UPDATE FROM FUTURE. The year is 2020. Kubernetes has taken over the world. Here is Splunk's alpha operator.
https://github.com/splunk/splunk-operator
UPDATE: While official Kubernetes support is still to come, we have released a supported docker image and have shared some early POC deployments that explore key concepts in Kubernetes here: https://github.com/splunk/docker-splunk/tree/master/test_scenarios/kubernetes
hi mwelch,
As of today, Splunk does not officially support running in containers or deploying the entire architecture on container orchestrators like k8s.
We are working internally to iron out the details of what we can support in the near future and beyond, as containerization and platforms like docker, kubernetes and openshift make their way into prod environments and as we ourselves look at what container orchestration can do for us.
This obviously does not mean it cannot be done, there are customers who have forged ahead in working through those learnings, and have had success, and we have kept a close eye on the results.
There is much to iron out to deal with the stateful nature of parts of the Splunk Architecture, as well as determining what the tradeoff and impacts are.
I would expect, eventually, to see something akin to our support of Splunk on virtualized platforms, with something like, running the UF as a deamonset as probably the most realistic option to arrive in the near term, but I am speculating.
If there is any change in that, I'll be sure to update this post. Also come join us in #kubernetes on the Splunk Community Slack channel. ( splk.it/slack )
- MattyMo
