Release notes
Add a private provider-managed cluster to Astra Control Service
Suggest changes
PDFs
You can use Astra Control Service to manage the following types of private provider-managed clusters:
-
Amazon Elastic Kubernetes Service (EKS)
-
Azure Kubernetes Service (AKS)
-
Google Kubernetes Engine (GKE)
-
Red Hat OpenShift Service on AWS (ROSA)
-
ROSA with AWS PrivateLink
These instructions assume that you have already created a private cluster and prepared a secure method to remotely access it; for more information about creating and accessing private clusters, refer to the following documentation:
You need to perform the following tasks to add your private cluster to Astra Control Service:
Install Astra Connector
Before you add a private cluster, you need to install Astra Connector on the cluster so that Astra Control can communicate with it. Refer to Install the previous version of Astra Connector for private clusters managed with non-Kubernetes-native workflows for instructions.
Set up persistent storage
Configure persistent storage for the cluster. Refer to the Get Started documentation for more information about configuring persistent storage:
Add the private provider-managed cluster to Astra Control Service
You can now add the private cluster to Astra Control Service.
When you manage Azure Kubernetes Service and Google Kubernetes Engine clusters, note that you have two options for Astra Control Provisioner installation and lifecycle management:
-
You can use Astra Control Service to automatically manage the lifecycle of Astra Control Provisioner. To do this, make sure that Astra Trident is not installed and Astra Control Provisioner is not enabled on the cluster that you want to manage with Astra Control Service. In this case, Astra Control Service automatically enables Astra Control Provisioner when you begin managing the cluster, and Astra Control Provisioner upgrades are handled automatically.
-
You can manage the lifecycle of Astra Control Provisioner yourself. To do this, enable Astra Control Provisioner on the cluster before managing the cluster with Astra Control Service. In this case, Astra Control Service detects that Astra Control Provisioner is already enabled and does not reinstall it or manage Astra Control Provisioner upgrades. Refer to Enable Astra Control Provisioner for steps enable Astra Control Provisioner.
When you manage Amazon Web Services clusters with Astra Control Service, if you need storage backends that can only be used with Astra Control Provisioner, you need to enable Astra Control Provisioner manually on the cluster before you manage it with Astra Control Service. Refer to Enable Astra Control Provisioner for steps to enable Astra Control Provisioner.
Before you begin
-
You should have the JSON file containing the credentials of the IAM user that created the cluster. Learn how to create an IAM user.
-
Astra Control Provisioner is required for Amazon FSx for NetApp ONTAP. If you plan to use Amazon FSx for NetApp ONTAP as a storage backend for your EKS cluster, refer to the Astra Control Provisioner information in the EKS cluster requirements.
-
(Optional) If you need to provide provide
kubectlcommand access for a cluster to other IAM users that are not the cluster's creator, refer to the instructions in How do I provide access to other IAM users and roles after cluster creation in Amazon EKS?. -
If you plan to use NetApp Cloud Volumes ONTAP as a storage backend, you need to configure Cloud Volumes ONTAP to work with Amazon Web Services. Refer to the Cloud Volumes ONTAP setup documentation.
-
You should have the JSON file that contains the output from the Azure CLI when you created the service principal. Learn how to set up a service principal.
You'll also need your Azure subscription ID, if you didn't add it to the JSON file.
-
If you plan to use NetApp Cloud Volumes ONTAP as a storage backend, you need to configure Cloud Volumes ONTAP to work with Microsoft Azure. Refer to the Cloud Volumes ONTAP setup documentation.
-
You should have the service account key file for a service account that has the required permissions. Learn how to set up a service account.
-
If the cluster is private, the authorized networks must allow the Astra Control Service IP address:
52.188.218.166/32
-
If you plan to use NetApp Cloud Volumes ONTAP as a storage backend, you need to configure Cloud Volumes ONTAP to work with Google Cloud. Refer to the Cloud Volumes ONTAP setup documentation.
-
(Optional) If you are adding an Amazon EKS cluster or want to manage the installation and upgrades of Astra Control Provisioner yourself, enable Astra Control Provisioner on the cluster. Refer to Enable Astra Control Provisioner for enablement steps.
-
Open the Astra Control Service web UI in a browser.
-
On the Dashboard, select Manage Kubernetes cluster.
Follow the prompts to add the cluster.
-
Provider: Select your cloud provider and then either provide the required credentials to create a new cloud instance, or select an existing cloud instance to use.
-
Amazon Web Services: Provide details about your Amazon Web Services IAM user account by uploading a JSON file or by pasting the contents of that JSON file from your clipboard.
The JSON file should contain the credentials of the IAM user that created the cluster.
-
Microsoft Azure: Provide details about your Azure service principal by uploading a JSON file or by pasting the contents of that JSON file from your clipboard.
The JSON file should contain the output from the Azure CLI when you created the service principal. It can also include your subscription ID so it's automatically added to Astra. Otherwise, you need to manually enter the ID after providing the JSON.
-
Google Cloud Platform: Provide the service account key file either by uploading the file or by pasting the contents from your clipboard.
Astra Control Service uses the service account to discover clusters running in Google Kubernetes Engine.
-
Other: This tab is for use with self-managed clusters only.
-
-
Cloud instance name: Provide a name for the new cloud instance that will be created when you add this cluster. Learn more about cloud instances.
-
Select Next.
Astra Control Service displays a list of clusters that you can choose from.
-
Cluster: Select a cluster from the list to add to Astra Control Service.
When you are selecting from the list of clusters, pay careful attention to the Eligiblity column. If a cluster is "Ineligible" or "Partially eligible", hover over the status to determine if there's an issue with the cluster. For example, it might identify that the cluster doesn't have a worker node.
-
Select Next.
-
(Optional) Storage: Optionally, select the storage class that you'd like Kubernetes applications deployed to this cluster to use by default.
-
To select a new default storage class for the cluster, enable the Assign a new default storage class check box.
-
Select a new default storage class from the list.
Each cloud provider storage service displays the following price, performance, and resilience information:
-
Cloud Volumes Service for Google Cloud: Price, performance, and resilience information
-
Google Persistent Disk: No price, performance, or resilience information available
-
Azure NetApp Files: Performance and resilience information
-
Azure Managed disks: No price, performance, or resilience information available
-
Amazon Elastic Block Store: No price, performance, or resilience information available
-
Amazon FSx for NetApp ONTAP: No price, performance, or resilience information available
-
NetApp Cloud Volumes ONTAP: No price, performance, or resilience information available
Each storage class can utilize one of the following services:
-
-
-
Select Next.
-
Review & Approve: Review the configuration details.
-
Select Add to add the cluster to Astra Control Service.
If this is the first cluster that you have added for this cloud provider, Astra Control Service creates an object store for the cloud provider for backups of applications running on eligible clusters. (When you add subsequent clusters for this cloud provider, no further object stores are created.) If you specified a default storage class, Astra Control Service sets the default storage class that you specified. For clusters managed in Amazon Web Services or Google Cloud Platform, Astra Control Service also creates an admin account on the cluster. These actions can take several minutes.
Change the default storage class
You can change the default storage class for a cluster.
Change the default storage class using Astra Control
You can change the default storage class for a cluster from within Astra Control. If your cluster uses a previously installed storage backend service, you might not be able to use this method to change the default storage class (the Set as default action is not selectable). In this case, you can Change the default storage class using the command line.
-
In the Astra Control Service UI, select Clusters.
-
On the Clusters page, select the cluster that you want to change.
-
Select the Storage tab.
-
Select the Storage classes category.
-
Select the Actions menu for the storage class that you want to set as default.
-
Select Set as default.
Change the default storage class using the command line
You can change the default storage class for a cluster using Kubernetes commands. This method works regardless of your cluster's configuration.
-
Log in to your Kubernetes cluster.
-
List the storage classes in your cluster:
kubectl get storageclass -
Remove the default designation from the default storage class. Replace <SC_NAME> with the name of the storage class:
kubectl patch storageclass <SC_NAME> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}' -
Mark a different storage class as default. Replace <SC_NAME> with the name of the storage class:
kubectl patch storageclass <SC_NAME> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' -
Confirm the new default storage class:
kubectl get storageclass