Deploying a containerized MID server in a Kubernetes cluster

Mike Gallagher1 · ‎02-09-2021

NOTE: MY POSTINGS REFLECT MY OWN VIEWS AND DO NOT NECESSARILY REPRESENT THE VIEWS OF MY EMPLOYER

Deploying a containerized MID server in a Kubernetes cluster

Why?

The ServiceNow MID server is an incredibly powerful appliance to enable everything from discovery to metrics and event ingestion.

However, managing them individually can be an additional burden. Especially as its capabilities continue to evolve and the recommendation is to scale them horizontally.

As such I’ve found a way to deploy and manage containerized MID servers within a kubernetes cluster.

Let’s talk about some of the pros and cons to this approach before we dive into the how.

Pros

Speed: A containerized MID server is incredibly quick to deploy and configure.
Availability: Configuring this as a deployment within a kubernetes cluster ensure that kubernetes is managing the state of the MID server container and will restart or re-deploy it if a catastrophic failure occurs.
Livestock not Pets: When you know you can quickly and easily deploy a fresh MID server why waste time troubleshooting potential issues? Kill it, redeploy, move on.
Proximity: Especially if you’re looking at discovering your kubernetes infrastructure, deploying a MID server into your cluster(s) ensures that you’re keeping the network distance between the MID server and the discovered resources as short as possible.
Ease: Once you’ve got this process down, it’s incredibly simple to execute.
Scalability: Once you've got this process automated you can deploy more MID servers automatically in order to scale your capabilities horizontally on command.

Cons

TOTALLY UNSUPPORTED: This is completely unsupported right now. There are no official MID server container images. If you call support they’ll likely tell you to deploy a supported MID server configuration.
No Windows Discovery: Since the container image is based on a linux root you won’t be able to utilize this container to discover windows resources. It simply doesn’t have access to the right toolset and protocols to complete that task.
Community Built Container Image: This configuration is reliant upon a container image built and posted by the community. At some point in the near future I’m hoping there’ll be an officially supported container image. Until that time this is definitely a “use at your own risk” situation.

How?

There are a couple pre-requisites that this article assumes:

You have a working kubernetes cluster deployed.
You have a kubectl client configured to connect to said cluster.

Once you’ve got the pre-requisites out of the way, I’ll share the YAML files I’ve built for this and then talk through their methodology.

Overview:

Build Infra Namespace
Build Kubernetes Secret
Configure Deployment Manifest
Deploy the MID server
Update and Validate the MID server

Build Infra Namespace

The first thing I recommend is to create a Namespace to be able to collect all of the infrastructure tools into a single namespace. I use this in my clusters in order to maintain separation of the tools from the standard workloads.

Build a YAML manifest file containing the following:

kind: Namespace

apiVersion: v1

metadata:

  name: infra

  labels:

    name: infra

Once that’s completed deploy the namespace with the following command:

kubectl apply -f <YOUR_FILE_NAME>

Then you can confirm that its been deployed with the following command:

kubectl get namespaces

Build Kubernetes Secret

Kubernetes has a built in method for storing encrypted information that can be shared among pods securely. This is great if you want to manage passwords or utilize the same username and password across multiple pods but have it accessed securely.

What we’ll be doing in this case is building a Kubernetes Secret to store the MID server password that’s used for the MID to login to your ServiceNow instance. Once that’s completed we’ll import that password into the pod as an environment variable for the MID server software to use.

Here’s how:

kubectl create secret generic -n infra mid-server-secret \
--from-literal=SN_PASSWD='<MIDUSER_PASSWORD_HERE>'

Configure Deployment Manifest

Now that we’ve got the namespace and the secret created we can build the deployment manifest for the MID server itself. Create a new manifest file containing the following:

apiVersion: apps/v1

kind: Deployment

metadata:

   name: mid-server

   namespace: infra

   labels:

      app: mid-server

spec:

   replicas: 1

   selector:

      matchLabels:

         app: mid-server

   template:

      metadata:

         labels:

            app: mid-server

      spec:

         containers:

         - name: mid-server

           image: moers/mid-server:latest

           env:

              - name: SN_HOST_NAME

                value: <SN_INSTANCE_FQDN>

              - name: USER_NAME

                value: <YOUR_MID_USERNAME>

              - name: PASSWORD

                valueFrom:

                   secretKeyRef:

                      name: mid-server-secret

                      key: SN_PASSWD

              - name: HOSTNAME

                value: '<MID_SERVER_NAME>'

           imagePullPolicy: IfNotPresent

Note that there are other environment variables that are passed into the pod as part of the env: block. Those could also be stored in secrets or a config map. But for simplicity’s sake we’re adding them to the manifest directly.

Deploy the MID Server

Once you’ve got the manifest built it’s now time to deploy it. We’ll use the kubectl apply command in order to do so. It’s helpful to remember that if there are no net new changes to the manifest, kubectl won’t execute any changes on the cluster.

kubectl apply -f <YOUR_FILE_NAME>

Once that’s completed you should see your pod running with the following command:

kubectl get pods -n infra

The output should look similar to this:

NAME                             READY   STATUS    RESTARTS   AGE

mid-server-eks-ffd9f9845-bl7d2   1/1     Running   0          17m

Update and Validate the MID Server

Once the pod shows that its in a running state, you should be able to log in to your instance to verify the MID server and validate it as you would any other MID server.

Video:

I've made an accompanying youtube video walking through this process. You can find that here.

Closing

You now have a fully running and containerized MID server. Note that this is configured purely for outbound communications. In order to configure this for Operational Intelligence or for Agent Client Collector connectivity we’ll need to configure a kubernetes service to route and allow those inbound requests. Look for an upcoming blog post on that topic!

karlis_peterson · ‎04-12-2021

@Mike Gallagher - great doc! The containerized MID is on the roadmap to be fully supported. The plan is to be supported by Rome timeframe.

Anthony Angelo · ‎02-04-2022

In this post Mike references Boris Moers's mid server docker images (see. moers/mid-server:latest). Boris is maintaining a pretty robust set of mid server images on his own, just note that these are not official ServiceNow images.

I want to add that you can easily build your own mid server base images and push them to your favorite docker registry so you are in full control.

For example here is a project I have c where I do just that. I used GitHub actions to build and publish it to Docker Hub https://hub.docker.com/repository/docker/pangealab/deimos.

From there you can follow Mike's example and replace moers/mid-server:latest with pangealab/deimos:latest instead and run it as a pod in your own k8s. Have fun !

glenn_pinto · ‎02-07-2022

Nice article!. To compliment this article we do have some great content/videos that are part of the MID Server Fundamentals onDemand course in the Rome Delta Features section on configuring and deploying containerized MID Servers via Kubernetes and Docker Swarm. It is free on Now Learning.

Kody · ‎02-17-2022

@Mike Gallagher , Thank you for uploading this article.

Does anyone know whether different sys id's are populated when you build two or more containerized mid servers in an instance?

Venkata1 · ‎03-10-2022

Hello @Mike Gallagher - Great document. Our instance is on Rome, is the mid server on container deployment is fully supported by servicenow?

Any best practices for new implementations. Thank you.

Mike Gallagher1 · ‎04-28-2022

Yes each MID still has its own Sys_id.

Mike Gallagher1 · ‎04-28-2022

It is fully supported as of Rome.

Come join Will Hallam and I for our Beers with Cloud Engineers sessions where we discuss all things Kubernetes and ServiceNow.

Mike Gallagher1 · ‎04-28-2022

Also see the updated Rome version of this article that I posted here.

glennpinto · ‎04-28-2022

We have some good free training on deploying containerized MIDs using Docker Swarm and Kubernetes. Training includes demo videos. Please check out the Rome Delta section of the MID Server Fundamentals training on Now Learning.

https://nowlearning.service-now.com/lxp?id=learning_course&course_id=dcfdb5b5dbf5acd030c91fdc1396199a&group_id=ff2c74af1bec7890b9a2cae3604bcbdd&child_id=13fd69831be674d46898edf1b24bcb08&spa=1

dougw · ‎09-19-2024

We've deployed containerized MIDs to use as ACC listeners, however when we bounce them the listeners do not come back up and we have to manually go in and "Setup ACC Listener" to get the started again.

Any ideas how to fix that?