How to deploy Splunk in an OpenShift environment

Eduardo Patrocinio
2 min readDec 22, 2020

--

Introduction

The introduction of Operators made it very simple to install complicated things in OpenShift (and any Kubernetes environment).

Take, for example, Splunk Enterprise. It used to take a long sequence of commands to install all the Kubernetes artifacts. Now, with the Splunk Operator (https://splunk.github.io/splunk-operator/), it’s straightforward to install it in an OpenShift environment.

In this article, I will show how to deploy Splunk Enterprise using the OpenShift command line and how to connect to it. I assume you are logged in to an OpenShift cluster to the CLI.

Deploying Splunk Operator

Before we deploy the Splunk Operator, we need to create an OpenShift project. Run the following command:

oc new-project splunk-operator

Now, run the following command to create the Splunk Operator ClusterServiceVersion:

oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/clusterserviceversion-splunk.v0.1.0.yaml

You will get the following output:

% oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/clusterserviceversion-splunk.v0.1.0.yamlclusterserviceversion.operators.coreos.com/splunk.v0.1.0 created

Now, run the following command to create the Operator Subscription:

oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/splunk-subscription.yaml

and you will see the following output:

% oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/splunk-subscription.yamlsubscription.operators.coreos.com/splunk-certified created

Deploy a Standalone instance

Next, we need to create a Splunk Enterprise Standalone instance. Run the following command to create it:

oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/standalone-standalone.yaml

You will see the following output:

% oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/standalone-standalone.yamlstandalone.enterprise.splunk.com/standalone created

After a few minutes, you can see the Splunk Standalone has been created:

% oc get StandaloneNAME         PHASE   DESIRED   READY   AGEstandalone   Ready   1         1       2m27s

Exposing the Splunk Standalone instance

The operation above creates a Kubernetes service, but it doesn’t expose it as an OpenShift router. Run the following command to expose it:

oc expose svc splunk-standalone-standalone-headless

You will see the following output:

% oc expose svc splunk-standalone-standalone-headlessroute.route.openshift.io/splunk-standalone-standalone-headless exposed

Now run the following command to retrieve the URL:

oc get route splunk-standalone-standalone-headless -o custom-columns="URL:.spec.host"

And you will get the URL for the Standalone instance

Logging in to the Standalone instance

To log in to the Standalone instance, we need to retrieve the admin’s password, stored in a Kubernetes secret.

Run the following command to retrieve the password and decrypt it:

oc get secret splunk-standalone-standalone-secrets -o custom-columns=PASSWORD:.data.password --no-headers | base64 -D

Now log in to the Standalone URL obtained in the previous step, using user admin and password obtained above. And voila! You are logged in to your new Splunk Standalone instance!

Conclusion

With the use of the operators and Custom Resources, we could create a Splunk Enterprise environment and a Standalone instance with just 4 commands!

That shows the power of Kubernetes Operators and OpenShift.

Learn more at www.ibm.com/garage

--

--

Eduardo Patrocinio
Eduardo Patrocinio

Written by Eduardo Patrocinio

Principal Solutions Architect, Strategic Accounts, AWS

No responses yet