Skip to main content
Astra Control Service
All cloud providers
  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure
  • All cloud providers

Start managing apps

Contributors netapp-dbagwell netapp-mwallis amgrissino

After you add a Kubernetes cluster to Astra Control, you can install apps on the cluster (outside of Astra Control), and then go to the Applications page in Astra Control to define the apps.

You can define and manage apps that include storage resources with running pods, or apps that include storage resources without any running pods. Apps that have no running pods are known as data-only applications.

App management requirements

Astra Control has the following app management requirements:

  • Licensing: To manage more than 10 namespaces, you need an Astra Control subscription.

  • Namespaces: Apps can be defined within one or more specified namespaces on a single cluster using Astra Control. An app can contain resources spanning multiple namespaces within the same cluster. Astra Control does not support the ability for apps to be defined across multiple clusters.

  • Storage class: If you install an app with a storage class explicitly set and you need to clone the app, the target cluster for the clone operation must have the originally specified storage class. Cloning an application with an explicitly set storage class to a cluster that does not have the same storage class will fail.

  • Kubernetes resources: Apps that use Kubernetes Resources not collected by Astra Control might not have full app data management capabilities. Astra Control collects the following Kubernetes resources:

    ClusterRole

    ClusterRoleBinding

    ConfigMap

    CronJob

    CustomResourceDefinition

    CustomResource

    DaemonSet

    DeploymentConfig

    HorizontalPodAutoscaler

    Ingress

    MutatingWebhook

    NetworkPolicy

    PersistentVolumeClaim

    Pod

    PodDisruptionBudget

    PodTemplate

    ReplicaSet

    Role

    RoleBinding

    Route

    Secret

    Service

    ServiceAccount

    StatefulSet

    ValidatingWebhook

Supported app installation methods

Astra Control supports the following application installation methods:

  • Manifest file: Astra Control supports apps installed from a manifest file using kubectl. For example:

    kubectl apply -f myapp.yaml
  • Helm 3: If you use Helm to install apps, Astra Control requires Helm version 3. Managing and cloning apps installed with Helm 3 (or upgraded from Helm 2 to Helm 3) are fully supported. Managing apps installed with Helm 2 is not supported.

  • Operator-deployed apps: Astra Control supports apps installed with namespace-scoped operators that are, in general, designed with a "pass-by-value" rather than "pass-by-reference" architecture. An operator and the app it installs must use the same namespace; you might need to modify the deployment .yaml file for the operator to ensure this is the case.

    The following are some operator apps that follow these patterns:

    • Apache K8ssandra

      Note For K8ssandra, in-place restore operations are supported. A restore operation to a new namespace or cluster requires that the original instance of the application to be taken down. This is to ensure that the peer group information carried over does not lead to cross-instance communication. Cloning of the app is not supported.
    • Jenkins CI

    • Percona XtraDB Cluster

    Astra Control might not be able to clone an operator that is designed with a “pass-by-reference” architecture (for example, the CockroachDB operator). During these types of cloning operations, the cloned operator attempts to reference Kubernetes secrets from the source operator despite having its own new secret as part of the cloning process. The clone operation might fail because Astra Control is unaware of the Kubernetes secrets in the source operator.

Install apps on your cluster

After you've added your cluster to Astra Control, you can install apps or manage existing apps on the cluster. Any app that is scoped to one or more namespaces can be managed.

Astra Control will manage stateful apps only if the storage is on a storage class supported by Astra Control. Astra Control Service supports any storage class that is supported by Astra Control Provisioner or a generic CSI driver.

Define apps

After Astra Control discovers namespaces on your clusters, you can define applications that you want to manage. You can choose to manage an app spanning one or more namespaces or manage an entire namespace as a single application. It all comes down to the level of granularity that you need for data protection operations.

Although Astra Control enables you to separately manage both levels of the hierarchy (the namespace and the apps in that namespace or spanning namespaces), the best practice is to choose one or the other. Actions that you take in Astra Control can fail if the actions take place at the same time at both the namespace and app level.

Tip As an example, you might want to set a backup policy for "maria" that has a weekly cadence, but you might need to back up "mariadb" (which is in the same namespace) more frequently than that. Based on those needs, you would need to manage the apps separately and not as a single-namespace app.
Before you begin
About this task

Define resources to manage as an app

You can specify the Kubernetes resources that make up an app that you want to manage with Astra Control. Defining an app enables you to group elements of your Kubernetes cluster into a single app. This collection of Kubernetes resources is organized by namespace and label selector criteria.

Defining an app gives you more granular control over what to include in an Astra Control operation, including clone, snapshot, and backups.

Warning When defining apps, ensure that you do not include a Kubernetes resource in multiple apps with protection policies. Overlapping protection policies on a Kubernetes resources can cause data conflicts.
Read more about adding cluster-scoped resources to your app namespaces.

You can import cluster resources that are associated with the namespace resources in addition to those Astra Control included automatically. You can add a rule that will include resources of a specific group, kind, version and optionally, label. You might want to do this if there are resources that Astra Control does not include automatically.

You cannot exclude any of the cluster-scoped resources that are automatically included by Astra Control.

You can add the following apiVersions (which are the groups combined with the API version):

Resource kind apiVersions (group + version)

ClusterRole

rbac.authorization.k8s.io/v1

ClusterRoleBinding

rbac.authorization.k8s.io/v1

CustomResource

apiextensions.k8s.io/v1, apiextensions.k8s.io/v1beta1

CustomResourceDefinition

apiextensions.k8s.io/v1, apiextensions.k8s.io/v1beta1

MutatingWebhookConfiguration

admissionregistration.k8s.io/v1

ValidatingWebhookConfiguration

admissionregistration.k8s.io/v1

Steps
  1. From the Applications page, select Define.

  2. In the Define application window, enter the app name.

  3. Choose the cluster on which your application is running in the Cluster drop-down list.

  4. Choose a namespace for your application from the Namespace drop-down list.

    Note Apps can be defined within one or more specified namespaces on a single cluster using Astra Control. An app can contain resources spanning multiple namespaces within the same cluster. Astra Control does not support the ability for apps to be defined across multiple clusters.
  5. (Optional) Enter a label for the Kubernetes resources in each namespace. You can specify a single label or label selector criteria (query).

    Tip To learn more about Kubernetes labels, refer to the official Kubernetes documentation.
  6. (Optional) Add additional namespaces for the app by selecting Add namespace and choosing the namespace from the drop-down list.

  7. (Optional) Enter single label or label selector criteria for any additional namespaces you add.

  8. (Optional) To include cluster-scoped resources in addition to those that Astra Control automatically includes, check Include additional cluster-scoped resources and complete the following:

    1. Select Add include rule.

    2. Group: From the drop-down list, select the API group of resources.

    3. Kind: From the drop-down list, select the name of the object schema.

    4. Version: Enter the API version.

    5. Label selector: Optionally, include a label to add to the rule. This label is used to retrieve only those resources matching this label. If you don't provide a label, Astra Control collects all instances of the resource kind specified for that cluster.

    6. Review the rule that is created based on your entries.

    7. Select Add.

      Tip You can create as many cluster-scoped resource rules as you want. The rules appear in the Define application Summary.
  9. Select Define.

  10. After you select Define, repeat the process for other apps, as needed.

After you finish defining an app, the app appears in Healthy state in the list of apps on the Applications page. You are now able to clone it and create backups and snapshots.

Note The app you just added might have a warning icon under the Protected column, indicating that it is not backed up and not scheduled for backups yet.
Tip To see details of a particular app, select the app name.

To see the resources added to this app, select the Resources tab. Select the number after the resource name in the Resource column or enter the resource name in Search to see the additional cluster-scoped resources included.

Define a namespace to manage as an app

You can add all Kubernetes resources in a namespace to Astra Control management by defining the resources of that namespace as an application. This method is preferable to defining apps individually if you intend to manage and protect all resources in a particular namespace in a similar way and at common intervals.

Steps
  1. From the Clusters page, select a cluster.

  2. Select the Namespaces tab.

  3. Select the Actions menu for the namespace that contains the app resources you want to manage and select Define as application.

    Tip If you want to define multiple applications, select from the namespaces list and select the Actions button in the upper-left corner and select Define as application. This will define multiple individual applications in their individual namespaces. For multi-namespace applications, refer to Define resources to manage as an app.
    Note Select the Show system namespaces checkbox to reveal system namespaces that are usually not used in app management by default. A screenshot that shows the <strong>Show system namespaces</strong> option that is available in the Namespaces tab. Read more.

After the process completes, the applications that are associated with the namespace appear in the Associated applications column.

[Tech preview] Define an application using a Kubernetes custom resource

You can specify the Kubernetes resources that you want to manage with Astra Control by defining them as an application using a custom resource (CR). You can add cluster-scoped resources if you want to manage those resources individually or all Kubernetes resources in a namespace if, for example, you intend to manage and protect all resources in a particular namespace in a similar way and at common intervals.

Steps
  1. Create the custom resource (CR) file and name it (for example, astra_mysql_app.yaml).

  2. Name the application in metadata.name.

  3. Define application resources to be managed:

    spec.includedClusterScopedResources

    Include cluster-scoped resource types in addition to those that Astra Control automatically includes:

    • spec.includedClusterScopedResources: (Optional) A list of cluster-scoped resource types to be included.

      • groupVersionKind: (Optional) Unambiguously identifies a kind.

        • group: (Required if groupVersionKind is used) API group of the resource to include.

        • version: (Required if groupVersionKind is used) API version of the resource to include.

        • kind: (Required if groupVersionKind is used) Kind of the resource to include.

      • labelSelector: (Optional) A label query for a set of resources. It's used to retrieve only those resources matching the label. If you don't provide a label, Astra Control collects all instances of the resource kind specified for that cluster. The result of matchLabels and matchExpressions are ANDed.

        • matchLabels: (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions that has a key field of "key", operator as "In", and values array containing only "value". The requirements are ANDed.

        • matchExpressions: (Optional) A list of label selector requirements. The requirements are ANDed.

          • key: (Required if matchExpressions is used) The label key associated with the label selector.

          • operator: (Required if matchExpressions is used) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

          • values: (Required if matchExpressions is used)_An array of string values. If the operator is In or NotIn, the values array must _not be empty. If the operator is Exists or DoesNotExist, the values array must be empty.

    spec.includedNamespaces

    Include namespaces and resources within those resources in the application:

    • spec.includedNamespaces: _(Required)_Defines the namespace and optional filters for resource selection.

      • namespace: (Required) The namespace that contains the app resources you want to manage with Astra Control.

      • labelSelector: (Optional) A label query for a set of resources. It's used to retrieve only those resources matching the label. If you don't provide a label, Astra Control collects all instances of the resource kind specified for that cluster. The result of matchLabels and matchExpressions are ANDed.

        • matchLabels: (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions that has a key field of "key", operator as "In", and values array containing only "value". The requirements are ANDed.

        • matchExpressions: (Optional) A list of label selector requirements. key and operator are required. The requirements are ANDed.

          • key: (Required if matchExpressions is used) The label key associated with the label selector.

          • operator: (Required if matchExpressions is used) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

          • values: (Required if matchExpressions is used) An array of string values. If the operator is In or NotIn, the values array must not be empty. If the operator is Exists or DoesNotExist, the values array must be empty.

    Example YAML:

    apiVersion: astra.netapp.io/v1
    kind: Application
    metadata:
      name: astra_mysql_app
    spec:
      includedNamespaces:
        - namespace: astra_mysql_app
          labelSelector:
            matchLabels:
              app: nginx
              env: production
            matchExpressions:
              - key: tier
                operator: In
                values:
                  - frontend
                  - backend
  4. After you populate the astra_mysql_app.yaml file with the correct values, apply the CR:

    kubectl apply -f astra_mysql_app.yaml -n astra-connector

What about system namespaces?

Astra Control also discovers system namespaces on a Kubernetes cluster. We don't show you these system namespaces by default because it's rare that you'd need to back up system app resources.

You can display system namespaces from the Namespaces tab for a selected cluster by selecting the Show system namespaces check box.

A screenshot that shows the <strong>Show system namespaces</strong> option that is available in the Namespaces tab.

Tip Astra Control itself is not a standard app; it is a "system app." You should not try to manage Astra Control itself. Astra Control itself isn't shown by default for management.