How To

Real-time Kubernetes discovery for ServiceNow CMDB

Automated ServiceNow Kubernetes discovery via Turbot Guardrails provides comprehensive coverage of your Kubernetes resources with real-time accuracy.

Turbot Team
5 min. read - May 14, 2024
Automated ServiceNow Kubernetes discovery via Turbot Guardrails provides comprehensive coverage of your Kubernetes resources with real-time accuracy.

Turbot Guardrails just made it a lot easier to discover Kubernetes resources in ServiceNow's CMDB. The integration requires no additional ServiceNow modules or Kubernetes services. Instead, Turbot Guardrails enables a direct, low-cost way to get real-time Kubernetes discovery into ServiceNow.

This automated discovery integration has two key benefits. First, it enhances the accuracy of your ServiceNow CMDB data by surfacing comprehensive and timely Kubernetes resource insights. Second, it significantly reduces the cost and overhead compared to native ServiceNow cloud discovery capabilities. This makes Turbot Guardrails an ideal solution for those new to cloud discovery or looking to augment existing ServiceNow Kubernetes integrations. Users can tap into broader coverage and more precise Kubernetes CMDB data without added complexity.

Why an automated Kubernetes discovery for ServiceNow?

Manual and scheduled discovery of Kubernetes resources leads to inaccurate ServiceNow data. Kubernetes resources change too quickly for legacy discovery methods to keep up. As a result, CMDBs end up with blindspots and incorrect configurations.

When you automate continuous Kubernetes discovery, and integrate resources into ServiceNow, you:

  • Eliminate blindspots by covering more Kubernetes sub-services beyond the native integrations
  • Prevent missing and stale data with instant updates when resources change
  • Enable flexible control over which resource data syncs to which CMDB CI tables
  • Surface Kubernetes labels and metadata to enrich CMDB context
  • Archive historical records of provisioned resources that get deleted

Augmenting native Kubernetes discovery in ServiceNow

Native ServiceNow connectors and Kubernetes integrations are available to enable discovery of core Kubernetes services such as ConfigMap, Deployment, Namespace, Node, Pod, ReplicaSet, etc. But these have limitations including:

  • Extra licensing and services
  • Limited resource coverage
  • Reliance on scheduled batch jobs rather than real-time scans
  • Need for professional services and customization

The Turbot Guardrails Kubernetes ServiceNow integration augments native capabilities by:

  • Point-and-click integration setup
  • Discovering more resource types out of the box
  • Reducing licensing dependency and service overhead
  • Automatically updating CMDBs instantly when resources change
  • Providing flexible control to configure synced data as needed
  • Centralized management for other discovery scopes; AWS, Azure, & GCP

By combining automated discovery from Turbot Guardrails with ServiceNow and Kubernetes, you can accurately sync Kubernetes configs into ServiceNow's CMDB in real-time without added cost and complexity.

Configuring automated Kubernetes cloud discovery for ServiceNow CMDB

Each Kubernetes resource type can be configured to sync to the ServiceNow CMDB. Most often you would set the scope of the policy across many Kubernetes resources from all your Kubernetes clusters. In this example we will show how to enable syncing Kubernetes ReplicaSets.

Set the Turbot Guardrails policy to “Enforce: Sync” and apply to all or specific Kubernetes clusters:

For the integration-enabled Kubernetes cluster, the following Kubernetes resources will be in scope for the Kubernetes discovery:

Instantly the Kubernetes resources will be added to the associated ServiceNow CMDB table:

As Kubernetes resources are added, updated, or deleted, Guardrails handles the configuration drift and keeps the ServiceNow CMDB updated.

For example, when an Kubernetes resource changes, Guardrails captures the configuration drift and updates the ServiceNow CMDB:

Kubernetes resource deletion can be managed as a complete synchronization — where the record in ServiceNow is deleted as well — or archived to retain its record with an archive status.

Map Kubernetes resource details to ServiceNow CMDB CI tables

Each cloud resource type can be mapped to new or existing ServiceNow CMDB CI tables. You can also extend existing tables. In this example, the Kubernetes ReplicaSet resource type maps to a new cmdb_ci_kubernetes_replicaset.

name: kubernetes_replicaset
label: Kubernetes > ReplicaSet >
extendsTable: cmdb_ci

Mappings of which columns to create are simple to define in the Table Definition policy:

- name: annotations
size: 1000
type: string
label: Annotations
- name: cluster_name
type: string
label: Cluster Name
- name: labels
size: 10000
type: string
label: Labels
- name: namespace
label: Namespace
- name: replicas
type: integer
label: Replicas
- name: name
size: 500
type: string
label: Name
- name: deployment
size: 500
type: string
label: Deployment

Any data from Kubernetes clusters or Turbot Guardrails can be added. To associate more fields, add more ServiceNow CMDB table columns:

- name: cluster_uid
size: 500
type: string
label: Cluster UID

Adding custom ServiceNow CMDB CI fields is common. In this case we want to add a CMDB CI column to capture the Business Owner associated to the Kubernetes resource:

- name: business_owner
size: 500
type: string
label: Business Owner

Elevating labels into their own columns is possible, in this case we have a Kubernetes label for application name.

- name: app_name
size: 500
type: string
label: Application Name

To populate the added ServiceNow CMDB CI columns dynamically, the Configuration Item policy can define where the data comes from. In this case, this information can be pulled from the Kubernetes resource details such as the cluster.uid, data from the Guardrails CMDB for the business_owner field, and elevating the app label to app_name:

annotations: {{ $ | dump | safe }}
cluster_name: {{ $.resource.metadata.kubernetes.clusterName | dump | safe }}
deployment: {{ $[0].name | dump | safe }}
labels: {{ $ | dump | safe }}
name: {{ $ | dump | safe }}
namespace: {{ $ | dump | safe }}
replicas: {{ $ | dump | safe }}
cluster_uid: {{ $.resource.metadata.kubernetes.clusterUid | dump | safe }}
business_owner: {{ $.folder.title }}
app_name: {{ $ }}

See it in action

Modernize your ServiceNow CMDB with automated Kubernetes discovery

Get started with a 14-day free trial of Turbot Guardrails to experience automated discovery and sync for Kubernetes resources into your ServiceNow instance. Real-time, comprehensive visibility within minutes at just $0.05 per resource per month.