Deployment Architecture

Splunk Operator - Splunk apps deployment failed

New Member


This is my first time setting up Splunk in Kubernetes by using Splunk Operator.

I have set up the cluster just fine. One challenge I'm having now is to deploy my Splunk Apps to our search head cluster. Here is the docs that I followed:

The issues are:

1. My deployer keeps getting undeployed everytime I make changes to the SHC CRD. idk why?

2. The app is simply not getting deployed. The app's .tgz file is already in my S3 bucket. Here's the spec of my SHC


    - location: searchHeadApps/
      name: assettrackerapp.tgz
    appsRepoPollIntervalSeconds: 30
      scope: cluster
      volumeName: volume_app_repo_us
    - endpoint:
      name: volume_app_repo_us
      path: dev-splunk-operator
      provider: aws
      secretRef: s3-secret
      storageType: s3


Here are some of the splunk-operator logs:


{"level":"info","ts":1634593053.3164997,"logger":"splunk.enterprise.ValidateAppFrameworkSpec","msg":"App framework configuration is valid"}
{"level":"info","ts":1634593053.3165247,"logger":"splunk.enterprise.initAndCheckAppInfoStatus","msg":"Checking status of apps on remote storage...","name":"sh","namespace":"splunk"}
{"level":"info","ts":1634593053.3165333,"logger":"splunk.enterprise.GetAppListFromS3Bucket","msg":"Getting the list of apps from remote storage...","name":"sh","namespace":"splunk"}
{"level":"info","ts":1634593053.3198195,"logger":"splunk.enterprise.GetRemoteStorageClient","msg":"Creating the client","name":"sh","namespace":"splunk","volume":"volume_app_repo_us","bucket":"dev-splunk-operator","bucket path":"searchHeadApps/"}
{"level":"info","ts":1634593053.3199255,"logger":"splunk.client.InitAWSClientSession","msg":"AWS Client Session initialization successful.","region":"","TLS Version":"TLS 1.2"}
{"level":"info","ts":1634593053.319938,"logger":"splunk.client.GetAppsList","msg":"Getting Apps list","AWS S3 Bucket":"dev-splunk-operator"}
{"level":"error","ts":1634593053.3199534,"logger":"splunk.client.GetAppsList","msg":"Unable to list items in bucket","AWS S3 Bucket":"dev-splunk-operator","error":"MissingRegion: could not find region configuration"


Please advise, thank you.

Labels (2)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...