Discovering Kubernetes clusters managed by Rancher

Rancher is a Kubernetes management tool to deploy and run clusters anywhere and on any provider. Rancher can provision Kubernetes from a hosted provider, provision compute nodes and then install Kubernetes onto them, or import existing Kubernetes clusters running anywhere. Rancher can centralize authentication and role-based access control (RBAC) for all the clusters.

BMC Discovery discovers Kubernetes clusters managed by Rancher. For information, see Discovering-containers. The earlier approach discovers Kubernetes management software running on a host, and creates or updates an existing Kubernetes SI. The Kubernetes SI triggers additional patterns to discover the containers that the Kubernetes management software controls. For this approach the hosts must be reached with an IP scan, and host credentials must be available.

Using the Rancher API provider enables you to discover all of the Kubernetes clusters managed by Rancher, even those hosts that cannot be reached with an IP scan.

API provider discovery of Rancher supports Rancher 2.5 and later.

To discover Kubernetes clusters by using Rancher API provider

The following table describes the tasks that you must perform in the specified sequence, the description of the action that you must perform, and the reference to the procedure:

Task	Action	Procedure
1	Ensure that the Rancher management system has suitable permissions to enable you access to Kubernetes clusters managed by it.	Ensure access permissions for the Rancher management system
2	Create an API provider credential valid for the Rancher.	Create an API provider credential
3	Perform an API scan	Perform an API scan

Ensure that the Rancher management system has suitable permissions to enable you access to Kubernetes clusters managed by it

For any Rancher clusters in which you want to discover all supported resources, you must provide BMC Discovery with a token to authenticate with Rancher. You can obtain a token by using the Rancher UI. The Rancher user must have at least the read (get/list) permissions on the required resources in the appropriate API groups for each cluster.
More details about Rancher users management can be obtained here. The required resources are retrieved by using BMC Discovery API queries while scanning the Rancher clusters.

Rancher Bearer token

Rancher token authentication uses a token valid for all clusters or individual Rancher clusters according to scope.

For instructions on obtaining a token to use in the API provider credential, see API Keys and User Authentication

Create an API provider credential valid for the Rancher system

Use the Rancher URL and token that you have just created and retrieved to create the API provider credential. For information on creating credentials, see Adding-credentials.

API provider credentials use the Rancher URL to connect.

Perform a snapshot API scan

On the Manage > Discovery page, click Add New Run.
In the Timing field, select Snapshot.
In the Targeting field, select API.
Enter the information for the snapshot API provider discovery run in the fields.
Click OK to start the run.

This example uses a snapshot scan. For information on running scheduled cans, see Performing-a-discovery-run.

Viewing the discovered Rancher clusters

Once you have discovered a Rancher, you can view the clusters it manages. To do so:

From the Discovery page, select the Recent Runs tab.
Click the snapshot API scan you just performed.
Info
If node kinds are not displayed in the Rancher API scan summary, click Rescan Now next to the API scan name on the Recent Runs tab. Revisit the API scan summary page.
Click the Clusters icon.
Click any Cluster from the list.

For more information

For more information about the discovery of each Kubernetes cluster, see Kubernetes in the BMC Discovery Content Reference.