Difference between revisions of "ServiceNow Kubernetes discovery"

• https://docs.servicenow.com/en-US/bundle/vancouver-it-operations-management/page/product/service-mapping/concept/kubernetes-discovery.html

EKS[edit]

1) K8s service account (kind: ServiceAccount)

• Creating an IAM OIDC provider for your EKS cluster: aws iam create-open-id-connect-provider
  • AWS IAM role. with policy EKSReadOnly
  • eksctl create iamidentitymapping --cluster yourClusterName --arn arn:aws:iam::yourAccountID:role/yourIAMRoleName --username read-only-user
• Configuring a Kubernetes service account to assume an IAM role

2) sn_itom_pattern.k8s_aws_cli_to_generate_token

• With CLI: aws eks get-token --cluster-name

3)

• sn_itom_pattern.k8s_midserver
• sn_itom_pattern.k8s_create_schedule_enabled

4) XXX

5) ServiceNow AWS Cloud Discovery: https://docs.servicenow.com/en-US/bundle/vancouver-it-operations-management/page/product/discovery/concept/aws-cloud-discovery.html

K8s[edit]

• kubectl cluster-info
• kubectl cluster-info | grep "Kubernetes control plane"

Related activities[edit]

• Enabling IAM principal access to your cluster
• Access Kubernetes REST API using default token
• IAM Roles for Service Accounts (IRSA) in EKS
• How Amazon EKS works with IAM
• TOI: EKS cluster discovery using STS AssumeRoles (Without AWS CLI), sn_itom_pattern.k8s_aws_cli_to_generate_token

Related[edit]

• kubectl config view, kubectl cluster-info | grep "Kubernetes control plane"
• kubectl -n kube-system describe secret
• Base64: kubectl get secret --namespace default grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
• cluster-read-only-role

See also[edit]

• ServiceNow: snc, ServiceNow Kubernetes discovery, ServiceNow CMDB, ServiceNow ITOM, MID Server, ServiceNow Cloud Observability