search

splunk / splunk-operator

Splunk Operator for Kubernetes
Other
206 stars 114 forks source link

Splunk Operator: Monitor default.yml and trigger proper actions #1132

Open markusspitzli opened 1 year ago

markusspitzli commented 1 year ago

Please select the type of request

Bug

Tell us more

Describe the request The Docker Splunk Image allows defining default configurations in configmaps, which are read during startup by the ansible scripts and translated into splunk configs. https://github.com/splunk/docker-splunk/blob/develop/docs/ADVANCED.md#using-defaultyml

The Splunk operator supports default.yml by the Parameter defaultUrl

In cases when the default.yml changes, we have to manually kill the pods so that the new settings are applied.

BTW: the same applies to the licenseUrl parameter

Expected behavior The Splunk Operator should monitor the configmaps, defined in the defaultUrl. If they change, SOK should ensure that the settings are applied right away to the pods that make use of it. Best Case Scenario: The settings are applied without the restart of the pod. After the new settings are applied by ansible, a simple '/opt/splunk/bin/splunk restart' should be enough.

Splunk setup on K8S example value file we are using. 

splunk-operator:
  enabled: false

sva:
  s1:
    enabled: true

standalone:
  enabled: true  
  volumes:
    - name: splunk-defaults-indexers
      configMap:
        name: splunk-defaults-indexers
    - name: splunk-defaults-searchheads
      configMap:
        name: splunk-defaults-searchheads
    - name: licenses
      configMap:
        name: splunk-licenses
  defaultsUrl: "/mnt/splunk-defaults-indexers/splunk-defaults-indexers.yaml,/mnt/splunk-defaults-searchheads/splunk-defaults-searchheads.yaml"
  licenseUrl: /mnt/licenses/licenses.lic
  appRepo:
    appsRepoPollIntervalSeconds: 120
    defaults:
      volumeName: volume_app_repo
      scope: local
    appSources:
      # ==> replace NAMESPACE <==
      - name: local
        location: arch-test/Standalone/local/
        scope: local
    volumes:
      - name: volume_app_repo
        storageType: s3
        provider: minio
        path: apps/
        endpoint: https://endpoint.mycompany.com
        secretRef: s3-secret-apps
  smartstore:
    defaults:
      volumeName: s2s3_vol
    # ==> define indexes if needed <==
    indexes:
      - name: testing
        remotePath: $_index_name
        volumeName: s2s3_vol
    volumes:
      - name: s2s3_vol
        path: data/
        endpoint: https://endpoint.mycompany.com
        secretRef: s3-secret-data
yaroslav-nakonechnikov commented 1 year ago

oh, good to know that.

we are not facing this issue, as we are using terraform to deploy configurations for kubernetes. And in tf changing default.yml forces to recreate pod.