TOI: Automatic serverless schedule creator for kubernetes discovery Issue Problem statement Currently we do not have any capability to discover the entire Kubernetes infrastructure irrespective of cloud vendor in one go. Existing solution As of now in order to discover Kubernetes Cluster, customer needs to create serverless discovery and add and manage credential for the same. This Serverless Discovery schedule is capable of discovering only the specified cluster within the entire infrastructure. Proposed Solution Customer would be able to discover the entire Kubernetes infrastructure deployed on GCP and AWS. This solution provide the ability to discover all the Kubernetes clusters and their respective resources like namespace nodes etc in one go. This feature eradicates the overhead of creating and managing multiple credentials and serverless schedules per cluster. New cloud Infrastructure pattern added- For GCP - "Google Cloud Platform (GCP) – Kubernetes Discovery and Schedule Creator" For AWS - "Amazon AWS - Kubernetes Discovery and Schedule Creator" For AZURE - "Azure - Kubernetes Discovery and Schedule Creator" which will query the cloud and bring all clusters details and creates serverless schedule for each cluster, this pattern is triggered via regular cloud discovery. Prerequisite GCP: 1. Configure GCP Service Account with a valid credential and permission inside the SNOW instance 2. On the GCP infrastructure, set up the MID Server with full access to all Cloud APIs: Set Cloud API access scopes to "Allow full access to all Cloud APIs". The MID Server instance can access only the Clusters specific to the project. 3. System properties Configuration: a. Add a valid mid server name under the "sys_properties" table under the property "sn_itom_pattern.k8s_midserver". b. Enable "sn_itom_pattern.k8s_create_schedule_enabled" under "sys_properties" to true to enable this feature. 4. Update Set Import: a. Update set UpdateSetAttachmentLink is mandatory to be imported and committed in the instance for pre Tokyo release version, Because some of the file are pushed to global release, and is not be available under store release. 5. Create and run google cloud discovery. AWS: EKS cluster discovery is supporting 2 flows - Using AWS CLI, Without Using AWS CLI. Set system property "sn_itom_pattern.k8s_aws_cli_to_generate_token" to use the desired model. By default, this system property value is set to true. true : Use AWS CLI to generate tokenfalse : Use Assume Roles(Without using AWS CLI) flow to generate a token EKS Discovery using AWS CLI - Using AWS CLI to generate a bearer token for EKS Clsuter. 1. Configure AWS Service Account with a valid credential and permission link - {PPT}. 2. Setup mid server with aws cli configured, make sure system logged in user and mid user is same [https://community.servicenow.com/community?id=community_question&sys_id=d2501729dbdcdbc01dcaf3231f96191a]. Note: Mid server needs to be configured with EKS deployed service account credentials to generate token for the EKS cluster. EKS discovery without using AWS CLI Refer to this KB1182188 for more details. Note: This feature is supported from "Discovery and Service Mapping Patterns(sn_itom_pattern) version 1.0.96 - December 2022 The below steps are common for either one of the above models (Using AWS CLI or Without using AWS CLI) 1. System properties Configuration: a. Add a valid mid server name under the "sys_properties" table under the property "sn_itom_pattern.k8s_midserver". b. Enable "sn_itom_pattern.k8s_create_schedule_enabled" under "sys_properties" to true to enable this feature. 2. Update Set Import: Update set UpdateSetAttachmentLink is mandatory to be imported and committed in the instance for pre Tokyo release version, Because some of the file are pushed to global release, and is not be available under store release 3. Create and run aws cloud discovery schedule. AZURE: 1. Configure Azure Service Account with a valid credential and permission. For more details about configurations, Refer KB1220553 2. Setup mid server with azure cli configured, make sure system logged in user and mid user is same [https://community.servicenow.com/community?id=community_question&sys_id=d2501729dbdcdbc01dcaf3231f96191a]. 3. System properties Configuration: a. Add a valid mid server name under the "sys_properties" table under the property "sn_itom_pattern.k8s_midserver". b. Enable "sn_itom_pattern.k8s_create_schedule_enabled" under "sys_properties" to true to enable this feature. 4. Update Set Import: Update set UpdateSetAttachmentLink is mandatory to be imported and committed in the instance for pre Tokyo release version, Because some of the file are pushed to global release, and is not be available under store release 5. Create and run azure cloud discovery schedule. Other Supported System configuration Property Name Type Default Value sn_itom_pattern.k8s_create_schedule_enabled (Feature flag which can be enabled/disabled under system properties, which is responsible to control the pattern execution) Boolean false Mid Server sn_itom_pattern.k8s_midserver [Default] Example - Valid midserver name String - sn_itom_pattern.k8s_<service_account_id>_midserver [Based on Service Account Level] Example - Valid midserver name String - sn_itom_pattern.k8s_<service_account_id>_<clustername>_midserver [Based on Cluster name] Example - Valid midserver name String - Credential Alias sn_itom_pattern.k8s_ cred_alias [Default] Example - credential alias name String - sn_itom_pattern.k8s_<service_account_id>_alias [Based on Service Account Level] Example - Valid credential alias name. String - sn_itom_pattern.k8s_<service_account_id>_<clustername>_alias [Based on Cluster name] Example - Valid credential alias name. String - Prometheus Url sn_itom_pattern.k8s_ prometheusUrl [Default] Example - Valid Prometheus Url String - sn_itom_pattern.k8s_<service_account_id>_prometheusUrl [Based on Service Account Level] Example - Valid Prometheus Url String - sn_itom_pattern.k8s_<service_account_id>_<clustername>_prometheusUrl [Based on Cluster name] Example - Valid Prometheus Url String - sn_itom_pattern.k8s_ run [Supported Discovery Schedule run - Daily, On Demand, Weekdays, Weekends, Month Last Day, Calendar Quarter End] Example - Daily String - sn_itom_pattern.k8s_batch_count [Refers how many schedules to run in batch – default set to 5] Example - 5 (Number of schedule to run in on batch) Integer 5 sn_itom_pattern.k8s_schedule_batch_delay [keeps tracks of the time difference between two batches value contains in sec] Example - 300 (in seconds) Integer - sn_itom_pattern.k8s_run_time [keeps tracks of the current time for a batch] If this property is set then we can use the same or we can use our dynamic timing, which will be 5min after the system current timing. Values contains in HH:MM:SS format Example - 10:11:12 (HH:MM:SS ) String - Note - <service_account_id> is Account Id name under Cloud Service Accounts. New Configurations/pattern/script added as part of this feature "Google Cloud Platform (GCP) – Kubernetes Discovery and Schedule Creator , Amazon AWS - Kubernetes Discovery and Schedule Creator(Pattern), Azure - Kubernetes Discovery and Schedule Creator(Pattern) " Create Kubernetes Cluster Schedule (Post sensor) Update vendor for Kubernetes Cluster (Pre sensor) System properties (sn_itom_pattern.k8s_batch_count,sn_itom_pattern.k8s_midserver, sn_itom_pattern.k8s_create_schedule_enabled) DiscoveryScheduleAPI (Script Include ) CloudProviderFactory (MID Server Script Include) GCPProvider (MID Server Script Include) AWSProvider (MID Server Script Include) AzureProvider (MID Server Script Include) Kubernetes Discovery schedule (Business rule) Identifier Entry(k8s_uid) Two new Pattern parameter (provider , cluster_name) added under Kubernetes Existing files modified as part of this feature Kubernetes (pattern) Kubernetes Get Call (Custom operation) Data Collected during Discovery [cmdb_ci_kubernetes_cluster] ip_address [GCP][Azure] name port k8s_uid vendor fqdn [aws] Flow Diagram ** END OF TOI **