While exploring ServiceNow product documentations, you may not find much information related to the discovery of Open shift infrastructure but they are available and grouped along with Kubernetes discovery patterns. This is because Open shift components are partly built on top of Kubernetes and it forms the kernel for the containerized platform. This blog would cover details on setting up an Open shift discovery within ServiceNow. The following steps are required to be followed for enabling its discovery:
Configuration Steps
-
Install/Update to the latest version of "Discovery and Service Mapping Patterns" (sn_itom_pattern) plugin
-
Setup a Mid server in one of the virtual machine connected with the open shift infrastructure
-
Identify all Open shift clusters and related details required for discovery. You will need to access the open shift container platform and execute certain commands to fetch the details. The OC CLI should be installed and you should reach out to your open shift admin who should be aware of these commands
a. OC Cluster URL and port - This command will provide you an https URL where the cluster process is hosted and a port where it listens for incoming messages.
oc cluster-info
eg: https://openshift.example.com:6443
b. Namespaces - Generally all namespaces are discovered using a * keyword. In case you need to discover specific namespaces of your project, run this command to retrieve list of all namespaces and select the ones required for discovery.
oc get namespaces
eg: default, kube_system or any other specific to your project deployments
c. Credentials - Run the following command to view the config details of your cluster. This will contain the required username and password to connect with Open Shift Rest APIs
oc config view
d. Token - Fetch the bearer token for calling OC Rest API. Execute the OC command or related Oauth API to fetch the token (API listed in the docs
oc describe secret
- Ensure firewall connectivity from mid server to the OC cluster URL/port number
- Create a new Kubernetes credential and credential alias with the user name, password and Bearer token obtained from above steps.
- Create a Serverless discovery schedule with Kubernetes as the required pattern and the installed mid server
- Add all required parameters for the pattern to execute: namespace (* or comma separated list), credentialAlias name and url with port are minimum required for discovery to execute
8. Create new schedules for each clusters and discover them separately
Node Relationships Discovered
Common Issues & Possible Resolutions
- Discovery not working due to credential issue - User may not have the right permissions to execute API or token has expired.
- Discovery not working due to missing SSL certificate - Import the open shift cluster self signed certificate into the mid server and restart server
- APIs or clusters are not accessible from mid server - Execute a CURL command and connect with any one of open shift Rest API from mid server to validate connectivity eg Test the following API to get namespaces from mid server - Namespace [core/v1] - Metadata APIs | API reference | OpenShift Container Platform 4.8
- Pattern fails between execution of discovery - Debug the Kubernetes pattern and validate the step
Additional References
Getting started with the CLI - OpenShift CLI (oc) | CLI tools | OpenShift Container Platform 4.2
API list | API reference | OpenShift Container Platform 4.8
Kubernetes discovery (servicenow.com)
3 Comments
