Kubernetes Visibility Agent enables you to gain visibility into on-premises Kubernetes clusters as well as the following Cloud deployments: Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), Azure Kubernetes Engine (AKS), Red Hat OpenShift, and Rancher.

Kubernetes Visibility Agent detects changes on resources in a Kubernetes cluster. It performs continuous discovery, reports any changes back to your instance, and updates the Configuration Management Database (CMDB) with the latest data.

How it works

When you deploy Kubernetes Visibility Agent, Kubernetes creates a Deployment resource in the cluster. This resource uses a secret stored in Kubernetes to connect to your ServiceNow instance.

The Kubernetes Visibility Agent Deployment resource contains a pod called Informer, which connects to the Kubernetes API server and receives events on the resources in the cluster from it. The Informer sends the collected data to the instance through the External Communication Channel (ECC) Queue table, using the ServiceNow Table API to read from and write to the queue. The Informer then updates the appropriate tables in the CMDB.

Note: If the Informer is unable to report the changes, for example due to a network problem, the resources that were added to the cluster during the event are added to the CMDB after the next full discovery cycle. The resources that were removed from the cluster during the event are marked as Absent and deleted after two full discovery cycles.

For more information about the Kubernetes resources on which the Informer collects data and the CMDB tables it populates, see Data collected by Kubernetes Visibility Agent.

Initial and periodic discovery

In its initial discovery, the Informer finds all the resources in the Kubernetes cluster and reports them to your instance. Every 30 seconds, the Informer sends up to 1 MB of data to the instance. It typically takes up to two minutes to report data on a cluster containing 1,000 pods and another minute for every additional 1,000 pods. A single Informer pod can handle a cluster with tens of thousands of pods. If the Informer exits for any reason, Kubernetes restarts it automatically.

After the initial discovery, the Informer continuously monitors the addition, updating, and deletion of resources in the cluster. Resources that were deleted from the cluster are marked with install_status=Absent and deleted from the CMDB within hours in a regular cleanup.

Impact of the Informer on the Kubernetes API server

The Informer has minimal impact on the Kubernetes API server. It fetches the complete list of relevant resources only once and saves it to memory. From then on, it synchronizes with the Kubernetes API server and never pulls the complete list again. During the periodic and on-demand full discovery cycles, the Informer resends the saved list of resources to the instance.

Kubernetes Visibility Agent performance and scalability benchmark

For Kubernetes Visibility Agent benchmarks, see the Performance results for CNO for Visibility [KB1555851] article in the Now Support Knowledge Base.