We’re excited to announce the general availability of the latest update for the NetApp® Astra™ Control product family. In this update, we’ve introduced the ability to protect Kubernetes (K8s) applications that span multiple namespaces with custom resources, enabling you to protect and upgrade your most complex and diverse applications quickly and easily.
Astra Control is an application-aware data management solution that protects, recovers, and moves data-rich Kubernetes workloads in public clouds and on premises. It enables data protection, disaster recovery, and mobility for Kubernetes workloads by using NetApp’s industry-leading data management technology for snapshots, backups, replication, and cloning.
Astra Control has two variants: Astra Control Service and Astra Control Center. Astra Control Service is a fully managed software-as-a-service (SaaS) offering operated by NetApp, whereas Astra Control Center offers the same data management functionality, packaged as a self-managed software suite.
Let’s review the key functionality introduced for Astra Control in this release.
The Kubernetes API doesn’t define the concept of an “application,” but Astra does, allowing you to quickly group entities and resources you want to protect as an independent unit. Until now, Astra auto-detected your applications on a K8s cluster and allowed you to create applications with namespace-scoped resources and custom resources based on the Astra single-namespace-centric application definition. With this update, you can create applications by grouping an arbitrary number of namespaces and a select set of cluster wide resources, including custom resource definitions (CRDs). This means you can now use Astra’s application definition framework to match your complex K8s workloads. Besides data protection, this feature is useful for other use cases. To support blue-green upgrade strategies, you can collectively migrate or move several namespaces by “selecting all” namespaces and cloning them to an alternate Kubernetes cluster.
Namespace grouping
You can now create K8s applications to include more than one namespace. So, to protect an end-user-consumable service that spans multiple namespaces, you can set a single application data protection policy for all included namespaces that provide the service. For example, you can group namespaces that implement logging, messaging, and business logic together as one application to protect. The following screenshot captures the functionality:
Enhanced cluster-scoped resource handling
Until now, Astra detected and protected the cluster-scoped resources, including CRDs that use the custom resources embedded in the namespace of the application managed by Astra. With this update, you can add arbitrary CRDs and additional instances of supported cluster-scoped resources to match your application needs. The following screenshot shows this functionality:
Multiple apps per namespace through labels and label selectors
We’ve made it easier to use Kubernetes labels and label selectors to define apps that share a subset of the resources within a namespace. You can label the resources appropriately and then use a label selector to group resources that you want to protect or move (as a part of an upgrade or migration procedure). Support for labels and label selectors provides a lot of flexibility, offering you a powerful application definition framework for all your K8s workloads.
With Astra Control Service, K8s applications can now fail over across clusters that are hosted in separate projects (Google Cloud), subscriptions (Azure), or accounts (AWS). This feature allows you to create clusters in distinct Astra cloud instances that map to projects, subscriptions, or accounts; add them to Astra; and restore or clone applications among them. Support for multiple projects, subscriptions, or accounts in one Astra account enables you to separate responsibility requirements across infrastructure teams. You can address cloud providers’ quota limits on a single project, subscription, or account by spreading your clusters.
Astra Control Service is now available to purchase through the AWS Marketplace with a “term” subscription. Ask your sales team for full details, or email ng-AstraSales@netapp.com. The unit we meter for billing purposes is now a protected namespace instead of a protected app. This new billing model charges only for the total number of namespaces protected, independent of the number of apps.
Astra Control Center now provides an option to integrate with Lightweight Directory Access Protocol (LDAP) servers to streamline the user authentication process and automate administrative tasks such as creating users, assigning roles, and adding constraints. LDAP is an industry-standard protocol for accessing distributed directory information and a popular choice for enterprise authentication. LDAP integration allows Astra to use your existing LDAP server as the primary source of user data.
Astra Control Service now supports self-managed K8s platforms like OpenShift Container Platform, Rancher Kubernetes Engine, and upstream Kubernetes in addition to fully managed Kubernetes services in the public cloud (Google Kubernetes Service, Azure Kubernetes Service, and Amazon EKS). So, you can use the fully managed service to protect workloads on a broader set of Kubernetes platforms.
Sayan Saha is a product executive with open-source software product management experience spanning Linux-based platform software, containers, Kubernetes, high-availability/clustering software, virtualization, hyper-converged systems, and software-defined storage. At NetApp, he runs product management for Astra—a fully managed (SaaS) multihybrid cloud data management platform for Kubernetes applications. Before NetApp, he was a product management leader at AWS and Red Hat, where he led cloud file storage, distributed storage, and Kubernetes storage products.