Overview

This article outlines recommended maintenance considerations for operators running self-hosted Upbound Spaces deployments. It covers upgrade cadence, backups, certificate management, and operational health checks.

Upgrade Cadence

Keeping Spaces and UXP up to date is the most important maintenance activity. Falling behind on versions increases the risk of running into known issues and makes future upgrades harder.

• Spaces: Review release notes with each new release. Plan to upgrade within one to two minor versions of the latest release.

• UXP / Crossplane: Upgrade UXP in line with your Spaces upgrade. Each Spaces version ships with a tested UXP version — refer to the compatibility matrix in the release notes.

• Providers: Review provider versions regularly. Stale providers are a common source of reconciliation issues and missing features.

Backups and Retention

• Configure SharedBackupConfig as well as SpaceBackup to back up control plane state on a regular schedule (e.g. daily).

• Define a retention policy that meets your recovery point objectives — avoid indefinite retention as it will accumulate storage costs.

• Periodically validate that backups are restorable — a backup that has never been tested is an untested assumption.

 Certificate Rotation

 Spaces uses cert-manager to manage certificates automatically. By default:

• spaces-ca has a 1-year duration

• spaces-controller-webhook has a 90-day duration

 No manual intervention is required under normal conditions. However:

• If you are using a custom CA (e.g. an external PKI or Vault), ensure your CA rotation process also triggers renewal of Spaces certificates that reference it

• Monitor certificate expiry via your existing observability tooling

 MXP Namespace and Resource Allocation

• Periodically review resource requests and limits for control plane pods, particularly as you scale the number of control planes

• Ensure your cluster has sufficient node capacity headroom for new control plane provisioning

• Review PodDisruptionBudget settings if you perform regular node pool maintenance or upgrades

 Control Plane Health

• Regularly check that all control planes are in Ready state: kubectl get controlplane -A

• Investigate control planes that have been in a non-ready state for extended periods — this can indicate provisioning failures or resource pressure 

• Review provider health inside control planes periodically, especially after upgrades

 Kubernetes Maintenance

• Coordinate host cluster node upgrades with a Spaces maintenance window — node recycling can temporarily impact control plane availability

• Ensure the Kubernetes version in use is within the supported range for your Spaces version