Install Astra Data Store

Contributors netapp-dbagwell netapp-mwallis amgrissino

You can install Astra Data Store using Kubernetes-native commands or using the UI in Astra Control Center.

Installation options

  • With Kubernetes-native commands: To install Astra Data Store using Kubernetes-native commands, complete the installation steps described in this procedure.

  • With Astra Control Center: To install Astra Data Store using Astra Control Center, complete the installation steps described in this procedure.

What you’ll need

Install Astra Data Store

The Astra Data Store installation process for standard Kubernetes clusters guides you through the following high-level steps. Additional installation steps for Red Hat OpenShift Container Platform (OCP) environments are also described.

Note To use Astra Data Store with Google Anthos, complete these installation steps and add the Astra Data Store cluster to your Anthos environment.
Note To install Astra Data Store with Rancher RKE environments, complete these installation steps and substitute Rancher commands for kubectl commands.

Download the Astra Data Store bundle and extract the images

  1. Log in to the NetApp Support Site and download the Astra Data Store bundle (Astra_Data_Store_2022.05.01.tar).

    Note If you are looking for instructions for earlier versions of the bundle, see documentation for that version.
  2. (Optional) Use the following command to verify the signature of the bundle:

    openssl dgst -sha256 -verify Astra_Data_Store_2022.05.01.pub -signature Astra_Data_Store_2022.05.01.sig 2022.12.01_ads.tar
  3. Create a directory:

    mkdir Astra_Data_Store_2022.05.01
    cd Astra_Data_Store_2022.05.01
  4. Extract the images:

    tar -xvf <path to tar file>/Astra_Data_Store_2022.05.01.tar
    Note The images will be extracted to a astrads/images directory created within the working directory.

Copy the binary and push images to your local registry

  1. Copy the kubectl-astrads binary from the directory you used to extract images to the standard path where k8s kubectl binaries are installed (/usr/bin/ is used as the path in the example below). kubectl-astrads is a custom kubectl extension that installs and manages Astra Data Store clusters.

    Tip Use the which kubectl command to find the path where kubectl binaries are installed.
    cp -p ./astrads/bin/kubectl-astrads /usr/bin/.
  2. Add the files in the Astra Data Store image directory to your local registry.

    Note See a sample script for the automatic loading of images below.
    1. Log in to your registry:

      docker login [your_registry_path]
    2. Set an environment variable to the registry path where you want to push the Astra Data Store images; for example, repo.company.com.

      export REGISTRY=repo.company.com/astrads
    3. Run the script to load the images into Docker, tag the images, and push the images to your local registry:

      for astraImageFile in $(ls astrads/images/*.tar) ; do
         astraImage=$(docker load --input ${astraImageFile} | sed 's~Loaded image: ~~')
         astraImageShort=`echo $astraImage | sed 's~.*/~~'`
         docker tag ${astraImage} ${REGISTRY}/${astraImageShort}
         docker push ${REGISTRY}/${astraImageShort}
      done
      sed -i 's~\[YOUR REGISTRY\]~'${REGISTRY}'~' ./astrads/manifests/*.yaml

OpenShift procedure

Use the following procedure only for deployment on the Red Hat OpenShift Container Platform (OCP). Skip this procedure for deployment on non-OCP Kubernetes clusters.

  • Create a namespace to deploy Astra Data Store

  • Create a custom SCC

  • Create roles and role bindings

Details
Create a namespace to deploy Astra Data Store

Create a namespace astrads-system in which all Astra Data Store components will be installed.

The following step is needed only for deployment on the Red Hat OpenShift Container Platform (OCP).

  1. Create the namespace:

    kubectl create -f ads_namespace.yaml

    Sample: ads_namespace.yaml

    apiVersion: v1
    kind: Namespace
    metadata:
      labels:
        control-plane: operator
      name: astrads-system
Create a custom SCC

OpenShift uses security context constraints (SCC) that control the actions that a pod can perform.
By default, the execution of any container will be granted the restricted SCC and only the capabilities defined by that SCC.

Restricted SCC does not provide permissions required by Astra Data Store cluster pods. Use this procedure to provide the required privileges (listed in the sample) to Astra Data Store.

Assign a custom SCC to the default service account for the Astra Data Store namespace.

The following steps are needed only for deployment on the Red Hat OpenShift Container Platform (OCP).

  1. Create a custom SCC:

    kubectl create -f ads_privileged_scc.yaml

    Sample: ads_privileged_scc.yaml

    allowHostDirVolumePlugin: true
    allowHostIPC: true
    allowHostNetwork: true
    allowHostPID: true
    allowHostPorts: true
    allowPrivilegeEscalation: true
    allowPrivilegedContainer: true
    allowedCapabilities:
    - '*'
    allowedUnsafeSysctls:
    - '*'
    apiVersion: security.openshift.io/v1
    defaultAddCapabilities: null
    fsGroup:
      type: RunAsAny
    groups: []
    kind: SecurityContextConstraints
    metadata:
      annotations:
        kubernetes.io/description: 'ADS privileged. Grant with caution.'
        release.openshift.io/create-only: "true"
      name: ads-privileged
    priority: null
    readOnlyRootFilesystem: false
    requiredDropCapabilities: null
    runAsUser:
      type: RunAsAny
    seLinuxContext:
      type: RunAsAny
    seccompProfiles:
    - '*'
    supplementalGroups:
      type: RunAsAny
    users:
    - system:serviceaccount:astrads-system:default
    volumes:
    - '*'
  2. Display the newly added SCC using the oc get scc command:

    # oc get scc/ads-privileged
    NAME           PRIV  CAPS  SELINUX  RUNASUSER FSGROUP   SUPGROUP  PRIORITY   READONLYROOTFS  VOLUMES
    ads-privileged true  ["*"] RunAsAny RunAsAny  RunAsAny  RunAsAny  <no value> false           ["*"]
    #
Create the roles and role bindings

Create the required roles and role bindings to be used by the default service account for Astra Data Store.

The following yaml definition assigns various roles (via rolebindings) needed by the Astra Data Store resources in the astrads.netapp.io API group.

The following steps are needed only for deployment on the Red Hat OpenShift Container Platform (OCP).

  1. Create the defined roles and role binding:

    kubectl create -f oc_role_bindings.yaml

    Sample: oc_role_bindings.yaml

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: privcrole
    rules:
    - apiGroups:
      - security.openshift.io
      resourceNames:
      - ads-privileged
      resources:
      - securitycontextconstraints
      verbs:
      - use
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      name: default-scc-rolebinding
      namespace: astrads-system
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: privcrole
    subjects:
    - kind: ServiceAccount
      name: default
      namespace: astrads-system
    ---
    
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      name: ownerref
      namespace: astrads-system
    rules:
    - apiGroups:
      - astrads.netapp.io
      resources:
      - '*/finalizers'
      verbs:
      - update
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      name: or-rb
      namespace: astrads-system
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: ownerref
    subjects:
    - kind: ServiceAccount
      name: default
      namespace: astrads-system

Configure a private image registry

As an optional step for certain environments, you can change the configuration to pull an image from a private registry that uses secrets.

  1. Create the astrads-system namespace unless you did so already in a previous step:

    kubectl create namespace astrads-system
  2. Create the secret:

    kubectl create secret docker-registry <secret-name> -n astrads-system --docker-server=<registry name> --docker-username= <registry username> --docker-password=<registry user password>
  3. Add secrets configuration information to the service account:

    kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "<secret-name>"}]}' -n astrads-system
    Note These changes will be applied when you install the Astra Data Store operator.

Install the Astra Data Store operator

  1. List the Astra Data Store manifests:

    ls astrads/manifests/*yaml

    Response:

    astrads/manifests/monitoring_operator.yaml
    astrads/manifests/astradscluster.yaml
    astrads/manifests/astradsversion.yaml
    astrads/manifests/astradsoperator.yaml
    astrads/manifests/vasa_asup_certs.yaml
    astrads/manifests/manifest.yaml
    astrads/manifests/configuration.yaml
  2. Deploy the operator using kubectl apply:

    kubectl apply -f ./astrads/manifests/astradsoperator.yaml

    Response:

    Note The namespace response might differ depending on whether you performed the standard installation or the OpenShift Container Platform installation.
    namespace/astrads-system created
    customresourcedefinition.apiextensions.k8s.io/astradsadddrives.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsautosupports.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradscloudsnapshots.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsclusters.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsexportpolicies.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsfaileddrives.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradskeyproviders.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradslicenses.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsnfsoptions.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsnodeinfoes.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsnodemanagements.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsqospolicies.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradssearkeyrotaterequests.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsversions.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsvolumefiles.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsvolumes.astrads.netapp.io created
    customresourcedefinition.apiextensions.k8s.io/astradsvolumesnapshots.astrads.netapp.io created
    role.rbac.authorization.k8s.io/astrads-astrads-system-admin-role created
    role.rbac.authorization.k8s.io/astrads-astrads-system-reader-role created
    role.rbac.authorization.k8s.io/astrads-astrads-system-writer-role created
    role.rbac.authorization.k8s.io/astrads-leader-election-role created
    role.rbac.authorization.k8s.io/astrads-manager-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astrads-admin-clusterrole created
    clusterrole.rbac.authorization.k8s.io/astrads-astrads-reader-clusterrole created
    clusterrole.rbac.authorization.k8s.io/astrads-astrads-writer-clusterrole created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsautosupport-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsautosupport-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradscloudsnapshot-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradscloudsnapshot-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradscluster-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradscluster-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsexportpolicy-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsexportpolicy-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsfaileddrive-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsfaileddrive-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradslicense-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradslicense-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsnfsoption-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsnfsoption-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsnodeinfo-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsnodeinfo-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsnodemanagement-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsnodemanagement-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsqospolicy-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsversion-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsversion-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsvolume-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsvolume-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsvolumefile-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsvolumefile-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsvolumesnapshot-editor-role created
    clusterrole.rbac.authorization.k8s.io/astrads-astradsvolumesnapshot-viewer-role created
    clusterrole.rbac.authorization.k8s.io/astrads-manager-role created
    rolebinding.rbac.authorization.k8s.io/astrads-astrads-admin-rolebinding created
    rolebinding.rbac.authorization.k8s.io/astrads-astrads-reader-rolebinding created
    rolebinding.rbac.authorization.k8s.io/astrads-astrads-writer-rolebinding created
    rolebinding.rbac.authorization.k8s.io/astrads-leader-election-rolebinding created
    rolebinding.rbac.authorization.k8s.io/astrads-manager-rolebinding created
    clusterrolebinding.rbac.authorization.k8s.io/astrads-astrads-admin-rolebinding created
    clusterrolebinding.rbac.authorization.k8s.io/astrads-astrads-reader-rolebinding created
    clusterrolebinding.rbac.authorization.k8s.io/astrads-astrads-writer-rolebinding created
    clusterrolebinding.rbac.authorization.k8s.io/astrads-manager-rolebinding created
    configmap/astrads-autosupport-cm created
    configmap/astrads-firetap-cm created
    configmap/astrads-kevents-asup created
    configmap/astrads-metrics-cm created
    secret/astrads-autosupport-certs created
    secret/astrads-webhook-server-cert created
    service/astrads-webhook-service created
    deployment.apps/astrads-operator created
  3. Verify that the Astra Data Store operator pod has started and is running:

    kubectl get pods -n astrads-system

    Response:

    NAME                                READY   STATUS    RESTARTS   AGE
    astrads-operator-5ffb94fbf-7ln4h    1/1     Running   0          17m

Deploy the Astra Data Store version YAML

  1. Deploy using kubectl apply:

    kubectl apply -f ./astrads/manifests/astradsversion.yaml
  2. Verify that the pods are running:

    kubectl get pods -n astrads-system

    Response:

    NAME                                          READY   STATUS    RESTARTS   AGE
    astrads-cluster-controller-7f6f884645-xxf2n   1/1     Running   0          117s
    astrads-ds-nodeinfo-2jqnk                     1/1     Running   0          2m7s
    astrads-ds-nodeinfo-dbk7v                     1/1     Running   0          2m7s
    astrads-ds-nodeinfo-rn9tt                     1/1     Running   0          2m7s
    astrads-ds-nodeinfo-vsmhv                     1/1     Running   0          2m7s
    astrads-license-controller-fb8fd56bc-bxq7j    1/1     Running   0          2m2s
    astrads-operator-5ffb94fbf-7ln4h              1/1     Running   0          2m10s

Apply the Astra Data Store license

  1. Apply the NetApp License File (NLF) that you obtained from NetApp. Before you run the command, enter the name of the cluster (<Astra-Data-Store-cluster-name>) that you are going to deploy or have already deployed and the path to the license file (<file_path/file.txt>):

    kubectl astrads license add --license-file-path <file_path/file.txt> --ads-cluster-name <Astra-Data-Store-cluster-name> -n astrads-system
  2. Verify that the license has been added:

    kubectl astrads license list

    Response:

    NAME                    ADSCLUSTER               VALID PRODUCT          EVALUATION  ENDDATE     VALIDATED
    e100000006-ads-capacity astrads-example-cluster  true  Astra Data Store true        2023-01-23  2022-04-04T14:38:54Z

Install the Astra Data Store cluster

  1. Open the YAML file:

    vim ./astrads/manifests/astradscluster.yaml
  2. Edit the following values in the YAML file.

    Note A simplified example of the YAML file follows these steps.
    1. (Required) Metadata: In metadata, change the name string to the name of your cluster. This must be the same cluster name you use when you apply the license.

    2. (Required) Spec: Change the following required values in spec:

      • Change the adsNodeConfig values to those required for your installation, depending on your license and Astra Data Store installation size:

        • Small: 9 CPU and 38 memory

        • Medium: 23 CPU and 94 memory

      • (Optional) Remove the commenting around the adsNodeSelector section. Configure this if you want to constrain Astra Data Store to install only on a selected pool of worker nodes.

      • (Optional) Specify a specific number of nodes between 4-16 that should be used in the Astra Data Store cluster.

      • Change the mvip string to the IP address of a floating management IP that is routable from any worker node in the cluster.

      • In adsDataNetworks, add a comma-separated list of floating IP addresses (addresses) that are routable from any host where you intend to mount a NetApp volume. Use one floating IP address per node. There should be at least as many data network IP addresses as there are Astra Data Store nodes. For Astra Data Store, this means at least 4 addresses or up to 16 if you plan on expanding the cluster later.

      • In adsDataNetworks, specify the netmask used by the data network.

      • In adsNetworkInterfaces, replace the <mgmt_interface_name> and <cluster_and_storage_interface_name> values with the network interface names you want to use for management, cluster, and storage. If no names are specified, the node’s primary interface will be used for management, cluster, and storage networking. Be sure to also remove the commenting around the adsNetworkInterfaces section.

        Note Cluster and storage networks need to be on the same interface. The Astra Data Store management interface should be same as the Kubernetes node’s management interface.
    3. (Optional) monitoringConfig: If you want to configure a monitoring operator (optional if you are not using Astra Control Center for monitoring), remove the commenting from the section, add the namespace in which the agent CR (monitoring operator resource) is applied (default is netapp-monitoring), and add the repo path for your registry (your_registry_path) that you used in previous steps.

    4. (Optional) autoSupportConfig: Retain the AutoSupport default values unless you need to configure a proxy:

      • For proxyURL, set the URL of the proxy with the port that will be used for AutoSupport bundle transfer.

      Note For brevity, some comments have been removed from the YAML sample below.
    apiVersion: astrads.netapp.io/v1beta1
    kind: AstraDSCluster
    metadata:
      name: astrads-cluster-name
      namespace: astrads-system
    spec:
      adsNodeConfig:
        cpu: 9
        memory: 38
      # [Optional] Specify node selector labels to select the nodes for creating ADS cluster
      # adsNodeSelector:
      #   matchLabels:
      #     customLabelKey: customLabelValue
      adsNodeCount: 4
      mvip: ""
      adsDataNetworks:
        - addresses: ""
          netmask:
      # Specify the network interface names to use for management, cluster and storage networks.
      # If none are specified, the node's primary interface will be used for management, cluster and storage networking.
      # To move the cluster and storage networks to a different interface than management, specify all three interfaces to use here.
      # NOTE: The cluster and storage networks need to be on the same interface.
      adsNetworkInterfaces:
        managementInterface: "<mgmt_interface_name>"
        clusterInterface: "<cluster_and_storage_interface_name>"
        storageInterface: "<cluster_and_storage_interface_name>"
      # [Optional] Provide a monitoring config to be used to setup/configure a monitoring agent.
     # monitoringConfig:
       # namespace: "netapp-monitoring"
       # repo: "[YOUR REGISTRY]"
      autoSupportConfig:
        autoUpload: true
        enabled: true
        coredumpUpload: false
        historyRetentionCount: 25
        destinationURL: "https://support.netapp.com/put/AsupPut"
        # ProxyURL defines the URL of the proxy with port to be used for AutoSupport bundle transfer
        # proxyURL:
        periodic:
          - schedule: "0 0 * * *"
            periodicconfig:
            - component:
                name: storage
                event: dailyMonitoring
              userMessage: Daily Monitoring Storage AutoSupport bundle
              nodes: all
            - component:
                name: controlplane
                event: daily
              userMessage: Daily Control Plane AutoSupport bundle
  3. Deploy the cluster using kubectl apply:

    kubectl apply -f ./astrads/manifests/astradscluster.yaml
  4. Wait a few minutes for the cluster creation operation to complete and then verify that the pods are running:

    kubectl get pods -n astrads-system

    Sample response:

    NAME                                              READY     STATUS    RESTARTS    AGE
    astrads-cluster-controller-7c67cc7f7b-2jww2       1/1       Running   0           7h31m
    astrads-deployment-support-788b859c65-2qjkn       3/3       Running   19          12d
    astrads-ds-astrads-cluster-1ab0dbc-j9jzc          1/1       Running   0           5d2h
    astrads-ds-astrads-cluster-1ab0dbc-k9wp8          1/1       Running   0           5d1h
    astrads-ds-astrads-cluster-1ab0dbc-pwk42          1/1       Running   0           5d2h
    astrads-ds-astrads-cluster-1ab0dbc-qhvc6          1/1       Running   0           8h
    astrads-ds-nodeinfo-gcmj8                         1/1       Running   1           12d
    astrads-ds-nodeinfo-j826x                         1/1       Running   3           12d
    astrads-ds-nodeinfo-vdthh                         1/1       Running   3           12d
    astrads-ds-nodeinfo-xwgsf                         1/1       Running   0           12d
    astrads-ds-support-828vw                          2/2       Running   2           5d2h
    astrads-ds-support-astrads-example-cluster-cfzts  2/2       Running   0           8h
    astrads-ds-support-astrads-example-cluster-nzkkr  2/2       Running   15          7h49m
    astrads-ds-support-astrads-example-cluster-xxbnp  2/2       Running   1           5d2h
    astrads-license-controller-86c69f76bb-s6fb7       1/1       Running   0           8h
    astrads-operator-79ff8fbb6d-vpz9m                 1/1       Running   0           8h
  5. Verify the cluster deployment progress:

    kubectl get astradscluster -n astrads-system

    Sample response:

    NAME                        STATUS    VERSION      SERIAL NUMBER    MVIP       AGE
    
    astrads-example-cluster     created   2022.05.0-X  e100000006       10.x.x.x   13m

During cluster deployment, the operation status should change from blank to in progress to created. Cluster deployment will last approximately 8 to 10 minutes. To monitor cluster events during deployment, you can run either of the following commands:

kubectl get events --field-selector involvedObject.kind=AstraDSCluster -n astrads-system
kubectl describe astradscluster <cluster name> -n astrads-system

The following are key events during deployment:

Event Message and significance

ControlPlaneNodesSelected

Successfully selected [number] control plane nodes to join the ADS cluster. The Astra Data Store operator identified enough nodes with CPU, memory, storage, and networking to create an Astra Data Store cluster.

ADSClusterCreateInProgress

The Astra Data Store cluster controller has started the cluster create operation.

ADSClusterCreateSuccess

The cluster was created successfully.

If the cluster’s status doesn’t change to in progress, check the operator logs for more details on node selection:

kubectl logs -n astrads-system <astrads operator pod name>

If the cluster’s status is stuck as in progress, check the cluster controller’s logs:

kubectl logs -n astrads-system <astrads cluster controller pod name>

Install Astra Data Store using Astra Control Center

To deploy and use Astra Data Store with Astra Control Center, do the following.

What you’ll need

What’s next