Azure Kubernetes Services Discovery

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-27-2022 08:05 AM
Hi,
We are trying to discover Azure Kubernetes Services (AKS) clusters using the OOTB Kubernetes pattern. We have gone down the route of the Bearer token authentication but still unable to discover any clusters. Following the documentation, the 'Kubernetes URL' is set to be 'https://[AKS FQDN name]:443', Prometheus URL as blank and the Namespace as 'default'
We get the 400 error below when the pattern tries to make the GET API call to retrieve the namespaces
Response has error. Status code is 400 . error code: 1 . error message: Method failed: (/api/v1/namespaces) with code: 400
Anyone know what we are doing wrong? ServiceNow Support have comeback and told us AKS cluster discovery is not possible.
Regards,
Ayman
- Labels:
-
Discovery

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-28-2022 04:10 AM
Hi,
If Servicenow Support said OOB the cluster discovery of AKS not possible then you need to create your own custom pattern.
check with your AKS team how they would get the details by api then you can replicate it in your custom pattern.
Regards,
Vivek
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-04-2022 06:46 AM
We are also trying to explore the options for AKS discovery.
Reading the documentation whilst we didn't expect to actually trigger a Kubernetes discovery out of the box, we did expect to find a cloud resource record for each AKS service in the cmdb_ci_cmp_resource table.
Because the resource type 'Microsoft.ContainerService' is included in the default Cloud Inventory Resource Inclusion List ('sa_cloud_inventory_resource_whitelist') table.
Our Azure product team assure us that our security principle is able to see the full list of resources, so we're going to probably put this on the back-burner for a few months as we have other priorities, but our hope was that if we could see it in the cloud resources list, writing a custom pattern to trigger a Kubernetes discovery wouldn't be too complex.
If you have any progress I'd love to hear, and likewise will update if we do.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-05-2022 08:47 AM
Minor update - it is possible to discover the AKS cloud resource if you add a new item to the Cloud Inventory Resource List:
In addition to the existing OTB item add an item to the inclusion list with a Resource Type of 'Microsoft.ContainerService/managedClusters'.
Note that for some reason the discovery_admin role cannot write to that list so you may need to do it as admin.
Once you've done that you will get a record in the cmdb_ci_cmp_resource table for each AKS service.
It's not a fully functional Kubernetes discovery but it does at least give you inventory and the ability to use the Azure tags for reporting/service mapping, whilst you figure out how to write your custom patterns.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-06-2022 02:45 AM