Prodvana supports Kubernetes-based Runtimes through an Agent that runs in the cluster.

How it works

The Prodvana Agent initiates a secure communication channel to the Prodvana backend; this allows Prodvana to work with Kubernetes clusters that are not exposed publicly. After establishing the communication channel, the Prodvana backend uses the Agent to manage deployments in the cluster.

Because the Agent must initiate the communication channel, it must be installed to the Kubernetes cluster outside of Prodvana when the runtime is initially linked.

Linking and Managing a Kubernetes Runtime

Interactive

You link a Kubernetes runtime using the Web UI or the pvnctl runtimes add-k8s-magic CLI command. Both methods provide you with a Kubernetes YAML configuration file that, when applied via kubectl, will deploy the agent to your cluster.

After linking, the lifecycle of the Agent is either managed by Prodvana or managed externally.

Prodvana Managed Agent

The Prodvana backend will keep the Agent up to date automatically after it is first linked. This is the recommended option.

Externally Managed Agent

The Prodvana backend will not keep the Agent up to date. This option is best for organizations that want to manage the version of software running within their cluster explicitly, at the cost of taking on additional work of upgrading the agent regularly.

Prodvana updates the Agent image once a month and will support the last 3 versions. This means Agents must be updated at a minimum once per quarter.

🚧

If an agent is left on an unsupported version, Prodvana may be unable to manage your runtime.

Here's an example Kubernetes configuration for the Agent:

---
apiVersion: v1
kind: Namespace 
metadata:
  name: prodvana

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: prodvana
  namespace: prodvana

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: prodvana-access
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: prodvana
  namespace: prodvana

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: prodvana-agent
  namespace: prodvana
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prodvana-agent
  template:
    metadata:
      labels:
        app: prodvana-agent
    spec:
      serviceAccountName: prodvana
      containers:
      - name: agent
        image: us-docker.pkg.dev/pvn-infra/pvn-public/agent:v0.1.0 
        args:
        - /agent
        - --clusterid
        - <runtime id>
        - --auth
        - <agent auth token>
        - --server-addr
        - api.<org_slug>.prodvana.io

Terraform

The Prodvana Terraform Provider can be used to manage runtimes as well:

Prodvana Managed Agent

You can use the prodvana_managed_k8s_runtime resource to have the Prodvana provider create and apply the Agent Kubernetes config. Prodvana will also handle automatically updating the agent. For example:

resource "google_container_cluster" "primary" {
  name = "my-gke-cluster"
  ...
}

resource "prodvana_managed_k8s_runtime" "example" {
  name = "my-runtime"
  
  endpoint               = google_container_cluster.primary.endpoint
  client_certificate     = google_container_cluster.primary.master_auth.0.client_certificate
  client_key             = google_container_cluster.primary.master_auth.0.client_key
  cluster_ca_certificate = google_container_cluster.primary.master_auth.0.ca_certificate
}
  
resource "prodvana_release_channel" "example" {
  name = "my-release-channel"
  runtimes = [
    {
      runtime = prodvana_managed_k8s_runtime.example.name
    }
  ]
}

Externally Managed Agent

You can use the prodvana_k8s_runtime and prodvana_runtime_link resources to manage the Agent lifecycle externally:

resource "prodvana_k8s_runtime" {
	name = "my-runtime"
}

# Full Kubernetes setup elided...

# deploy the Prodvana agent to the Kubernetes cluster
resource "kubernetes_namespace" "prodvana" {
  metadata {
    name = "prodvana"
  }
}

resource "kubernetes_service_account" "prodvana" {
  metadata {
    name      = "prodvana"
    namespace = kubernetes_namespace.prodvana.metadata[0].name
  }
}

resource "kubernetes_cluster_role_binding" "prodvana" {
  metadata {
    name = "prodvana-access"
  }

  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "cluster-admin"
  }

  subject {
    kind      = "ServiceAccount"
    name      = "prodvana"
    namespace = kubernetes_namespace.prodvana.metadata[0].name
  }
}

resource "kubernetes_deployment" "agent" {
  metadata {
    name      = "prodvana-agent"
    namespace = kubernetes_namespace.prodvana.metadata[0].name
  }

  spec {
    replicas = 1

    selector {
      match_labels = {
        app = "prodvana-agent"
      }
    }

    template {
      metadata {
        labels = {
          app = "prodvana-agent"
        }
      }

      spec {
        service_account_name = kubernetes_service_account.prodvana.metadata[0].name
        container {
          name  = "agent"
          image = resource.prodvana_k8s_runtime.cluster.agent_image
          args  = resource.prodvana_k8s_runtime.cluster.agent_args
        }
      }
    }
  }
}

# this resource will complete only after the agent
# registers itself with the Prodvana API
resource "prodvana_runtime_link" "example" {
  id = prodvana_k8s_runtime.example.id
}

resource "prodvana_release_channel" "example" {
  name = "my-release-channel"
  runtimes = [
    {
      # now you can reference the runtime from the runtime_link resource
      # and be sure that the runtime has been fully linked prior to use
      runtime = prodvana_runtime_link.example.name
    }
  ]
}

Prodvana Agent Updates