Discovering Kubernetes clusters managed by Rancher
Rancher is a Kubernetes management tool to deploy and run clusters anywhere and on any provider. Rancher can provision Kubernetes from a hosted provider, provision compute nodes and then install Kubernetes onto them, or import existing Kubernetes clusters running anywhere. Rancher can centralize authentication and role-based access control (RBAC) for all the clusters.
BMC Helix Discovery discovers Kubernetes clusters managed by Rancher. For information, see Discovering containers. The earlier approach discovers Kubernetes management software running on a host, and creates or updates an existing Kubernetes SI. The Kubernetes SI triggers additional patterns to discover the containers that the Kubernetes management software controls. For this approach the hosts must be reached with an IP scan, and host credentials must be available.
Using the Rancher API provider enables you to discover all of the Kubernetes clusters managed by Rancher, even those hosts that cannot be reached with an IP scan.
API provider discovery of Rancher supports Rancher 2.5 and later.
To discover Kubernetes clusters by using Rancher API provider
The following table describes the tasks that you must perform in the specified sequence, the description of the action that you must perform, and the reference to the procedure:
Ensure that the Rancher management system has suitable permissions to enable you access to Kubernetes clusters managed by it.
|Ensure access permissions for the Rancher management system|
Create an API provider credential valid for the Rancher.
|Create an API provider credential|
Perform an API scan
|Perform an API scan|
Ensure that the Rancher management system has suitable permissions to enable you access to Kubernetes clusters managed by it
For any Rancher clusters in which you want to discover all supported resources, you must provide BMC Helix Discovery with a token to authenticate with Rancher. You can obtain a token by using the Rancher UI. The Rancher user must have at least the read (get/list) permissions on the required resources in the appropriate API groups for each cluster.
More details about Rancher users management can be obtained here . The required resources are retrieved by using BMC Helix Discovery API queries while scanning the Rancher clusters.
Rancher Bearer token
Rancher token authentication uses a token valid for all clusters or individual Rancher clusters according to scope.
For instructions on obtaining a token to use in the API provider credential, see API Keys and User Authentication
Create an API provider credential valid for the Rancher system
Use the Rancher URL and token that you have just created and retrieved to create the API provider credential. For information on creating credentials, see Adding credentials.
API provider credentials use the Rancher URL to connect.
Perform a snapshot API scan
- On the Manage > Discovery page, click Add New Run.
- In the Timing field, select Snapshot.
In the Targeting field, select API.
Enter the information for the snapshot API provider discovery run in the fields.
Enter a label for the discovery run. Where the discovery run is referred to in the UI, it is this label that is shown.
Select the run type, one of:
Snapshot — The run is performed immediately.
Scheduled — The run is performed according to the scheduling information you enter.
For this snapshot scan, select Snapshot.
Select the target for the discovery run. This is one of:
- IP Address — Enter IP address information.
- Cloud — Enter cloud provider information.
- API — Enter API provider information.
For this API provider scan, select API.
Specify the type of API provider. Currently, BMC Helix Discovery supports the following providers:
- Kubernetes/OpenShift Cluster
- MongoDB Atlas
- Rancher Managed Kubernetes Clusters
Restrict by Organization
This field is available only if you have enabled the Enable Restricted Organizations setting in the Administration > Other Settings UI. For more information, see Configuring discovery settings.
Select the organization that you want to use for the scan. The organizations available in the list are limited to those organizations of which the logged-in user is a member. The organization you select impacts the Outposts available in the scope via field. For more information, see Outposts restricted by organizations.
The list is populated with valid credentials for the selected provider. Select the credential or credentials to use for the discovery run.
Click OK to start the run.
This example uses a snapshot scan. For information on running scheduled cans, see Performing a discovery run.
Viewing the discovered Rancher clusters
Once you have discovered a Rancher, you can view the clusters it manages. To do so:
From the Discovery page, select the Recent Runs tab.
- Click the snapshot API scan you just performed.
- Click the Clusters icon.
- Click any Cluster from the list.
For more information
For more information about the discovery of each Kubernetes cluster, see Kubernetes in the BMC Discovery Content Reference.
Log in or register to comment.