Default language.

Discovering Kubernetes clusters managed by Rancher

Rancher is a Kubernetes management tool to deploy and run clusters anywhere and on any provider. Rancher can provision Kubernetes from a hosted provider, provision compute nodes and then install Kubernetes onto them, or import existing Kubernetes clusters running anywhere. Rancher can centralize authentication and role-based access control (RBAC) for all the clusters.

BMC Discovery discovers Kubernetes clusters managed by Rancher. For information, see Discovering-containers. The earlier approach discovers Kubernetes management software running on a host, and creates or updates an existing Kubernetes SI. The Kubernetes SI triggers additional patterns to discover the containers that the Kubernetes management software controls. For this approach the hosts must be reached with an IP scan, and host credentials must be available. 

Using the Rancher API provider enables you to discover all of the Kubernetes clusters managed by Rancher, even those hosts that cannot be reached with an IP scan.

API provider discovery of Rancher supports Rancher 2.5 and later.

Related topics

Discovering-containers

Kubernetes (BMC Discovery Content Reference)

Automatically discover your cloud-based Kubernetes clusters

Automatic discovery of cloud-based Kubernetes clusters occurs by default when you scan your supported cloud services. When BMC Discovery finds a Kubernetes cluster, it creates an automatic scan using a Kubernetes token obtained from the cloud provider. Automatic scanning of Kubernetes clusters can be disabled (Automatically scan Kubernetes clusters) for each scan. No additional credentials are required, the API token is generated depending on your existing privileges.The Cluster URL must be accessible to BMC Discovery, this may be referred to as enabling the public API.Automatic scanning of Kubernetes clusters is supported in the following cloud vendor with no additional configuration:Automatic scanning of Kubernetes clusters is supported in the following cloud vendors, though it requires additional (RBAC) configuration:Automatic scanning of Kubernetes clusters is not supported in OpenStack.

To discover Kubernetes clusters by using Rancher API provider

The following table describes the tasks that you must perform in the specified sequence, the description of the action that you must perform, and the reference to the procedure:

Task

Action

Procedure

1

Ensure that the Rancher management system has suitable permissions to enable you access to Kubernetes clusters managed by it.

2

Create an API provider credential valid for the Rancher.

3

Perform an API scan

Ensure that the Rancher management system has suitable permissions to enable you access to Kubernetes clusters managed by it

For any Rancher clusters in which you want to discover all supported resources, you must provide BMC Discovery with a token to authenticate with Rancher. You can obtain a token by using the Rancher UI. The Rancher user must have at least the read (get/list) permissions on the required resources in the appropriate API groups for each cluster.
More details about Rancher users management can be obtained here. The required resources are retrieved by using BMC Discovery API queries while scanning the Rancher clusters.

Rancher Bearer token

Rancher token authentication uses a token valid for all clusters or individual Rancher clusters according to scope.

For instructions on obtaining a token to use in the API provider credential, see API Keys and User Authentication

Create an API provider credential valid for the Rancher system

Use the Rancher URL and token that you have just created and retrieved to create the API provider credential. For information on creating credentials, see Adding-credentials.

API provider credentials use the Rancher URL to connect.

Perform a snapshot API scan 

  1. On the Manage > Discovery page, click Add New Run.
  2. In the Timing field, select Snapshot.
  3. In the Targeting field, select API.APIRun25.2.png
  4. Enter the information for the snapshot API provider discovery run in the fields.
    Field name
    Details
    Label
    Enter a label for the discovery run. Where the discovery run is referred to in the UI, it is this label that is shown.
    Timing
    Select the run type, one of:
    • Snapshot — The run is performed immediately.
    • Scheduled — The run is performed according to the scheduling information you enter.
    For this snapshot scan, select Snapshot.
    Targeting
    Select the target for the discovery run. This is one of:
    • IP Address — Enter IP address information.
    • Cloud — Enter cloud provider information.
    • API — Enter API provider information.
    For this API provider scan, select API.
    Provider
    Specify the type of API provider. Currently, BMC Discovery supports the following providers:
    • Kubernetes/OpenShift Cluster
    • Meraki Dashboard
    • MongoDB Atlas
    • Rancher Managed Kubernetes Clusters 
    Credential
    The list is populated with valid credentials for the selected provider. Select the credential or credentials to use for the discovery run.
  5. Click OK to start the run.
 

This example uses a snapshot scan. For information on running scheduled cans, see Performing-a-discovery-run.


Viewing the discovered Rancher clusters

Once you have discovered a Rancher, you can view the clusters it manages. To do so:

  1. From the Discovery page, select the Recent Runs tab.

  2. Click the snapshot API scan you just performed.
    Rancher_scan2.png

    If node kinds are not displayed in the Rancher API scan summary, click Rescan Now next to the API scan name on the Recent Runs tab. Revisit the API scan summary page.

  3. Click the Clusters icon.
    Rancher_scan3.png

  4. Click any Cluster from the list.
    Rancher_scan4.png

For more information

For more information about the discovery of each Kubernetes cluster, see Kubernetes in the BMC Discovery Content Reference.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*