Upgrade to Astro Private Cloud 2.0

Breaking changes and removals

Astro Private Cloud (APC) 2.0 restructures, renames, and removes several Helm values. This page outlines each change, its user impact, and migration steps.

If you are upgrading from APC 1.x, the changes below represent the incremental differences from 1.x to 2.0. If you are upgrading from 0.37.x directly to 2.0, the 1.0 breaking changes also apply.

Feature flag restructuring (boolean → nested)

Background

In APC 2.0, scattered global.* boolean flags are reorganized into domain-grouped structures with a consistent .enabled pattern. This improves consistency and makes the configuration schema easier to extend.

Affected keys

Old PathNew Path
global.rbacEnabledglobal.rbac.enabled
global.sccEnabledglobal.scc.enabled
global.openshiftEnabledglobal.openshift.enabled
global.networkNSLabelsglobal.networkNSLabels.enabled
global.namespaceFreeFormEntryglobal.namespaceManagement.namespaceFreeFormEntry.enabled
global.taskUsageMetricsEnabledglobal.metricsReporting.taskUsageMetrics.enabled
global.deployRollbackEnabledglobal.deploymentLifecycle.deployRollback.enabled
global.podDisruptionBudgetsEnabledglobal.podDisruptionBudgets.enabled
global.postgresqlEnabledglobal.postgresql.enabled
global.prometheusPostgresExporterEnabledglobal.prometheusPostgresExporter.enabled
global.manualNamespaceNamesEnabledglobal.namespaceManagement.manualNamespaceNames.enabled
global.enablePerHostIngressglobal.perHostIngress.enabled
global.enableArgoCDAnnotationglobal.argoCD.annotation.enabled
global.disableManageClusterScopedResourcesglobal.manageClusterScopedResources.enabled (inverted: false becomes true)
global.astronomerEnabledglobal.astronomer.enabled
global.nginxEnabledglobal.nginx.enabled
global.alertmanagerEnabledglobal.alertmanager.enabled
global.grafanaEnabledglobal.grafana.enabled
global.kubeStateEnabledglobal.kubeState.enabled
global.prometheusEnabledglobal.prometheus.enabled
global.elasticsearchEnabledglobal.elasticsearch.enabled
global.vectorEnabledglobal.daemonsetLogging.enabled
global.fluentdEnabledglobal.daemonsetLogging.enabled

Subtree moves

Old PathNew Path
global.features.namespacePools.*global.namespaceManagement.namespacePools.*
global.dagOnlyDeployment.*global.deployMechanisms.dagOnlyDeployment.*
global.loggingSidecar.*global.logging.loggingSidecar.*

Impact

  • APC 2.0 silently ignores any values.yaml overrides that use the old key paths, causing values to fall back to chart defaults.

Required action

Run the appropriate migration script before upgrading. The scripts are in the bin/ folder of the Astronomer Helm chart repository on the release-2.0 branch:

  • From 1.x: bin/migrate-helm-chart-values-1x-to-2x.py
  • From 0.37.x: bin/migrate-helm-chart-values-037x-to-2x.py

APC API config deployment flag restructuring

Background

In addition to the global.* feature flags, the APC API configuration flags under astronomer.houston.config.deployments have also been restructured into domain-grouped nested paths. The migration scripts handle these automatically.

Restructured keys (boolean → nested)

Old keyNew path
dagProcessorEnabledairflowComponents.dagProcessor.enabled
triggererEnabledairflowComponents.triggerer.enabled
configureDagDeploymentdeployMechanisms.configureDagDeployment.enabled
gitSyncDagDeploymentdeployMechanisms.gitSyncDagDeployment.enabled
nfsMountDagDeploymentdeployMechanisms.nfsMountDagDeployment.enabled
enableListAllRuntimeVersionsruntimeManagement.listAllRuntimeVersions.enabled
enableUpdateDeploymentImageEndpointdeploymentImagesRegistry.updateDeploymentImageEndpoint.enabled
grafanaUIEnabledmetricsReporting.grafana.enabled
hardDeleteDeploymentdeploymentLifecycle.hardDeleteDeployment.enabled
logHelmValueslogHelmValues.enabled
manualReleaseNamesnamespaceManagement.manualReleaseNames.enabled

All paths above are relative to astronomer.houston.config.deployments.

Relocated keys

Old keyNew path
pgBouncerResourceCalculationStrategydatabaseManagement.pgBouncerResourceCalculationStrategy
serviceAccountAnnotationKeydeploymentImagesRegistry.serviceAccountAnnotationKey

Deleted keys

Deleted keyReason
astroUnitsEnabledAstro Units resource strategy replaced by config governance for deployments
resourceProvisioningStrategyAstro Units resource provisioning strategy removed
maxPodAuObsolete resource capacity setting
upsertDeploymentEnabledDeprecated deployment upsert flag
canUpsertDeploymentFromUIDeprecated UI upsert flag
enableSystemAdminCanCreateDeprecatedAirflowsLegacy Airflow version creation flag removed

Impact

  • APC 2.0 silently ignores any values.yaml overrides that use the old key paths under astronomer.houston.config.deployments, causing values to fall back to APC API defaults.

Required action

Run the appropriate migration script before upgrading. The scripts handle both global.* and astronomer.houston.config.deployments.* key restructuring.

Fluentd replaced by Vector (0.37.x → 2.0 only)

This change was introduced in APC 1.0. If you are upgrading from 1.x, Fluentd was already replaced and no action is needed.

Background

APC 2.0 uses Vector for log collection instead of Fluentd. The migration script renames the top-level fluentd key to vector, preserving resource requests and limits.

Impact

  • Resource values (CPU, memory) carry over automatically.
  • Custom Fluentd configuration — such as custom pipelines, filters, output plugins, or parser definitions — doesn’t translate to Vector format.

Required action

If you have custom Fluentd configuration:

1

Document your Fluentd customizations

2

Recreate your customizations in Vector format

Refer to the Vector documentation for guidance.

3

Update the Vector configuration

Update the vector section in your migrated values file with the new Vector-compatible configuration.

Kibana removed (0.37.x → 2.0 only)

This change was introduced in APC 1.0. If you are upgrading from 1.x, Kibana was already removed.

Background

APC 2.0 no longer includes Kibana. The migration script deletes the top-level kibana section.

Impact

  • The kibana.<BASEDOMAIN> endpoint is no longer available after upgrade.
  • Elasticsearch remains available for log storage and can be queried directly or via external tools.

Required action

If you rely on Kibana for log viewing, set up an alternative log viewing solution (such as Grafana with Loki, or direct Elasticsearch queries) before upgrading.

Prometheus blackbox exporter removed (0.37.x → 2.0 only)

This change was introduced in APC 1.0. If you are upgrading from 1.x, the blackbox exporter was already removed.

Background

APC 2.0 no longer includes the Prometheus blackbox exporter. The migration script deletes the top-level prometheus-blackbox-exporter section.

Impact

If you rely on blackbox probing for uptime monitoring of platform services, that monitoring will stop after the upgrade.

Required action

Set up alternative uptime monitoring before upgrading if you depend on blackbox exporter probes.

PgBouncer port changed: 5432 → 6543 (0.37.x → 2.0 only)

This change was introduced in APC 1.0. If you are upgrading from 1.x, the port was already changed.

Background

The default PgBouncer service port changes from 5432 to 6543 to avoid conflict with the PostgreSQL default port.

Impact

External services or scripts connecting to PgBouncer on port 5432 will fail to connect after the upgrade.

Required action

Update any external services, connection strings, or scripts that reference the PgBouncer port. If you need to keep port 5432, set global.pgbouncer.servicePort: "5432" in your override file after migration.

PgBouncer secret key renamed (0.37.x → 2.0 only)

This change was introduced in APC 1.0. If you are upgrading from 1.x, this key was already renamed.

Background

The PgBouncer configuration key global.pgbouncer.krb5ConfSecretName is renamed to global.pgbouncer.secretName. The migration script handles this automatically.

Impact

The underlying Kubernetes Secret is unchanged — only the Helm values key name changes.

Required action

Verify that the value carried over correctly after migration.

NATS JetStream enabled by default (0.37.x → 2.0 only)

This change was introduced in APC 1.0. If you are upgrading from 1.x, JetStream is already enabled.

Background

In 0.37.x, global.nats.jetStream.enabled defaults to false. In 2.x, it defaults to true.

Impact

JetStream requires persistent storage. Ensure your cluster has a storage class available for JetStream volumes.

Required action

Verify that your cluster supports persistent volumes for NATS JetStream. If you need to keep JetStream disabled, set global.nats.jetStream.enabled: false in your override file after migration.

Deleted keys (0.37.x → 2.0 only)

APC 2.0 removes the following keys. If you are upgrading from 1.x, 1.0 already removed them.

Deleted KeyReason
global.singleNamespaceSingle-namespace mode no longer supported
global.veleroEnabledVelero integration removed from chart
global.enableHoustonInternalAuthorizationInternal authorization replaced by mode-based gating
global.nodeExporterSccEnabledNode exporter SCC no longer needed
global.stanNATS Streaming replaced by NATS JetStream
tags.stanNATS Streaming tag removed
stan (top-level)NATS Streaming deployment removed

New keys added with defaults

The migration script adds the following keys with default values if they aren’t already present. Review each key and override the default if it doesn’t match your environment.

Key PathDefault ValueDescription
global.authHeaderSecretName~ (null)Kubernetes secret for cross-plane authentication — set if running in multi-plane mode
global.plane.mode"unified"Platform operating mode: control, data, or unified
global.plane.domainPrefix""Cluster identifier prefix for multi-plane DNS
global.podLabels{}Labels applied to every Pod
global.logging.provider~ (null)Logging provider identifier
nats.init.resources.requests.cpu"75m"NATS init container CPU request
nats.init.resources.requests.memory"30Mi"NATS init container memory request
nats.init.resources.limits.cpu"250m"NATS init container CPU limit
nats.init.resources.limits.memory"100Mi"NATS init container memory limit