Start managing apps
After you add a Kubernetes cluster to Astra Control, you can install apps on the cluster (outside of Astra Control), and then go to the Applications page in Astra Control to define the apps.
You can define and manage apps that include storage resources with running pods, or apps that include storage resources without any running pods. Apps that have no running pods are known as data-only applications.
App management requirements
Astra Control has the following app management requirements:
-
Licensing: To manage more than 10 namespaces, you need an Astra Control subscription.
-
Namespaces: Apps can be defined within one or more specified namespaces on a single cluster using Astra Control. An app can contain resources spanning multiple namespaces within the same cluster. Astra Control does not support the ability for apps to be defined across multiple clusters.
-
Storage class: If you install an app with a storage class explicitly set and you need to clone the app, the target cluster for the clone operation must have the originally specified storage class. Cloning an application with an explicitly set storage class to a cluster that does not have the same storage class will fail.
-
Kubernetes resources: Apps that use Kubernetes Resources not collected by Astra Control might not have full app data management capabilities. Astra Control collects the following Kubernetes resources:
ClusterRole
ClusterRoleBinding
ConfigMap
CronJob
CustomResourceDefinition
CustomResource
DaemonSet
DeploymentConfig
HorizontalPodAutoscaler
Ingress
MutatingWebhook
NetworkPolicy
PersistentVolumeClaim
Pod
PodDisruptionBudget
PodTemplate
ReplicaSet
Role
RoleBinding
Route
Secret
Service
ServiceAccount
StatefulSet
ValidatingWebhook
Supported app installation methods
Astra Control supports the following application installation methods:
-
Manifest file: Astra Control supports apps installed from a manifest file using kubectl. For example:
kubectl apply -f myapp.yaml
-
Helm 3: If you use Helm to install apps, Astra Control requires Helm version 3. Managing and cloning apps installed with Helm 3 (or upgraded from Helm 2 to Helm 3) are fully supported. Managing apps installed with Helm 2 is not supported.
-
Operator-deployed apps: Astra Control supports apps installed with namespace-scoped operators that are, in general, designed with a "pass-by-value" rather than "pass-by-reference" architecture. An operator and the app it installs must use the same namespace; you might need to modify the deployment .yaml file for the operator to ensure this is the case.
The following are some operator apps that follow these patterns:
-
For K8ssandra, in-place restore operations are supported. A restore operation to a new namespace or cluster requires that the original instance of the application to be taken down. This is to ensure that the peer group information carried over does not lead to cross-instance communication. Cloning of the app is not supported.
Astra Control might not be able to clone an operator that is designed with a “pass-by-reference” architecture (for example, the CockroachDB operator). During these types of cloning operations, the cloned operator attempts to reference Kubernetes secrets from the source operator despite having its own new secret as part of the cloning process. The clone operation might fail because Astra Control is unaware of the Kubernetes secrets in the source operator.
-
Install apps on your cluster
After you've added your cluster to Astra Control, you can install apps or manage existing apps on the cluster. Any app that is scoped to one or more namespaces can be managed.
Astra Control will manage stateful apps only if the storage is on a storage class supported by Astra Control. Astra Control Service supports any storage class that is supported by Astra Control Provisioner or a generic CSI driver.
Define apps
After Astra Control discovers namespaces on your clusters, you can define applications that you want to manage. You can choose to manage an app spanning one or more namespaces or manage an entire namespace as a single application. It all comes down to the level of granularity that you need for data protection operations.
Although Astra Control enables you to separately manage both levels of the hierarchy (the namespace and the apps in that namespace or spanning namespaces), the best practice is to choose one or the other. Actions that you take in Astra Control can fail if the actions take place at the same time at both the namespace and app level.
As an example, you might want to set a backup policy for "maria" that has a weekly cadence, but you might need to back up "mariadb" (which is in the same namespace) more frequently than that. Based on those needs, you would need to manage the apps separately and not as a single-namespace app. |
-
A Kubernetes cluster added to Astra Control.
-
One or more installed apps on the cluster. Read more about supported app installation methods.
-
Existing namespaces on the Kubernetes cluster that you added to Astra Control.
-
(Optional) A Kubernetes label on any supported Kubernetes resources.
A label is a key/value pair you can assign to Kubernetes objects for identification. Labels make it easier to sort, organize, and find your Kubernetes objects. To learn more about Kubernetes labels, refer to the official Kubernetes documentation.
-
Before you begin, you should also understand managing standard and system namespaces.
-
If you plan to use multiple namespaces with your apps in Astra Control, consider modifying user roles with namespace constraints before defining apps.
-
For instructions on how to manage apps using the Astra Control API, refer to the Astra Automation and API information.
Define resources to manage as an app
You can specify the Kubernetes resources that make up an app that you want to manage with Astra Control. Defining an app enables you to group elements of your Kubernetes cluster into a single app. This collection of Kubernetes resources is organized by namespace and label selector criteria.
Defining an app gives you more granular control over what to include in an Astra Control operation, including clone, snapshot, and backups.
When defining apps, ensure that you do not include a Kubernetes resource in multiple apps with protection policies. Overlapping protection policies on a Kubernetes resources can cause data conflicts. |
Read more about adding cluster-scoped resources to your app namespaces.
You can import cluster resources that are associated with the namespace resources in addition to those Astra Control included automatically. You can add a rule that will include resources of a specific group, kind, version and optionally, label. You might want to do this if there are resources that Astra Control does not include automatically.
You cannot exclude any of the cluster-scoped resources that are automatically included by Astra Control.
You can add the following apiVersions
(which are the groups combined with the API version):
Resource kind | apiVersions (group + version) |
---|---|
|
rbac.authorization.k8s.io/v1 |
|
rbac.authorization.k8s.io/v1 |
|
apiextensions.k8s.io/v1, apiextensions.k8s.io/v1beta1 |
|
apiextensions.k8s.io/v1, apiextensions.k8s.io/v1beta1 |
|
admissionregistration.k8s.io/v1 |
|
admissionregistration.k8s.io/v1 |
-
From the Applications page, select Define.
-
In the Define application window, enter the app name.
-
Choose the cluster on which your application is running in the Cluster drop-down list.
-
Choose a namespace for your application from the Namespace drop-down list.
Apps can be defined within one or more specified namespaces on a single cluster using Astra Control. An app can contain resources spanning multiple namespaces within the same cluster. Astra Control does not support the ability for apps to be defined across multiple clusters. -
(Optional) Enter a label for the Kubernetes resources in each namespace. You can specify a single label or label selector criteria (query).
To learn more about Kubernetes labels, refer to the official Kubernetes documentation. -
(Optional) Add additional namespaces for the app by selecting Add namespace and choosing the namespace from the drop-down list.
-
(Optional) Enter single label or label selector criteria for any additional namespaces you add.
-
(Optional) To include cluster-scoped resources in addition to those that Astra Control automatically includes, check Include additional cluster-scoped resources and complete the following:
-
Select Add include rule.
-
Group: From the drop-down list, select the API group of resources.
-
Kind: From the drop-down list, select the name of the object schema.
-
Version: Enter the API version.
-
Label selector: Optionally, include a label to add to the rule. This label is used to retrieve only those resources matching this label. If you don't provide a label, Astra Control collects all instances of the resource kind specified for that cluster.
-
Review the rule that is created based on your entries.
-
Select Add.
You can create as many cluster-scoped resource rules as you want. The rules appear in the Define application Summary.
-
-
Select Define.
-
After you select Define, repeat the process for other apps, as needed.
After you finish defining an app, the app appears in Healthy
state in the list of apps on the Applications page. You are now able to clone it and create backups and snapshots.
The app you just added might have a warning icon under the Protected column, indicating that it is not backed up and not scheduled for backups yet. |
To see details of a particular app, select the app name. |
To see the resources added to this app, select the Resources tab. Select the number after the resource name in the Resource column or enter the resource name in Search to see the additional cluster-scoped resources included.
Define a namespace to manage as an app
You can add all Kubernetes resources in a namespace to Astra Control management by defining the resources of that namespace as an application. This method is preferable to defining apps individually if you intend to manage and protect all resources in a particular namespace in a similar way and at common intervals.
-
From the Clusters page, select a cluster.
-
Select the Namespaces tab.
-
Select the Actions menu for the namespace that contains the app resources you want to manage and select Define as application.
If you want to define multiple applications, select from the namespaces list and select the Actions button in the upper-left corner and select Define as application. This will define multiple individual applications in their individual namespaces. For multi-namespace applications, refer to Define resources to manage as an app. Select the Show system namespaces checkbox to reveal system namespaces that are usually not used in app management by default. Read more.
After the process completes, the applications that are associated with the namespace appear in the Associated applications
column.
[Tech preview] Define an application using a Kubernetes custom resource
You can specify the Kubernetes resources that you want to manage with Astra Control by defining them as an application using a custom resource (CR). You can add cluster-scoped resources if you want to manage those resources individually or all Kubernetes resources in a namespace if, for example, you intend to manage and protect all resources in a particular namespace in a similar way and at common intervals.
-
Create the custom resource (CR) file and name it (for example,
astra_mysql_app.yaml
). -
Name the application in
metadata.name
. -
Define application resources to be managed:
spec.includedClusterScopedResourcesInclude cluster-scoped resource types in addition to those that Astra Control automatically includes:
-
spec.includedClusterScopedResources: (Optional) A list of cluster-scoped resource types to be included.
-
groupVersionKind: (Optional) Unambiguously identifies a kind.
-
group: (Required if groupVersionKind is used) API group of the resource to include.
-
version: (Required if groupVersionKind is used) API version of the resource to include.
-
kind: (Required if groupVersionKind is used) Kind of the resource to include.
-
-
labelSelector: (Optional) A label query for a set of resources. It's used to retrieve only those resources matching the label. If you don't provide a label, Astra Control collects all instances of the resource kind specified for that cluster. The result of matchLabels and matchExpressions are ANDed.
-
matchLabels: (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions that has a key field of "key", operator as "In", and values array containing only "value". The requirements are ANDed.
-
matchExpressions: (Optional) A list of label selector requirements. The requirements are ANDed.
-
key: (Required if matchExpressions is used) The label key associated with the label selector.
-
operator: (Required if matchExpressions is used) Represents a key's relationship to a set of values. Valid operators are
In
,NotIn
,Exists
andDoesNotExist
. -
values: (Required if matchExpressions is used)_An array of string values. If the operator is
In
orNotIn
, the values array must _not be empty. If the operator isExists
orDoesNotExist
, the values array must be empty.
-
-
-
spec.includedNamespacesInclude namespaces and resources within those resources in the application:
-
spec.includedNamespaces: _(Required)_Defines the namespace and optional filters for resource selection.
-
namespace: (Required) The namespace that contains the app resources you want to manage with Astra Control.
-
labelSelector: (Optional) A label query for a set of resources. It's used to retrieve only those resources matching the label. If you don't provide a label, Astra Control collects all instances of the resource kind specified for that cluster. The result of matchLabels and matchExpressions are ANDed.
-
matchLabels: (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions that has a key field of "key", operator as "In", and values array containing only "value". The requirements are ANDed.
-
matchExpressions: (Optional) A list of label selector requirements.
key
andoperator
are required. The requirements are ANDed.-
key: (Required if matchExpressions is used) The label key associated with the label selector.
-
operator: (Required if matchExpressions is used) Represents a key's relationship to a set of values. Valid operators are
In
,NotIn
,Exists
andDoesNotExist
. -
values: (Required if matchExpressions is used) An array of string values. If the operator is
In
orNotIn
, the values array must not be empty. If the operator isExists
orDoesNotExist
, the values array must be empty.
-
-
-
Example YAML:
apiVersion: astra.netapp.io/v1 kind: Application metadata: name: astra_mysql_app spec: includedNamespaces: - namespace: astra_mysql_app labelSelector: matchLabels: app: nginx env: production matchExpressions: - key: tier operator: In values: - frontend - backend
-
-
After you populate the
astra_mysql_app.yaml
file with the correct values, apply the CR:kubectl apply -f astra_mysql_app.yaml -n astra-connector
What about system namespaces?
Astra Control also discovers system namespaces on a Kubernetes cluster. We don't show you these system namespaces by default because it's rare that you'd need to back up system app resources.
You can display system namespaces from the Namespaces tab for a selected cluster by selecting the Show system namespaces check box.
Astra Control itself is not a standard app; it is a "system app." You should not try to manage Astra Control itself. Astra Control itself isn't shown by default for management. |