Deployment Architecture
Highlighted

search head cluster with ansible and kubernetese

Path Finder

Hello
how can i configure search heade cluster with ansible and kubernetese ?

this is my configuration :

splunk-chart: namespace:
dev-aviation-01 persistence:
search:
dataSize: 50Gi
configSize: 10Gi
master:
dataSize: 50Gi
configSize: 10Gi
indexer:
dataSize: 250Gi
configSize: 10Gi app:

configs:
enabled: true
## The image must contain 'indexer','master', and 'search' dirs
in /data
image:
repository: gcr.io/argussec1/splunk-aviation-configs
tag: 2.3.0
env:
- name: SPLUNKBEFORESTART_CMD
value: sudo rm /opt/splunk/var/lib/splunk/kvstore/mongo/mongod.lock
indexer:
replicas: 1

resources:
requests:
memory: 4Gi
cpu: 1
limits:
memory: 8Gi
cpu: 4

 # default configuration loaded by splunk, exposed by nginx  

splunkDefaults:
defaultYml:
ansibleposttasks: null
ansiblepretasks: null
config:
baked: default.yml
defaultsdir: /tmp/defaults
env:
headers: null
var: SPLUNK
DEFAULTSURL
verify: true
host:
headers: null
url: null
verify: true
max
delay: 60
maxretries: 3
max
timeout: 1200
hidepassword: false
retry
num: 50
shcbootstrapdelay: 30
splunk:
adminuser: admin
allow
upgrade: true
apppaths:
default: /opt/splunaviationtc/apps
deployment: /opt/spaviationk/etc/deployment-apps
httpinput: /opt/splaviation/etc/apps/splunk
httpinput
idxc: /opt/splunk/eaviationmaster-apps
shc: /opt/splunk/etaviationhcluster/apps
enableservice: false
exec: /opt/splunk/bin/splunk
group: splunk
hec
disabled: 0
hecenableSSL: 0
hec
port: 8088
hectoken: ea `` home: /opt/splunk
http
enableSSL: 0
httpenableSSLcert: null
httpenableSSLprivKey: null
httpenableSSLprivKeypassword: null
http
port: 8000
idxc:
enable: false
label: idxclabel
replication
factor: 3
replicationport: 9887
search
factor: 3
secret: T
ignorelicense: false
license
downloaddest: /tmp/splunk.lic
nfr
license: /tmp/nfrenterprise.lic
opt: /opt
password: "" #overriden in the environment variables
pid: /opt/splunk/var/run/splunk/splunkd.pid
s2s
enable: true
s2sport: 9997
search
headclusterurl: null
secret: null
shc:
enable: false
label: shclabel
replication
factor: 3
replicationport: 9887
secret: C
smartstore: null
svc
port: 8089
tardir: splunk
user: splunk
wildcard
license: false
conf:
server:
directory: /opt/splunk/etc/system/local
content:
clustering:
summaryreplication : true
splunk
homeownershipenforcement:
true

but i don't see any cluster or even more than 1 SH...
what am i missing ?

0 Karma
Highlighted

Re: search head cluster with ansible and kubernetese

Builder

why setup your own ansible when splunk has made it open source:
https://github.com/splunk/splunk-ansible

0 Karma
Highlighted

Re: search head cluster with ansible and kubernetese

Path Finder

i used this
but i don't see the search heads iv'e added
i guess im missing something but i cant tell what
after configuring the ansible should i configure something else in splunk ? where should i check to see that the cluster is up and running ?

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.