circa10a/splunk-keda.yaml

## splunk-keda.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: splunkconf
data:
  default.yml: |
    splunk:
      conf:
        - key: savedsearches
          value:
            directory: /opt/splunk/etc/users/admin/search/local
            content:
              e2eSavedSearch:
                action.email.useNSSubject: 1
                action.webhook.enable_allowlist: 0
                alert.track: 0
                cron_schedule: '*/1 * * * *'
                dispatch.earliest_time: -15m
                dispatch.latest_time: now
                display.general.type: statistics
                display.page.search.tab: statistics
                display.visualizations.show: 0
                enableSched: 1
                request.ui_dispatch_app: search
                request.ui_dispatch_view: search
                search: index=_internal | tail | stats count
---
apiVersion: v1
kind: Secret
metadata:
  name: splunk-creds
data:
  password: cGFzc3dvcmQ= # just "password"
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
  name: splunk-auth
spec:
  secretTargetRef:
    - parameter: password
      name: splunk-creds
      key: password
---
apiVersion: v1
kind: Service
metadata:
  name: splunk
spec:
  ports:
    - port: 8000
      targetPort: web
      name: web-svc
    - port: 8089
      targetPort: 8089
      name: api-svc
  selector:
    app: splunk
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: splunk
spec:
  replicas: 1
  selector:
    matchLabels:
      app: splunk
  template:
    metadata:
      labels:
        app: splunk
    spec:
      containers:
      - name: splunk
        image: splunk/splunk:9.2
        ports:
          - containerPort: 8000
            name: web
          - containerPort: 8089
            name: api
        env:
          - name: SPLUNK_START_ARGS
            value: --accept-license
          - name: SPLUNK_PASSWORD
            value: password
        volumeMounts:
          - name: splunkconf-volume
            mountPath: /tmp/defaults
      volumes:
        - name: splunkconf-volume
          configMap:
            name: splunkconf
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 8080
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
  name: splunk-scaledobject
spec:
  pollingInterval: 15
  minReplicaCount: 1
  maxReplicaCount: 3
  scaleTargetRef:
    name: nginx
  triggers:
  - type: splunk
    authenticationRef:
      name: splunk-auth
    metadata:
      host: https://splunk.default.svc.cluster.local:8089
      username: admin # used for auth if password is provided via authentication ref, must have permission to the saved search
      verifyTLS: "false"
      targetValue: "11"
      activationValue: "15"
      savedSearchName: e2eSavedSearch
      valueField: count
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: splunkconf
	data:
	default.yml: \|
	splunk:
	conf:
	- key: savedsearches
	value:
	directory: /opt/splunk/etc/users/admin/search/local
	content:
	e2eSavedSearch:
	action.email.useNSSubject: 1
	action.webhook.enable_allowlist: 0
	alert.track: 0
	cron_schedule: '/1 * * *'
	dispatch.earliest_time: -15m
	dispatch.latest_time: now
	display.general.type: statistics
	display.page.search.tab: statistics
	display.visualizations.show: 0
	enableSched: 1
	request.ui_dispatch_app: search
	request.ui_dispatch_view: search
	search: index=_internal \| tail \| stats count
	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: splunk-creds
	data:
	password: cGFzc3dvcmQ= # just "password"
	---
	apiVersion: keda.sh/v1alpha1
	kind: TriggerAuthentication
	metadata:
	name: splunk-auth
	spec:
	secretTargetRef:
	- parameter: password
	name: splunk-creds
	key: password
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: splunk
	spec:
	ports:
	- port: 8000
	targetPort: web
	name: web-svc
	- port: 8089
	targetPort: 8089
	name: api-svc
	selector:
	app: splunk
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: splunk
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: splunk
	template:
	metadata:
	labels:
	app: splunk
	spec:
	containers:
	- name: splunk
	image: splunk/splunk:9.2
	ports:
	- containerPort: 8000
	name: web
	- containerPort: 8089
	name: api
	env:
	- name: SPLUNK_START_ARGS
	value: --accept-license
	- name: SPLUNK_PASSWORD
	value: password
	volumeMounts:
	- name: splunkconf-volume
	mountPath: /tmp/defaults
	volumes:
	- name: splunkconf-volume
	configMap:
	name: splunkconf
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: nginx
	spec:
	selector:
	matchLabels:
	app: nginx
	replicas: 1
	template:
	metadata:
	labels:
	app: nginx
	spec:
	containers:
	- name: nginx
	image: nginx
	ports:
	- containerPort: 8080
	---
	apiVersion: keda.sh/v1alpha1
	kind: ScaledObject
	metadata:
	name: splunk-scaledobject
	spec:
	pollingInterval: 15
	minReplicaCount: 1
	maxReplicaCount: 3
	scaleTargetRef:
	name: nginx
	triggers:
	- type: splunk
	authenticationRef:
	name: splunk-auth
	metadata:
	host: https://splunk.default.svc.cluster.local:8089
	username: admin # used for auth if password is provided via authentication ref, must have permission to the saved search
	verifyTLS: "false"
	targetValue: "11"
	activationValue: "15"
	savedSearchName: e2eSavedSearch
	valueField: count