Add ability to specify mount points

[k4r1]

Please select the type of request

Enhancement

Tell us more

Describe the request At the moment, we can specify Volumes for each Custom Resource using the volumes property and they will be mounted at /mnt/<volume-name>.

This is useful - however, it is not possible to override the mount points.

Edit: Removed example, turns out there's a workaround. I still think it's a useful enhancement though so keeping the issue open.

Proposed changes Add a volumeMounts property to each CRD and have the operator use the value to determine the mounts for the stateful set.

[yaroslav-nakonechnikov]

nope, it mustn't.

we using defaults.yml with next section:

splunk:
  conf:
    - key: authentication
      value:
        directory: /opt/splunk/etc/system/local
        content:
          authentication:
            authSettings: saml
            authType: SAML
          saml:
            entityId: splunkACSEntityId
            fqdn: https://sp.company.com
            idpSSOUrl: https://idp.company.com/idp/SSO.saml2
            inboundDigestMethod: SHA1;SHA256;SHA384;SHA512
            inboundSignatureAlgorithm: RSA-SHA1;RSA-SHA256;RSA-SHA384;RSA-SHA512
            issuerId: idp:company.com:saml2
            lockRoleToFullDN: true
            redirectAfterLogoutToUrl: https://www.splunk.com
            redirectPort: 443
            replicateCertificates: true
            signAuthnRequest: true
            signatureAlgorithm: RSA-SHA1
            signedAssertion: true
            sloBinding: HTTP-POST
            ssoBinding: HTTP-POST
            clientCert: /mnt/certs/saml_sig.pem
            idpCertPath: /mnt/certs/
          roleMap_SAML:
            admin: grp-admin;

[k4r1]

idpCertPath is relative to $SPLUNK_HOME/etc/auth/idpCerts, for me it doesn't let me specify an absolute path, you can also see this in the UI:

[yaroslav-nakonechnikov]

@k4r1 yes, you can skip ui part and use configuration files to make it work as you want. there lots of limitiations in splunk ui itself, but it is not related to splunk-operator.

[k4r1]

Yeah I only showed the UI to demonstrate my point - the docs agree with me as well, as I linked to above. My config is pretty much the same as yours ~and it doesn't work~.

Update: I stand corrected, as an experiment I destroyed and recreated my cluster with the exact config I was using before and it worked first time - thanks @yaroslav-nakonechnikov !

In any case thanks for providing your config but it's kind of a tangent to the request, I'd still like to have the operator support specifying mount points.

[k4r1]

After some manual hacking it turns out this isn't very useful - even if you get the file mounted in the right place ansible chokes on it as it expects everything to be writable.

I think this would require some higher level change to how config is rendered, and so closing this issue for now.

[yaroslav-nakonechnikov]

@k4r1 there is also possible to utilize ansible playbook on pre and post boot. we had to use another workaround to make deployment server to work on 9.2.1: https://github.com/splunk/splunk-ansible/issues/821

[k4r1]

Wow, that's a powerful workaround! Will see what we can do with that, thanks for the tip