Upgrade Astra Control Center

Contributors netapp-dbagwell amgrissino netapp-mwallis

To upgrade Astra Control Center, download the installation bundle from the NetApp Support Site and complete these instructions. You can use this procedure to upgrade Astra Control Center in internet-connected or air-gapped environments.

What you’ll need
  • Before you upgrade, refer to Operational environment requirements to ensure your environment still meets the minimum requirements for Astra Control Center deployment. Your environment should have the following:

    • A supported Astra Trident version
      To determine the version you are running, run the following command against your existing Astra Control Center:

      kubectl get tridentversion -n trident

      Refer to Astra Trident documentation to upgrade from an older version.

      Warning You must upgrade to Astra Trident 22.10 PRIOR to upgrading to Kubernetes 1.25.
    • A supported Kubernetes distribution
      To determine the version you are running, run the following command against your existing Astra Control Center: kubectl get nodes -o wide

    • Sufficient cluster resources
      To determine cluster resources, run the following command in your existing Astra Control Center cluster: kubectl describe node <node name>

    • A registry you can use to push and upload Astra Control Center images

    • A default storage class
      To determine your default storage class, run the following command against your existing Astra Control Center: kubectl get storageclass

  • (OpenShift only) Ensure all cluster operators are in a healthy state and available.

    kubectl get clusteroperators
  • Ensure all API services are in a healthy state and available.

    kubectl get apiservices
  • Log out of your Astra Control Center UI before you begin the upgrade.

About this task

The Astra Control Center upgrade process guides you through the following high-level steps:

Important Do not delete the Astra Control Center operator (for example, kubectl delete -f astra_control_center_operator_deploy.yaml) at any time during the Astra Control Center upgrade or operation to avoid deleting pods.
Tip Perform upgrades in a maintenance window when schedules, backups, and snapshots are not running.

Download the Astra Control Center bundle

  1. Download the Astra Control Center bundle from the NetApp Support Site. The file name is similar to the following: astra-control-center-[version].tar.gz.

  2. (Optional) Verify the signature of the bundle:

    openssl dgst -sha256 -verify AstraControlCenter-public.pub -signature astra-control-center-[version].tar.gz.sig astra-control-center-[version].tar.gz

Unpack the bundle

  1. Extract the images:

    tar -vxzf astra-control-center-[version].tar.gz

Verify that you have the NetApp Astra kubectl plugin installed

The NetApp Astra kubectl command line plugin saves time when performing common tasks associated with deploying and upgrading Astra Control Center.

  1. Use the following command to determine if you have the plug-in installed:

    kubectl astra

This command should provide the kubectl plugin help. If the command returns an error, install the plugin using these instructions.

Add the images to your local registry

  1. Complete the appropriate step sequence for your container engine:

Docker
  1. Change to the acc directory extracted from the tar bundle:

    Example:

cd ../acc
  1. Push the package images in the Astra Control Center image directory to your local registry. Make the following substitutions before running the command:

    • Replace <BUNDLE_FILE> with the name of the Astra Control bundle file (acc.manifest.yaml).

    • Replace <MY_FULL_REGISTRY_PATH> with the URL of the Docker repository; for example, https://exampledownloads.jfrog.io/docker-astra-control/v1/.

    • Replace <MY_REGISTRY_USER> with the user name.

    • Replace <MY_REGISTRY_TOKEN> with an authorized token for the registry.

      kubectl astra packages push-images -m <BUNDLE_FILE> -r <MY_FULL_REGISTRY_PATH> -u <MY_REGISTRY_USER> -p <MY_REGISTRY_TOKEN>
Podman
  1. Log in to your registry:

    podman login <MY_FULL_REGISTRY_PATH>
  2. Run the following script, making the <YOUR_REGISTRY> substitution as noted in the comments:

    # You need to be at the root of the tarball.
    # You should see these files to confirm correct location:
    #   acc.manifest.yaml
    #   acc/
    
    # Replace <YOUR_REGISTRY> with your own registry (e.g registry.customer.com or registry.customer.com/testing, etc..)
    export REGISTRY=<YOUR_REGISTRY>
    export PACKAGENAME=acc
    export PACKAGEVERSION=22.11.0-82
    export DIRECTORYNAME=acc
    for astraImageFile in $(ls ${DIRECTORYNAME}/images/*.tar) ; do
      # Load to local cache
      astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image(s): //')
    
      # Remove path and keep imageName.
      astraImageNoPath=$(echo ${astraImage} | sed 's:.*/::')
    
      # Tag with local image repo.
      podman tag ${astraImage} ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
    
      # Push to the local repo.
      podman push ${REGISTRY}/netapp/astra/${PACKAGENAME}/${PACKAGEVERSION}/${astraImageNoPath}
    done

Install the updated Astra Control Center operator

  1. Change the directory:

    cd manifests
  2. Edit the Astra Control Center operator deployment yaml (astra_control_center_operator_deploy.yaml) to refer to your local registry and secret.

    vim astra_control_center_operator_deploy.yaml
    1. If you use a registry that requires authentication, replace or edit the default line of imagePullSecrets: [] with the following:

      imagePullSecrets:
      - name: <astra-registry-cred_or_custom_name_of_secret>
    2. Change [your_registry_path] for the kube-rbac-proxy image to the registry path where you pushed the images in a previous step.

    3. Change [your_registry_path] for the acc-operator image to the registry path where you pushed the images in a previous step.

    4. Add the following values to the env section:

      - name: ACCOP_HELM_UPGRADETIMEOUT
        value: 300m
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        labels:
          control-plane: controller-manager
        name: acc-operator-controller-manager
        namespace: netapp-acc-operator
      spec:
        replicas: 1
        selector:
          matchLabels:
            control-plane: controller-manager
        strategy:
          type: Recreate
        template:
          metadata:
            labels:
              control-plane: controller-manager
          spec:
            containers:
            - args:
              - --secure-listen-address=0.0.0.0:8443
              - --upstream=http://127.0.0.1:8080/
              - --logtostderr=true
              - --v=10
              image: [your_registry_path]/kube-rbac-proxy:v4.8.0
              name: kube-rbac-proxy
              ports:
              - containerPort: 8443
                name: https
            - args:
              - --health-probe-bind-address=:8081
              - --metrics-bind-address=127.0.0.1:8080
              - --leader-elect
              env:
              - name: ACCOP_LOG_LEVEL
                value: "2"
              - name: ACCOP_HELM_UPGRADETIMEOUT
                value: 300m
              image: [your_registry_path]/acc-operator:[version x.y.z]
              imagePullPolicy: IfNotPresent
              livenessProbe:
                httpGet:
                  path: /healthz
                  port: 8081
                initialDelaySeconds: 15
                periodSeconds: 20
              name: manager
              readinessProbe:
                httpGet:
                  path: /readyz
                  port: 8081
                initialDelaySeconds: 5
                periodSeconds: 10
              resources:
                limits:
                  cpu: 300m
                  memory: 750Mi
                requests:
                  cpu: 100m
                  memory: 75Mi
              securityContext:
                allowPrivilegeEscalation: false
            imagePullSecrets: []
            securityContext:
              runAsUser: 65532
            terminationGracePeriodSeconds: 10
  3. Install the updated Astra Control Center operator:

    kubectl apply -f astra_control_center_operator_deploy.yaml

    Sample response:

    namespace/netapp-acc-operator unchanged
    customresourcedefinition.apiextensions.k8s.io/astracontrolcenters.astra.netapp.io configured
    role.rbac.authorization.k8s.io/acc-operator-leader-election-role unchanged
    clusterrole.rbac.authorization.k8s.io/acc-operator-manager-role configured
    clusterrole.rbac.authorization.k8s.io/acc-operator-metrics-reader unchanged
    clusterrole.rbac.authorization.k8s.io/acc-operator-proxy-role unchanged
    rolebinding.rbac.authorization.k8s.io/acc-operator-leader-election-rolebinding unchanged
    clusterrolebinding.rbac.authorization.k8s.io/acc-operator-manager-rolebinding configured
    clusterrolebinding.rbac.authorization.k8s.io/acc-operator-proxy-rolebinding unchanged
    configmap/acc-operator-manager-config unchanged
    service/acc-operator-controller-manager-metrics-service unchanged
    deployment.apps/acc-operator-controller-manager configured
  4. Verify pods are running:

    kubectl get pods -n netapp-acc-operator

Upgrade Astra Control Center

  1. Edit the Astra Control Center custom resource (CR):

    kubectl edit AstraControlCenter -n [netapp-acc or custom namespace]
  2. Change the Astra version number (astraVersion inside of Spec) to the version you are upgrading to:

    spec:
      accountName: "Example"
      astraVersion: "[Version number]"
  3. Verify that your image registry path matches the registry path you pushed the images to in a previous step. Update imageRegistry inside of Spec if the registry has changed since your last installation.

      imageRegistry:
        name: "[your_registry_path]"
  4. Add the following to your CRDs configuration inside of Spec:

    crds:
      shouldUpgrade: true
  5. Add the following lines within additionalValues inside of Spec in the Astra Control Center CR:

    additionalValues:
        nautilus:
          startupProbe:
            periodSeconds: 30
            failureThreshold: 600

    After you save and exit the file editor, the changes will be applied and the upgrade will begin.

  6. (Optional) Verify that the pods terminate and become available again:

    watch kubectl get pods -n [netapp-acc or custom namespace]
  7. Wait for the Astra status conditions to indicate that the upgrade is complete and ready (True):

    kubectl get AstraControlCenter -n [netapp-acc or custom namespace]

    Response:

    NAME    UUID                                      VERSION     ADDRESS         READY
    astra   9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f      22.11.0-82  10.111.111.111  True
    Note To monitor upgrade status during the operation, run the following command: kubectl get AstraControlCenter -o yaml -n [netapp-acc or custom namespace]
    Note To inspect the Astra Control Center operator logs, run the following command:
    kubectl logs deploy/acc-operator-controller-manager -n netapp-acc-operator -c manager -f

Verify system status

  1. Log in to Astra Control Center.

  2. Verify that the version has been upgraded. See the Support page in the UI.

  3. Verify that all your managed clusters and apps are still present and protected.