Trying things till they work!

Now that my lab server has been migrated to Ubuntu and Microk8s has been installed, it's time to deploy our first app!

Naturally, I will be start by deploying Splunk which will I rely on to give me deep insight into anything that happens in my lab!

I will be deploying a "Standalone" Splunk instance as my main "Production" instance, but will also need to deploy test and dev clusters from time to time.

To help deploy both, I will be using Splunk's Kubernetes Operator.

splunk/splunk-operator
Splunk Operator for Kubernetes. Contribute to splunk/splunk-operator development by creating an account on GitHub.

The Splunk Operator for Kubernetes makes it easy for Splunk Administrators to deploy and operate Enterprise deployments in a Kubernetes infrastructure. Packaged as a container, it uses the operator pattern to manage Splunk-specific custom resources, following best practices to manage all the underlying Kubernetes objects for you.

You had me at "easy"!

Installing the Splunk Operator is literally a one-liner!

kubectl -n splunk apply -f http://tiny.cc/splunk-operator-install
customresourcedefinition.apiextensions.k8s.io/splunkenterprises.enterprise.splunk.com created
clusterrole.rbac.authorization.k8s.io/splunk:operator:namespace-manager created
clusterrole.rbac.authorization.k8s.io/splunk:operator:resource-manager created
serviceaccount/splunk-operator created
rolebinding.rbac.authorization.k8s.io/splunk:operator:namespace-manager created
deployment.apps/splunk-operator created

After a moment, you will notice the Splunk Operator pod has spun up in our Splunk namespace:

kubectl -n splunk get pods
NAME                               READY   STATUS    RESTARTS   AGE
splunk-operator-75454dbdfc-8bbgf   1/1     Running   0          40m

The Splunk Operator pod will listen requests for Splunk resources and deploy them!

Storage Considerations

/dev/mapper/ubuntu--vg-lv--root  784G   16G  729G   3% /

I have ~700GB total in the lab, so I am going to slice off 300GB for /opt/splunk/var/ and 5GB for /opt/splunk/etc/, knowing I have SmartStore as an adventure I will take, which can be a disk pressure valve.

apiVersion: enterprise.splunk.com/v1alpha1
kind: SplunkEnterprise
metadata:
  name: mattymo-splunk
  app: splunk
  region: milton
  finalizers:
  - enterprise.splunk.com/delete-pvc
spec: 
  resources:
    splunkEtcStorage: 5Gi
    splunkVarStorage: 300Gi
  defaults: |-
    splunk:
      password: password
      hec_token: 00000000-0000-0000-0000-000000000000

Going with a real simple bootstrap, as I will be able to easily install Splunk apps via the UI/CLI as needed.

kubectl -n splunk port-forward splunk-mattymo-splunk-standalone-0 9999:8000

We are Live!

Now that Splunk is up, let's get our MicroK8s environment instrumented!

Coming Up: Deploying Splunk Connect for Kubernetes with Helm!

You’ve successfully subscribed to mattymo.io
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.