Trying things till they work!

Now that my lab server has been migrated to Ubuntu and Microk8s has been installed, it's time to deploy our first app!

Naturally, I will be start by deploying Splunk which will I rely on to give me deep insight into anything that happens in my lab!

I will be deploying a "Standalone" Splunk instance as my main "Production" instance, but will also need to deploy test and dev clusters from time to time.

To help deploy both, I will be using Splunk's Kubernetes Operator.

Splunk Operator for Kubernetes. Contribute to splunk/splunk-operator development by creating an account on GitHub.

The Splunk Operator for Kubernetes makes it easy for Splunk Administrators to deploy and operate Enterprise deployments in a Kubernetes infrastructure. Packaged as a container, it uses the operator pattern to manage Splunk-specific custom resources, following best practices to manage all the underlying Kubernetes objects for you.

You had me at "easy"!

Installing the Splunk Operator is literally a one-liner!

kubectl -n splunk apply -f created created created
serviceaccount/splunk-operator created created
deployment.apps/splunk-operator created

After a moment, you will notice the Splunk Operator pod has spun up in our Splunk namespace:

kubectl -n splunk get pods
NAME                               READY   STATUS    RESTARTS   AGE
splunk-operator-75454dbdfc-8bbgf   1/1     Running   0          40m

The Splunk Operator pod will listen requests for Splunk resources and deploy them!

Storage Considerations

/dev/mapper/ubuntu--vg-lv--root  784G   16G  729G   3% /

I have ~700GB total in the lab, so I am going to slice off 300GB for /opt/splunk/var/ and 5GB for /opt/splunk/etc/, knowing I have SmartStore as an adventure I will take, which can be a disk pressure valve.

kind: SplunkEnterprise
  name: mattymo-splunk
  app: splunk
  region: milton
    splunkEtcStorage: 5Gi
    splunkVarStorage: 300Gi
  defaults: |-
      password: password
      hec_token: 00000000-0000-0000-0000-000000000000

Going with a real simple bootstrap, as I will be able to easily install Splunk apps via the UI/CLI as needed.

kubectl -n splunk port-forward splunk-mattymo-splunk-standalone-0 9999:8000

We are Live!

Now that Splunk is up, let's get our MicroK8s environment instrumented!

Coming Up: Deploying Splunk Connect for Kubernetes with Helm!

You’ve successfully subscribed to
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.