-
-
Save marcusschiesser/bfa110fe3189ca5969f8a764c435a247 to your computer and use it in GitHub Desktop.
Injecting passwords from Kubernetes secrets into Splunk config files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
splunk: | |
conf: | |
- key: authentication | |
value: | |
directory: /opt/splunk/etc/system/local | |
content: | |
AD: | |
bindDNpassword : ${AD_PASSWORD} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
if [ "$#" -ne 2 ]; then | |
echo "Usage: create-config.sh <namespace> <config-tpl>" | |
exit 1 | |
fi | |
NAMESPACE=$1 | |
TEMPLATE=$2 | |
read -p "AD Password: " AD_PASSWORD | |
YML=$(cat $TEMPLATE | sed -e "s/\${AD_PASSWORD}/${AD_PASSWORD}/") | |
kubectl delete secret -n $NAMESPACE splunk-config-secret | |
kubectl create secret -n $NAMESPACE generic splunk-config-secret --from-literal=default.yml="${YML}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the Splunk K8S operator doesn't support injecting passwords from Kubernetes secrets into the Splunk config. The workaround is to store a complete configuration file as a secret, see splunk/splunk-operator#657
As configuration files can be quite large, I created a small bash script that is using template files for the configuration and filling in the secrets based on user input. You can create the K8S secret containing the configuration by calling:
create-config.sh $NAMESPACE config.tpl
The example is just asking for the Active Directory password, but you can easily extend it with more variables.
The resulting secret is named
splunk-config-secret
and stored in the namespace$NAMESPACE
.You can then reference the secret in your splunk-operator resource, e.g.: