How to deploy Splunk in an OpenShift environment
Introduction
The introduction of Operators made it very simple to install complicated things in OpenShift (and any Kubernetes environment).
Take, for example, Splunk Enterprise. It used to take a long sequence of commands to install all the Kubernetes artifacts. Now, with the Splunk Operator (https://splunk.github.io/splunk-operator/), it’s straightforward to install it in an OpenShift environment.
In this article, I will show how to deploy Splunk Enterprise using the OpenShift command line and how to connect to it. I assume you are logged in to an OpenShift cluster to the CLI.
Deploying Splunk Operator
Before we deploy the Splunk Operator, we need to create an OpenShift project. Run the following command:
oc new-project splunk-operatorNow, run the following command to create the Splunk Operator ClusterServiceVersion:
oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/clusterserviceversion-splunk.v0.1.0.yamlYou will get the following output:
% oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/clusterserviceversion-splunk.v0.1.0.yamlclusterserviceversion.operators.coreos.com/splunk.v0.1.0 created
Now, run the following command to create the Operator Subscription:
oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/splunk-subscription.yamland you will see the following output:
% oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/splunk-subscription.yamlsubscription.operators.coreos.com/splunk-certified created
Deploy a Standalone instance
Next, we need to create a Splunk Enterprise Standalone instance. Run the following command to create it:
oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/standalone-standalone.yamlYou will see the following output:
% oc apply -f https://raw.githubusercontent.com/patrocinio/openshift/main/splunk/standalone-standalone.yamlstandalone.enterprise.splunk.com/standalone created
After a few minutes, you can see the Splunk Standalone has been created:
% oc get StandaloneNAME PHASE DESIRED READY AGEstandalone Ready 1 1 2m27s
Exposing the Splunk Standalone instance
The operation above creates a Kubernetes service, but it doesn’t expose it as an OpenShift router. Run the following command to expose it:
oc expose svc splunk-standalone-standalone-headlessYou will see the following output:
% oc expose svc splunk-standalone-standalone-headlessroute.route.openshift.io/splunk-standalone-standalone-headless exposed
Now run the following command to retrieve the URL:
oc get route splunk-standalone-standalone-headless -o custom-columns="URL:.spec.host"And you will get the URL for the Standalone instance
Logging in to the Standalone instance
To log in to the Standalone instance, we need to retrieve the admin’s password, stored in a Kubernetes secret.
Run the following command to retrieve the password and decrypt it:
oc get secret splunk-standalone-standalone-secrets -o custom-columns=PASSWORD:.data.password --no-headers | base64 -DNow log in to the Standalone URL obtained in the previous step, using user admin and password obtained above. And voila! You are logged in to your new Splunk Standalone instance!
Conclusion
With the use of the operators and Custom Resources, we could create a Splunk Enterprise environment and a Standalone instance with just 4 commands!
That shows the power of Kubernetes Operators and OpenShift.
Learn more at www.ibm.com/garage