# Sermant Injector User Manual

Sermant Injector is developed based on the Kubernetes Admission Controllers feature. Admission Controllers are located in the k8s API Server and can intercept requests to the API Server to perform authentication, authorization, and modification operations. This article describes how to use the Sermant Injector component in a k8s environment to quickly deploy the Sermant Agent package automatically to host applications.

Sermant Injector is a MutatingAdmissionWebhook that can intercept and modify requests before creating container resources. After Sermant Injector is deployed on K8s, just add sermant-injection: enabled to the YAML file of the host application deployment configuration at the spec > template > metadata> labels ' then the host application can automatically mount the sermant-agent package. Additionally, Sermant Injector supports configuring environment variables via annotations. How the deployed applications can automatically mount Sermant and configure environment variables via annotations is described in Deploy Host Application below.

# Parameter Configuration

# Parameter Configuration for Sermant Injector

This project adopts Helm for Kubernetes package management. The parameters for deploying Sermant Injector are set in sermant-injector/deployment/release/values.yaml (opens new window).

namespace:
  name: default

injector:
  replicas: 2
  image:
    addr:
    pullPolicy: IfNotPresent
    pullSecrets: default-secret

agent:
  image:
    addr:
    pullPolicy: IfNotPresent

config:
  type: ZOOKEEPER
  endpoints: http://localhost:30110
registry:
  endpoints: http://localhost:30100

configMap:
  enabled: false
  namespaces: [default]
  env:

The parameters are described as follows:

Primary Parameter Key Second Parameter Key Third Parameter Key Description Required
namespace name - The namespace where the Sermant Injector resides. True
injector replicas - Number of deployed Sermant Injector instances. True
image addr The mirror address of Sermant Injector. True
pullPolicy Sermant Injector image pull strategy: Always(always pull), IfNotPresent(default value, use local mirror if exists), Never(only use local mirror and never pull). True
pullSecrets Pull secrets. The default key is default-secret and you can change it on command. True
agent image addr The mirror address of Sermant Agent. True
pullPolicy Sermant Agent image pull strategy: Always(always pull), IfNotPresent(default value, use local mirror if exists), Never(only use local mirror and never pull). True
config type - Sermant Agent configuration center types: Currently supports ZooKeeper, Kie, and Nacos. True
endpoints - Configuration center address of Sermant Agent. True
registry endpoints - Registration center address of Sermant Agent. True
configMap enabled - General environment variable configuration switch, default is false; set to true to enable. True
namespaces - The namespaces to be injected with configMap which must be the same as that of the service application. True
env custom key1 You can configure custom value1. False
custom key2 You can configure custom value2. False

General environment variable configuration:

Sermant Injector supports configuring custom environment variables for the pods of host applications. This is done by modifying the configMap.env content in sermant-injector/deployment/release/injector/values.yaml, provided that configMap.enabled is set to true and configMap.namespace is correctly configured. The configuration of general environment variables is as follows (in kv format):

configMap:
  enabled: true
  namespaces: [default, test]
  env:
  	TEST_ENV1: abc
  	TEST_ENV2: 123456

For example, during the use of Sermant, certain configurations are common to all pods in the current k8s cluster, such as ip and port of the Backend. You can configure it here:

configMap:
  enabled: true
  namespaces: [default]	
  env:
    gateway.nettyIp: 127.0.0.1
    gateway.nettyPort: 6888

This ensures that all pods in the default namespace with mounted Sermant are connected to the specified Backend.

Note : The priority of environment variables configured configMap is lower than that of env in yaml of host application. Because config.type, config.endpoints, and registry.endpoints are essentially env loaded environment variables, they also take precedence over the corresponding sermant environment variables configured with configMap.

# Parameter Configuration for mirror scripts

build-sermant-image.sh (opens new window)

Parameters Description Required
sermantVersion Version of sermant-agent-x.x.x.tar.gz True
imageName Image name of sermant-agent mirror True
imageVersion Image version of sermant-agent mirror True

build-injector-image.sh (opens new window)

Parameters Description Required
imageName Image name of Sermant Injector mirror True
imageVersion Image version of Sermant Injector mirror True

# Version Supported

Sermant Injector currently supports deployment on Kubernetes 1.15 and above, using Helm v3 for Kubernetes package management.

# Startup and Result Validation

Before deploying Sermant Injector, you need to build the Sermant Agent image and the Sermant Injector image first.

# 1 Build Image of Sermant Agent

# Prepare Sermant Agent package

Click here (opens new window) to download latest release package sermant-agent-x.x.x.tar.gz or you can package sermant yourself.

# Build Image

Modify the values of sermantVersion, imageName, and imageVersion in the build-sermant-image.sh script located in the sermant-injector/images/sermant-agent folder.

On a Kubernetes node, place build-sermant-image.sh and Sermant.Dockerfile in the same directory as the release package sermant-agent-xxx.tar.gz, then execute the build-sermant-image.sh script to complete the creation of the Sermant Agent image.

sh build-sermant-image.sh

To push the image to the image repository, run the docker push ${imageName}:{imageVerison} command.

# 2 Build Image of Sermant Injector

# Prepare Sermant Injector package

Execute the mvn clean package command under the Sermant Injector project directory to generate the sermant-injector.jar file in the project directory.

# Create the Sermant Injector image

Modify the values of imageName and imageVersion in the build-injector-image.sh script located in the sermant-injector/images/injector folder:

On a Kubernetes node, place build-injector-image.sh, start.sh and Injector.Dockerfile in the same directory as the Sermant Injector package sermant-injector.jar, then execute the build-injector-image.sh script to complete the creation of the Sermant Injector image.

sh build-injector-image.sh

To push the image to the image repository, run the docker push ${imageName}:{imageVerison} command.

# 3 Deploy the Sermant Injector instance

Before containerizing and deploying the host application, you need to first deploy the Sermant Injector instance. This project uses Helm for Kubernetes package management, utilizing the injector Chart template found in sermant-injector/deployment/release.

Modify the template variables in values.yaml according to your environment, then execute the helm install command to deploy the Sermant Injector instance in Kubernetes:

helm install Sermant Injector sermant-injector/deployment/release/injector

Check that the Sermant Injector deployment pod status is running.

At this point, the environment configuration work before deploying the host application is complete.

# 4 Deploy Host Application

# Automatically mount Sermant

After completing the deployment of the Sermant Injector, users can write YAML to deploy the K8s Deployment resource according to their application needs. To automatically mount the Sermant Agent, simply add sermant-injection: enabled at the spec > template > metadata > labels level. (If you later decide not to mount it, you can remove this label and restart the application.)

# Configuring Environment Variables via Annotations

If users wish to configure custom environment variables in the Deployment, they can add the appropriate key-value pairs at the spec > template > metadata > annotations level. The configuration method can be referenced in the example below.

For instance, using env.sermant.io/key1: "value1", the configuration rule is: env.sermant.io/ is the standard prefix for configuring environment variables via annotations, key1 is the custom environment variable name configured by the user, and value1 is the custom environment variable value configured by the user.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-test
  namespace: default
  labels:
    app: demo-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-test
  template:
    metadata:
      labels:
        app: demo-test
        sermant-injection: enabled
      annotations:
        env.sermant.io/key1: "value1"
        env.sermant.io/key2: "value2"
    spec:
      containers:
      - name: image
        # Please replace with your application image
        image: image:1.0.0
        ports: 
        - containerPort: 8080

If the pod cannot be created, please check whether the Sermant Injector is deployed correctly and if the Sermant Agent image is built properly.

# 5 Verification

After the pod is created successfully, execute the following command, where ${pod_name} is the name of the host application's pod:

kubectl get po/${pod_name} -o yaml

1.Check if the output from the command includes an environment variable under spec > containers > env with name as JAVA_TOOL_OPTIONS and value as -javaagent:/home/sermant-agent/agent/sermant-agent.jar=appName=default.

2.Verify if the value of spec > containers > initContainers > image in the output is the image address used when building the Sermant Agent image.

Run the following command, where ${pod_name} is the name of your application's pod and ${namespace} is the namespace where your application is deployed:

kubectl logs ${pod_name} -n ${namespace}

3.Check if the beginning of the pod logs from the command output contains:

[INFO] Loading sermant agent...

If the above information is correct, it indicates that the Sermant Agent has been successfully mounted to your application.

Last Updated: 12/13/2024, 2:38:15 AM