufficient cluster resources

    Expand for steps

    Determine available cluster resources:

    kubectl describe node <node name>
  • A registry you can use to push and upload Astra Control Center images

  • A default storage class

    Expand for steps

    Determine your default storage class:

    kubectl get storageclass
  • Healthy and available API services

    Expand for steps

    Ensure all API services are in a healthy state and available:

    kubectl get apiservices
  • (OpenShift only) Healthy and available cluster operators

    Expand for steps

    Ensure all cluster operators are in a healthy state and available.

    kubectl get clusteroperators
  • Access the NetApp Astra Control image registry:
    You have the option to obtain installation images and functionality enhancements for Astra Control, such as Astra Control Provisioner, from the NetApp image registry.

    Expand for steps
    1. Record your Astra Control account ID that you'll need to log in to the registry.

      You can see your account ID in the Astra Control Service web UI. Select the figure icon at the top right of the page, select API access, and write down your account ID.

    2. From the same page, select Generate API token and copy the API token string to the clipboard and save it in your editor.

    3. Log into the Astra Control registry:

      docker login cr.astra.netapp.io -u <account-id> -p <api-token>
About this task

The Astra Control Center upgrade process guides you through the following high-level steps:

Note Log out of your Astra Control Center UI before you begin the upgrade.
Important Do not delete the Astra Control Center operator (for example, kubectl delete -f astra_control_center_operator_deploy.yaml) at any time during the Astra Control Center upgrade or operation to avoid deleting pods.
Tip Perform upgrades in a maintenance window when schedules, backups, and snapshots are not running.

Download and extract Astra Control Center

You can choose to download the Astra Control Center bundle from the NetApp Support Site or use Docker to pull the bundle from the Astra Control Service image registry.

NetApp Support Site
  1. Download the bundle containing Astra Control Center (astra-control-center-[version].tar.gz) from the Astra Control Center downloads page.

  2. (Recommended but optional) Download the certificates and signatures bundle for Astra Control Center (astra-control-center-certs-[version].tar.gz) to verify the signature of the bundle.

    Expand for details
    tar -vxzf astra-control-center-certs-[version].tar.gz
    openssl dgst -sha256 -verify certs/AstraControlCenter-public.pub -signature certs/astra-control-center-[version].tar.gz.sig astra-control-center-[version].tar.gz

    The output will show Verified OK after successful verification.

  3. Extract the images from the Astra Control Center bundle:

    tar -vxzf astra-control-center-[version].tar.gz
Astra Control image registry
  1. Log in to Astra Control Service.

  2. On the Dashboard, select Deploy a self-managed instance of Astra Control.

  3. Follow the instructions to log in to the Astra Control image registry, pull the Astra Control Center installation image, and extract the image.

Remove the NetApp Astra kubectl plugin and install it again

You can use the NetApp Astra kubectl command line plugin to push images to a local Docker repository.

  1. Determine if you have the plug-in installed:

    kubectl astra
  2. Take one of these actions:

    • If the plugin is installed, the command should return the kubectl plugin help and you can remove the existing version of kubectl-astra: delete /usr/local/bin/kubectl-astra.

    • If the command returns an error, the plugin is not installed and you can proceed to the next step to install it.

  3. Install the plugin:

    1. List the available NetApp Astra kubectl plugin binaries, and note the name of the file you need for your operating system and CPU architecture:

      Note The kubectl plugin library is part of the tar bundle and is extracted into the folder kubectl-astra.
      ls kubectl-astra/
    2. Move the correct binary into the current path and rename it to kubectl-astra:

      cp kubectl-astra/<binary-name> /usr/local/bin/kubectl-astra

Add the images to your local registry

  1. Complete the appropriate step sequence for your container engine:

Docker
  1. Change to the root directory of the tarball. You should see the acc.manifest.bundle.yaml file and these directories:

    acc/
    kubectl-astra/
    acc.manifest.bundle.yaml

  2. Push the package images in the Astra Control Center image directory to your local registry. Make the following substitutions before running the push-images command:

    • Replace <BUNDLE_FILE> with the name of the Astra Control bundle file (acc.manifest.bundle.yaml).

    • Replace <MY_FULL_REGISTRY_PATH> with the URL of the Docker repository; for example, "https://<docker-registry>".

    • Replace <MY_REGISTRY_USER> with the user name.

    • Replace <MY_REGISTRY_TOKEN> with an authorized token for the registry.

      kubectl astra packages push-images -m <BUNDLE_FILE> -r <MY_FULL_REGISTRY_PATH> -u <MY_REGISTRY_USER> -p <MY_REGISTRY_TOKEN>
Podman
  1. Change to the root directory of the tarball. You should see this file and directory:

    acc/
    kubectl-astra/
    acc.manifest.bundle.yaml

  2. Log in to your registry:

    podman login <YOUR_REGISTRY>
  3. Prepare and run one of the following scripts that is customized for the version of Podman you use. Substitute <MY_FULL_REGISTRY_PATH> with the URL of your repository that includes any sub-directories.

    Podman 4
    export REGISTRY=<MY_FULL_REGISTRY_PATH>
    export PACKAGENAME=acc
    export PACKAGEVERSION=23.10.0-68
    export DIRECTORYNAME=acc
    for astraImageFile in $(ls ${DIRECTORYNAME}/images/*.tar) ; do
    astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image: //')
    astraImageNoPath=$(echo ${astraImage} | sed 's:.*/::')
    podman tag ${astraImageNoPath} ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
    podman push ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
    done
    Podman 3
    export REGISTRY=<MY_FULL_REGISTRY_PATH>
    export PACKAGENAME=acc
    export PACKAGEVERSION=23.10.0-68
    export DIRECTORYNAME=acc
    for astraImageFile in $(ls ${DIRECTORYNAME}/images/*.tar) ; do
    astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image: //')
    astraImageNoPath=$(echo ${astraImage} | sed 's:.*/::')
    podman tag ${astraImageNoPath} ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
    podman push ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
    done
    Note The image path the script creates should resemble the following, depending on your registry configuration:
    https://downloads.example.io/docker-astra-control-prod/netapp/astra/acc/23.10.0-68/image:version

Install the updated Astra Control Center operator

  1. Change the directory:

    cd manifests
  2. Edit the Astra Control Center operator deployment yaml (astra_control_center_operator_deploy.yaml) to refer to your local registry and secret.

    vim astra_control_center_operator_deploy.yaml
    1. If you use a registry that requires authentication, replace or edit the default line of imagePullSecrets: [] with the following:

      imagePullSecrets: [{name: astra-registry-cred}]
    2. Change ASTRA_IMAGE_REGISTRY for the kube-rbac-proxy image to the registry path where you pushed the images in a previous step.

    3. Change ASTRA_IMAGE_REGISTRY for the acc-operator image to the registry path where you pushed the images in a previous step.

    4. Add the following values to the env section:

      - name: ACCOP_HELM_UPGRADETIMEOUT
        value: 300m
    Sample astra_control_center_operator_deploy.yaml:
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        control-plane: controller-manager
      name: acc-operator-controller-manager
      namespace: netapp-acc-operator
    spec:
      replicas: 1
      selector:
        matchLabels:
          control-plane: controller-manager
      strategy:
        type: Recreate
      template:
        metadata:
          labels:
            control-plane: controller-manager
        spec:
          containers:
          - args:
            - --secure-listen-address=0.0.0.0:8443
            - --upstream=http://127.0.0.1:8080/
            - --logtostderr=true
            - --v=10
            image: ASTRA_IMAGE_REGISTRY/kube-rbac-proxy:v4.8.0
            name: kube-rbac-proxy
            ports:
            - containerPort: 8443
              name: https
          - args:
            - --health-probe-bind-address=:8081
            - --metrics-bind-address=127.0.0.1:8080
            - --leader-elect
            env:
            - name: ACCOP_LOG_LEVEL
              value: "2"
            - name: ACCOP_HELM_UPGRADETIMEOUT
              value: 300m
            image: ASTRA_IMAGE_REGISTRY/acc-operator:23.10.72
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
                path: /healthz
                port: 8081
              initialDelaySeconds: 15
              periodSeconds: 20
            name: manager
            readinessProbe:
              httpGet:
                path: /readyz
                port: 8081
              initialDelaySeconds: 5
              periodSeconds: 10
            resources:
              limits:
                cpu: 300m
                memory: 750Mi
              requests:
                cpu: 100m
                memory: 75Mi
            securityContext:
              allowPrivilegeEscalation: false
          imagePullSecrets: []
          securityContext:
            runAsUser: 65532
          terminationGracePeriodSeconds: 10
  3. Install the updated Astra Control Center operator:

    kubectl apply -f astra_control_center_operator_deploy.yaml
    Sample response:
    namespace/netapp-acc-operator unchanged
    customresourcedefinition.apiextensions.k8s.io/astracontrolcenters.astra.netapp.io configured
    role.rbac.authorization.k8s.io/acc-operator-leader-election-role unchanged
    clusterrole.rbac.authorization.k8s.io/acc-operator-manager-role configured
    clusterrole.rbac.authorization.k8s.io/acc-operator-metrics-reader unchanged
    clusterrole.rbac.authorization.k8s.io/acc-operator-proxy-role unchanged
    rolebinding.rbac.authorization.k8s.io/acc-operator-leader-election-rolebinding unchanged
    clusterrolebinding.rbac.authorization.k8s.io/acc-operator-manager-rolebinding configured
    clusterrolebinding.rbac.authorization.k8s.io/acc-operator-proxy-rolebinding unchanged
    configmap/acc-operator-manager-config unchanged
    service/acc-operator-controller-manager-metrics-service unchanged
    deployment.apps/acc-operator-controller-manager configured
  4. Verify pods are running:

    kubectl get pods -n netapp-acc-operator

Upgrade Astra Control Center

  1. Edit the Astra Control Center custom resource (CR):

    kubectl edit AstraControlCenter -n [netapp-acc or custom namespace]
  2. Change the Astra version number (astraVersion inside of spec) to the version you are upgrading to:

    spec:
      accountName: "Example"
      astraVersion: "[Version number]"
  3. Verify that your image registry path matches the registry path you pushed the images to in a previous step. Update imageRegistry inside of spec if the registry has changed since your last installation.

      imageRegistry:
        name: "[your_registry_path]"
  4. Add the following to your crds configuration inside of spec:

    crds:
      shouldUpgrade: true
  5. Add the following lines within additionalValues inside of spec in the Astra Control Center CR:

    additionalValues:
        nautilus:
          startupProbe:
            periodSeconds: 30
            failureThreshold: 600
        keycloak-operator:
          livenessProbe:
            initialDelaySeconds: 180
          readinessProbe:
            initialDelaySeconds: 180
  6. Save and exit the file editor. The changes will be applied and the upgrade will begin.

  7. (Optional) Verify that the pods terminate and become available again:

    watch kubectl get pods -n [netapp-acc or custom namespace]
  8. Wait for the Astra Control status conditions to indicate that the upgrade is complete and ready (True):

    kubectl get AstraControlCenter -n [netapp-acc or custom namespace]

    Response:

    NAME    UUID                                      VERSION     ADDRESS         READY
    astra   9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f      23.10.0-68   10.111.111.111  True
    Note To monitor upgrade status during the operation, run the following command: kubectl get AstraControlCenter -o yaml -n [netapp-acc or custom namespace]
    Note To inspect the Astra Control Center operator logs, run the following command:
    kubectl logs deploy/acc-operator-controller-manager -n netapp-acc-operator -c manager -f

Verify system status

  1. Log in to Astra Control Center.

  2. Verify that the version has been upgraded. See the Support page in the UI.

  3. Verify that all your managed clusters and apps are still present and protected.