The NetApp Astra Control Service like many fine restaurants now supports BYOB, so you can enjoy that special wine with dinner or in Astra’s case use your own buckets with specific attributes like access permissions, performance, resiliency and cost. Unlike most restaurants, Astra does not charge a corkage fee, so you can enjoy using your own buckets without additional cost.
How does Astra use buckets?
Astra uses object storage (buckets) in Azure and Google Cloud as a storage destination when backing up Kubernetes applications and also when cloning applications between Kubernetes clusters, public cloud regions and between public clouds such as Google Cloud to Azure or visa-versa.
By using object storage, Astra ensures backups are located on a separate storage infrastructure than the storage used for application resources such as persistent volumes, and other Kubernetes resources like secrets and config maps. This provides protection from service outages, human error and malicious threats like ransomware attacks.
Why bring your own bucket?
Like a carefully selected wine list, the buckets that Astra uses by default will meet many customers’ needs. However in some situations we want to be more select and use a bucket with different attributes such as:
Let's look at how Astra creates buckets, so we can see if the default meets our needs. Here we use the Azure az cli for this example to list the storage accounts under the resource group Astra created ‘astra-backup-rg’.
$ az storage account list -g astra-backup-rg -o json
{
"accessTier": null,
"allowBlobPublicAccess": null,
"allowCrossTenantReplication": null,
"allowSharedKeyAccess": null,
"enableHttpsTrafficOnly": true,
"encryption": {
"encryptionIdentity": null,
"keySource": "Microsoft.Storage",
"keyVaultProperties": null,
"requireInfrastructureEncryption": null,
"primaryLocation": "eastus",
"resourceGroup": "astra-backup-rg",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
Note. The output above is edited to highlight the key attributes
We can see from the az cli output (or from the Azure web portal) that the object store is encrypted using Azure managed keys, only allows https access, and uses local redundant storage with the standard performance tier. In most cases this meets customer requirements for the backup and cloning of Kubernetes applications by Astra. The next section describes how to create and use your own buckets.
Creating custom buckets
The steps to create a bucket are a little different in every public cloud, here I will create new buckets in Azure using the portal.
After logging in to the portal I selected ‘Storage accounts’ and clicked ‘Create’ to create a new storage account. In the Basics tab I select the ‘astra-backup-rg’ resource group for the storage account, provided a name and region, I then selected Premium performance, Block blobs as the type and ZRS for redundancy across zones.
I then clicked “Next: Advanced >”, “Next: Networking >”, “Next: Data protection >”and then “Next: Tags >” keeping the default settings for each. I then clicked “Next: Review + create >”.
After the configuration was validated I clicked “Create” and after a few seconds the account was created.
I then repeated the steps above to create a storage account for lower cost buckets with standard performance and locally-redundant storage.
Once the storage accounts are created we can now create our buckets (called Containers in Azure) by selecting a storage account, then Containers, click on “+ Container”, provide a Name (astrafast) and click “Create”.
I then selected the ‘slowbuckets’ accounts and created a bucket called astraslow.
Selecting the custom buckets
To add the custom buckets we created in Azure, select Buckets in the Astra UI and then on “+ Add”.
Then select Microsoft Azure, entered the storage account, bucket name, optionally a description and then click Add.
I then added the slow bucket and choose to make it the default bucket for my backups. A few seconds later we see the new buckets are listed.
As some applications may need different attributes Astra provides the flexibility to choose the bucket per application as needed. Once an application is managed by Astra we can configure a backup policy by selecting “Data protection”, and then “Configure protection policy”.
When we select the number of backups to keep in the policy a drop down menu will appear to allow us to select the bucket we want to use for this application, we can then review and apply the policy.
Using a different bucket for On-Demand backups
We can also create On-Demand backups for the application and select a different bucket than the data protection policy uses if needed. In this case I selected astrafast so I can quickly restore or clone the application.
Backing up to a different public cloud
Not only does this new Astra feature provide the flexibility to use buckets with specific attributes from a public cloud such as Azure, it also enables users to backup applications running in one public cloud to a bucket in another public cloud, such as from Azure to Google Cloud. This can be useful to stage migrations or to provide protection from rare public cloud outages.
Here I selected a bucket in Google Cloud as the backup destination for my application running in Azure.
Once the backup is complete, we can use it to quickly clone the application from the backup into the other public cloud, Google Cloud in this example.
After a few minutes we see the application is up and running on our GKE cluster.
Astra Control already provides a rich set of advanced application data management functionality, but we’re just getting started. The Astra team at NetApp is working on more capabilities and is busy supporting Astra in more environments with a broad set of storage providers and Kubernetes platforms. So stay tuned as we accelerate the rollout for Astra Control over the next several months.
Check out Astra Control today and get started with a free plan.