This guide provides instructions to upgrade directly from Astro Private Cloud (APC) 0.37.4 to 2.0. This is a major upgrade that includes platform-level infrastructure changes (NATS JetStream migration, component replacements) as well as a comprehensive values.yaml schema migration.
This upgrade deletes and recreates several platform components (NATS, STAN, the APC API). The platform will be unavailable for creating or updating Deployments during the upgrade. Plan a maintenance window and notify your users before starting.
If you are already on APC 1.x, use the simpler Upgrade to 2.0 from 1.x guide instead. That guide doesn’t require the platform-level migration steps described here.
Upgrade to APC 0.37.4 if you’re on an earlier version.
Back up your platform database. At minimum, create a snapshot or backup of your PostgreSQL database (RDS snapshot, Azure backup, Cloud SQL backup, or pg_dump).
Verify that all platform and Airflow Deployment Pods are healthy:
If you use Astronomer Units (AU) for resource configuration, convert to CPU/memory settings while still on 0.37.x — the steps live on the APC 1.0 breaking changes page because that migration was required for the 1.0 release. The AU-to-CPU/memory migration script was removed in 1.0 and isn’t available in 2.0.
Check for duplicate workspace labels in your database. The upgrade includes a migration that adds a unique constraint to workspace labels, and it will fail if duplicates exist:
If this query returns any results, rename or remove the duplicate workspaces before proceeding.
Remove any deprecated Helm values from your values.yaml that are no longer recognized in 2.0. See Breaking changes and removals for the full list.
Python 3.10 or later installed on your local computer (required for the values migration script).
Install the ruamel.yaml Python package:
(Optional) Capture logs from your NATS and STAN instances before the upgrade:
For help with upgrade issues, see Debug upgrade.
When upgrading from APC 0.x.x to 2.0, APC creates a new control plane NGINX ingress Service (astronomer-cp-nginx) and a new LoadBalancer. The previous ingress and LoadBalancer are replaced.
You must:
This change occurs because the control plane ingress Service name changes from astronomer-nginx (0.x) to astronomer-cp-nginx (2.0), which causes Kubernetes to provision a new external LoadBalancer with a new public IP/hostname. Prepare these updates before performing the upgrade.
Example (your output will vary by cloud/provider):
If you are on OpenShift and manage your own Routes or use a third-party ingress controller instead of the platform’s built-in NGINX ingress, this LoadBalancer change doesn’t apply to you. You can skip the DNS update step later in this guide.
If you explicitly set a static or internal loadBalancerIP under nginx in your values.yaml (for example, when using an internal GKE load balancer with privateLoadBalancer: true), the Helm chart passes that IP through to the new astronomer-cp-nginx Service. Kubernetes binds the new LoadBalancer to the same IP you provided, so the external IP doesn’t change and no DNS update is required.
In this scenario, you can skip the DNS update step later in this guide. You should still update firewall, allowlist, and TLS configurations if they reference the previous Service name.
The behavior depends on the cloud provider’s LoadBalancer implementation and whether it supports reusing a specified IP. Astronomer recommends verifying on your target platform before the production upgrade. For more information, see the Kubernetes Service documentation.
The migration scripts are located in the bin/ folder of the Astronomer Helm chart repository. Clone the repository and check out the release-2.0 branch:
The script you need for this upgrade path is bin/migrate-helm-chart-values-037x-to-2x.py.
values.yamlThe 0.37.x-to-2.x migration is a comprehensive transformation that includes feature flag restructuring, removal of obsolete components, key renames, value updates, new platform keys, and APC API configuration flag restructuring under astronomer.houston.config.deployments. The migration script automates the entire transformation.
Example output:
If you see No migrations needed, your file is already compatible with 2.0.
This modifies your file directly and creates my-values.yaml.bak as a backup.
Open the migrated file and verify the changes look correct. Pay special attention to:
global.plane.mode is set to "unified". This is equivalent to how 0.37.x operates and is required for the initial upgrade.Run a Helm upgrade dry run to verify that the upgrade will succeed:
Replace 2.0.x with the specific patch version you are upgrading to.
Don’t proceed with the remaining steps until the dry run completes successfully. If it fails, resolve the reported errors first.
Before upgrading, you must migrate from STAN to JetStream. Run the following commands to remove legacy STAN components:
astronomer-bootstrap secret with database nameEnsure the astronomer-bootstrap secret includes a database name suffix in connection (for example, /postgres). This prevents Postgres connection errors during or after the upgrade.
A connection string with a database name looks like:
A connection string without a database name looks like:
If your connection string already includes a database name, skip to Step 6.
The default database name depends on your cloud provider:
postgres (standard default; main may appear only in specific legacy or custom configurations)postgrespostgresIf you’re unsure, connect to your PostgreSQL instance and run \l to list available databases.
Delete the APC Deployment to avoid a known Helm patch conflict related to environment variable ordering changes between versions.
The --cascade=orphan flag keeps the APC Pods running during the delete operation. The Helm upgrade in the next step recreates the Deployment with the correct configuration.
If you skip this step and encounter a Helm patch error during the upgrade, see Debug upgrade for the workaround.
Ensure that your migrated values.yaml includes the unified mode configuration:
After upgrading to 2.0 in unified mode, you can optionally add separate data planes to run Airflow Deployments in other clusters.
Complete all pre-upgrade steps (database backup, STAN/NATS deletion, bootstrap secret patch, APC Deployment deletion, values migration) before running the upgrade command.
Replace 2.0.x with the specific patch version you are upgrading to.
For airgapped environments that can’t access the internet, download the Helm chart .tgz file directly from the Astronomer Helm repository:
Replace <version> with the specific version you are upgrading to. Upload this file to your internal artifact repository, then reference it in your helm upgrade command.
After the platform upgrade completes and all Pods are running, restart NATS and APC API components to ensure the new JetStream components and APC API services are connected and synchronized:
After the rollout completes, verify the Pods have been recreated by checking their age:
All Pods should show a recent AGE (a few minutes). If any Pods show an older age, delete them manually to force recreation:
APC 2.0 creates a new control plane NGINX ingress Service (astronomer-cp-nginx) with a new LoadBalancer. You must complete this step before you can access the Astro UI or API.
Skip this step if either of the following applies:
loadBalancerIP under nginx in your values.yaml. In this case, the new Service binds to the same IP and no DNS update is required. Confirm by comparing the EXTERNAL-IP returned by the following command to the IP in your values.yaml.Get the new load balancer address:
Update your DNS records to point to the new load balancer IP or hostname. This includes all subdomains for your base domain (for example, app.<baseDomain>, houston.<baseDomain>, registry.<baseDomain>).
After you have validated that all platform Pods are healthy, upgrade your Airflow Deployments to ensure compatibility with 2.0.
Existing Airflow Deployments typically continue to function after the platform upgrade without immediate action. However, Astronomer recommends upgrading Deployments to ensure full compatibility with the new platform version.
To upgrade Deployments, use one of the following approaches:
upsertDeployment mutation for programmatic or bulk upgrades.bin/migrate-helm-chart-values-037x-to-2x.py on the Astronomer Helm chart release-2.0 branch includes every shared rule from Values migration reference in bin/helm_chart_values_migration_shared.py, and the 0.37-only steps in the tables below. The script runs, in order: (1) apply_global_feature_flag_rules_to_all; (2) the 0.37 MIGRATIONS list in migrate-helm-chart-values-037x-to-2x.py (every DeleteKey, RenameKey, SetValue, and AddKeyIfMissing in that file); (3) the same MIGRATIONS against nested global maps; (4) apply_houston_config_flag_migrations; (5) apply_houston_deployment_migrations; (6) apply_nginx_csp_policy_migrations. The 1.x script uses the same APC API and nginx steps but a different order and adds strictSchemaCheck at the end; the 0.37 script adds strictSchemaCheck during step (2). Use --dry-run to see the exact list for your file.
The following tables are the complete 0.37-only portion (the full MIGRATIONS list from that script).
The migration script adds these keys with default values if they aren’t already present. Review each key and override the default if it doesn’t match your environment.
If you need to revert the values migration:
Restore your backup:
To downgrade the chart after a Helm upgrade: