I am running splunk in our kubernetes cluster and until now I was configuring only via the api and it works great.
I currently would like to change the email settings and not to do it via the api but by mounting a config-map and creating alert_actions.conf under /opt/splunk/etc/system/local
But the pod will keep crashing:
chown: changing ownership of ‘/opt/splunk/etc/system/local/’: Read-only file system
Any ideas about it please?
i suggest you check out our docker images (which use ansible for orchestration playbooks) and kubernetes operator! They contain app logic to allow you to upload splunk config via apps, rather than configmaps, which can get sketchy with permissions.