Kubernetes CNO Changes<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } General Info We have Added following changes to OOB Kubernetes content to support CNO use cases. Add identification rules based on namespace + name to Kubernetes pod and services.Fix issues in config files of Kubernetes objects and remove redundant json objects.Add the MID sys_id to the Kubernetes discovery in order to tie MID to cluster.Create relations from pods to their owners (workloads) .Make Kubernetes custom operation without credential less.Changes to Openshift extension to support in-cluster discovery.Replaced most of JSON parsing steps in the pattern.Add identification rule to Kubernetes cluster by the 'name' field.Create relations from workloads/pods to namespaces (for impact) . Credentials Less Discovery Prerequisites: Containerised Mid Server should be deployed to Kubernetes cluster. Credentials-less Discovery Schedule: We need to set only the following parameters for credentials-less discovery. url https://cluster Or https://kubernetes.default.svc namespace * Custom Operation changes: In credential-less discovery we execute Kubernetes APIs using curl commandscontainerized mid server is deployed on the clusterCredentials not needed since API execution happens in containerized mid server Curl Command: var SERVICEACCOUNT = '/var/run/secrets/kubernetes.io/serviceaccount'; var TOKEN_PATH = SERVICEACCOUNT + '/token'; var CERT_PATH = SERVICEACCOUNT + '/ca.crt'; var command = 'KUBE_TOKEN=$(cat ' + TOKEN_PATH + '); ' + 'curl -sS --cacert ' + CERT_PATH + ' -H "Authorization: Bearer $KUBE_TOKEN" ' + url; Kubernetes Dependency Diagrams We have custom dependency view for Kubernetes connectivity and dependencies. Kubernetes Connectivity Kubernetes connectivity shows service to service connection along with deployments. Kubernetes Dependencies Kubernetes dependencies shows the top down view CI connections from service to containers. Useful URLs: https://kubernetes.io/docs/tasks/run-application/access-api-from-pod/