Skip to main content

Upgrade Astra Control Center

Contributors netapp-dbagwell

To upgrade Astra Control Center, download the installation images and complete these instructions. You can use this procedure to upgrade Astra Control Center in internet-connected or air-gapped environments.

These instructions describe the upgrade process for Astra Control Center from the second-most recent release to this current release. You cannot upgrade directly from a version that is two or more releases behind the current release. If your installed Astra Control Center version is many versions behind the latest release, you might need to perform chain upgrades to more recent versions until your installed Astra Control Center is only one version behind the latest release. For a complete list of released versions, see the release notes.

Before you begin

Before you upgrade, ensure your environment still meets the minimum requirements for Astra Control Center deployment. Your environment should have the following:

  • An enabled Astra Control Provisioner with Astra Trident running

    1. Determine the Astra Trident version you are running:

      kubectl get tridentversion -n trident
      Note If you are running Astra Trident 23.01 or earlier, use these instructions to upgrade to a more recent version of Astra Trident before upgrading to the Astra Control Provisioner. You can perform a direct upgrade to Astra Control Provisioner 24.02 if your Astra Trident is within a four-release window of version 24.02. For example, you can directly upgrade from Astra Trident 23.04 to Astra Control Provisioner 24.02.
    2. Verify that Astra Control Provisioner has been enabled. Astra Control Provisioner will not work with releases of Astra Control Center earlier than 23.10. Upgrade your Astra Control Provisioner so that it has the same version as the Astra Control Center you are upgrading to access the latest functionality.

  • A supported Kubernetes distribution

    Determine the Kubernetes version you are running:

    kubectl get nodes -o wide
  • Sufficient cluster resources

    Determine available cluster resources:

    kubectl describe node <node name>
  • A default storage class

    Determine your default storage class:

    kubectl get storageclass
  • Healthy and available API services

    Ensure all API services are in a healthy state and available:

    kubectl get apiservices
  • (Local registries only) A local registry you can use to push and upload Astra Control Center images

  • (OpenShift only) Healthy and available cluster operators

    Ensure all cluster operators are in a healthy state and available.

    kubectl get clusteroperators

You should also consider the following:

Tip Perform upgrades in a maintenance window when schedules, backups, and snapshots are not running.
  • Access to the NetApp Astra Control image registry:
    You have the option to obtain installation images and functionality enhancements for Astra Control, such as Astra Control Provisioner, from the NetApp image registry.

    1. Record your Astra Control account ID that you'll need to log in to the registry.

      You can see your account ID in the Astra Control Service web UI. Select the figure icon at the top right of the page, select API access, and write down your account ID.

    2. From the same page, select Generate API token and copy the API token string to the clipboard and save it in your editor.

    3. Log into the Astra Control registry:

      docker login cr.astra.netapp.io -u <account-id> -p <api-token>
  • Istio service mesh deployments
    If you installed an Istio service mesh during Astra Control Center installation, this upgrade of Astra Control Center will include Istio service mesh. If you do not yet have a service mesh, you can only install one during an initial deployment of Astra Control Center.

About this task

The Astra Control Center upgrade process guides you through the following high-level steps:

Note Log out of your Astra Control Center UI before you begin the upgrade.
Important Do not delete the Astra Control Center operator (for example, kubectl delete -f astra_control_center_operator_deploy.yaml) at any time during the Astra Control Center upgrade or operation to avoid deleting pods.

Download and extract Astra Control Center

Download the Astra Control Center images from one of the following locations:

  • Astra Control Service image registry: Use this option if you don't use a local registry with the Astra Control Center images or if you prefer this method to the bundle download from the NetApp Support Site.

  • NetApp Support Site: Use this option if you use a local registry with the Astra Control Center images.

Astra Control image registry
  1. Log in to Astra Control Service.

  2. On the Dashboard, select Deploy a self-managed instance of Astra Control.

  3. Follow the instructions to log in to the Astra Control image registry, pull the Astra Control Center installation image, and extract the image.

NetApp Support Site
  1. Download the bundle containing Astra Control Center (astra-control-center-[version].tar.gz) from the Astra Control Center downloads page.

  2. (Recommended but optional) Download the certificates and signatures bundle for Astra Control Center (astra-control-center-certs-[version].tar.gz) to verify the signature of the bundle.

    tar -vxzf astra-control-center-certs-[version].tar.gz
    openssl dgst -sha256 -verify certs/AstraControlCenter-public.pub -signature certs/astra-control-center-[version].tar.gz.sig astra-control-center-[version].tar.gz

    The output will show Verified OK after successful verification.

  3. Extract the images from the Astra Control Center bundle:

    tar -vxzf astra-control-center-[version].tar.gz

Complete additional steps if you use a local registry

If you are planning to push the Astra Control Center bundle to your local registry, you need to use the NetApp Astra kubectl command line plugin.

Remove the NetApp Astra kubectl plugin and install it again

You need to use the latest version of the NetApp Astra kubectl command line plugin to push images to a local Docker repository.

  1. Determine if you have the plug-in installed:

    kubectl astra
  2. Take one of these actions:

    • If the plugin is installed, the command should return the kubectl plugin help and you can remove the existing version of kubectl-astra: delete /usr/local/bin/kubectl-astra.

    • If the command returns an error, the plugin is not installed and you can proceed to the next step to install it.

  3. Install the plugin:

    1. List the available NetApp Astra kubectl plugin binaries, and note the name of the file you need for your operating system and CPU architecture:

      Note The kubectl plugin library is part of the tar bundle and is extracted into the folder kubectl-astra.
      ls kubectl-astra/
    2. Move the correct binary into the current path and rename it to kubectl-astra:

      cp kubectl-astra/<binary-name> /usr/local/bin/kubectl-astra

Add the images to your registry

  1. If you are planning to push the Astra Control Center bundle to your local registry, complete the appropriate step sequence for your container engine:

    Docker
    1. Change to the root directory of the tarball. You should see the acc.manifest.bundle.yaml file and these directories:

      acc/
      kubectl-astra/
      acc.manifest.bundle.yaml

    2. Push the package images in the Astra Control Center image directory to your local registry. Make the following substitutions before running the push-images command:

      • Replace <BUNDLE_FILE> with the name of the Astra Control bundle file (acc.manifest.bundle.yaml).

      • Replace <MY_FULL_REGISTRY_PATH> with the URL of the Docker repository; for example, "https://<docker-registry>".

      • Replace <MY_REGISTRY_USER> with the user name.

      • Replace <MY_REGISTRY_TOKEN> with an authorized token for the registry.

        kubectl astra packages push-images -m <BUNDLE_FILE> -r <MY_FULL_REGISTRY_PATH> -u <MY_REGISTRY_USER> -p <MY_REGISTRY_TOKEN>
    Podman
    1. Change to the root directory of the tarball. You should see this file and directory:

      acc/
      kubectl-astra/
      acc.manifest.bundle.yaml

    2. Log in to your registry:

      podman login <YOUR_REGISTRY>
    3. Prepare and run one of the following scripts that is customized for the version of Podman you use. Substitute <MY_FULL_REGISTRY_PATH> with the URL of your repository that includes any sub-directories.

      Podman 4
      export REGISTRY=<MY_FULL_REGISTRY_PATH>
      export PACKAGENAME=acc
      export PACKAGEVERSION=24.02.0-69
      export DIRECTORYNAME=acc
      for astraImageFile in $(ls ${DIRECTORYNAME}/images/*.tar) ; do
      astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image: //')
      astraImageNoPath=$(echo ${astraImage} | sed 's:.*/::')
      podman tag ${astraImageNoPath} ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
      podman push ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
      done
      Podman 3
      export REGISTRY=<MY_FULL_REGISTRY_PATH>
      export PACKAGENAME=acc
      export PACKAGEVERSION=24.02.0-69
      export DIRECTORYNAME=acc
      for astraImageFile in $(ls ${DIRECTORYNAME}/images/*.tar) ; do
      astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image: //')
      astraImageNoPath=$(echo ${astraImage} | sed 's:.*/::')
      podman tag ${astraImageNoPath} ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
      podman push ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
      done
      Note The image path the script creates should resemble the following, depending on your registry configuration:
      https://downloads.example.io/docker-astra-control-prod/netapp/astra/acc/24.02.0-69/image:version
  2. Change the directory:

    cd manifests

Install the updated Astra Control Center operator

  1. (Local registries only) If you are using a local registry, complete these steps:

    1. Open the Astra Control Center operator deployment YAML:

      vim astra_control_center_operator_deploy.yaml
      Note An annotated sample YAML follows these steps.
    2. If you use a registry that requires authentication, replace or edit the default line of imagePullSecrets: [] with the following:

      imagePullSecrets: [{name: astra-registry-cred}]
    3. Change ASTRA_IMAGE_REGISTRY for the kube-rbac-proxy image to the registry path where you pushed the images in a previous step.

    4. Change ASTRA_IMAGE_REGISTRY for the acc-operator image to the registry path where you pushed the images in a previous step.

    5. Add the following values to the env section:

      - name: ACCOP_HELM_UPGRADETIMEOUT
        value: 300m
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        control-plane: controller-manager
      name: acc-operator-controller-manager
      namespace: netapp-acc-operator
    spec:
      replicas: 1
      selector:
        matchLabels:
          control-plane: controller-manager
      strategy:
        type: Recreate
      template:
        metadata:
          labels:
            control-plane: controller-manager
        spec:
          containers:
          - args:
            - --secure-listen-address=0.0.0.0:8443
            - --upstream=http://127.0.0.1:8080/
            - --logtostderr=true
            - --v=10
            image: ASTRA_IMAGE_REGISTRY/kube-rbac-proxy:v4.8.0
            name: kube-rbac-proxy
            ports:
            - containerPort: 8443
              name: https
          - args:
            - --health-probe-bind-address=:8081
            - --metrics-bind-address=127.0.0.1:8080
            - --leader-elect
            env:
            - name: ACCOP_LOG_LEVEL
              value: "2"
            - name: ACCOP_HELM_UPGRADETIMEOUT
              value: 300m
            image: ASTRA_IMAGE_REGISTRY/acc-operator:24.02.68
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
                path: /healthz
                port: 8081
              initialDelaySeconds: 15
              periodSeconds: 20
            name: manager
            readinessProbe:
              httpGet:
                path: /readyz
                port: 8081
              initialDelaySeconds: 5
              periodSeconds: 10
            resources:
              limits:
                cpu: 300m
                memory: 750Mi
              requests:
                cpu: 100m
                memory: 75Mi
            securityContext:
              allowPrivilegeEscalation: false
          imagePullSecrets: []
          securityContext:
            runAsUser: 65532
          terminationGracePeriodSeconds: 10
  2. Install the updated Astra Control Center operator:

    kubectl apply -f astra_control_center_operator_deploy.yaml
    Sample response:
    namespace/netapp-acc-operator unchanged
    customresourcedefinition.apiextensions.k8s.io/astracontrolcenters.astra.netapp.io configured
    role.rbac.authorization.k8s.io/acc-operator-leader-election-role unchanged
    clusterrole.rbac.authorization.k8s.io/acc-operator-manager-role configured
    clusterrole.rbac.authorization.k8s.io/acc-operator-metrics-reader unchanged
    clusterrole.rbac.authorization.k8s.io/acc-operator-proxy-role unchanged
    rolebinding.rbac.authorization.k8s.io/acc-operator-leader-election-rolebinding unchanged
    clusterrolebinding.rbac.authorization.k8s.io/acc-operator-manager-rolebinding configured
    clusterrolebinding.rbac.authorization.k8s.io/acc-operator-proxy-rolebinding unchanged
    configmap/acc-operator-manager-config unchanged
    service/acc-operator-controller-manager-metrics-service unchanged
    deployment.apps/acc-operator-controller-manager configured
  3. Verify pods are running:

    kubectl get pods -n netapp-acc-operator

Upgrade Astra Control Center

  1. Edit the Astra Control Center custom resource (CR):

    kubectl edit AstraControlCenter -n [netapp-acc or custom namespace]
    Note An annotated sample YAML follows these steps.
  2. Change the Astra version number (astraVersion inside of spec) from 23.10.0 to 24.02.0:

    Note You cannot upgrade directly from a version that is two or more releases behind the current release. For a complete list of released versions, see the release notes.
    spec:
      accountName: "Example"
      astraVersion: "[Version number]"
  3. Change the image registry:

    • (Local registries only) If you are using a local registry, verify that your image registry path matches the registry path you pushed the images to in a previous step. Update imageRegistry inside of spec if the local registry has changed since your last installation.

    • (Astra Control image registry) Use the Astra Control image registry (cr.astra.netapp.io) you used to download the updated Astra Control bundle.

        imageRegistry:
          name: "[cr.astra.netapp.io or your_registry_path]"
  4. Add the following to your crds configuration inside of spec:

    crds:
      shouldUpgrade: true
  5. Add the following lines within additionalValues inside of spec in the Astra Control Center CR:

    additionalValues:
        nautilus:
          startupProbe:
            periodSeconds: 30
            failureThreshold: 600
        keycloak-operator:
          livenessProbe:
            initialDelaySeconds: 180
          readinessProbe:
            initialDelaySeconds: 180
  6. Save and exit the file editor. The changes will be applied and the upgrade will begin.

  7. (Optional) Verify that the pods terminate and become available again:

    watch kubectl get pods -n [netapp-acc or custom namespace]
  8. Wait for the Astra Control status conditions to indicate that the upgrade is complete and ready (True):

    kubectl get AstraControlCenter -n [netapp-acc or custom namespace]

    Response:

    NAME    UUID                                      VERSION     ADDRESS         READY
    astra   9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f      24.02.0-69   10.111.111.111  True
    Note To monitor upgrade status during the operation, run the following command: kubectl get AstraControlCenter -o yaml -n [netapp-acc or custom namespace]
    Note To inspect the Astra Control Center operator logs, run the following command:
    kubectl logs deploy/acc-operator-controller-manager -n netapp-acc-operator -c manager -f

Verify system status

  1. Log in to Astra Control Center.

  2. Verify that the version has been upgraded. See the Support page in the UI.

  3. Verify that all your managed clusters and apps are still present and protected.