diff --git a/charts/incubator/splunk/Chart.yaml b/charts/incubator/splunk/Chart.yaml index 7832621ebc5..f72f02e011f 100644 --- a/charts/incubator/splunk/Chart.yaml +++ b/charts/incubator/splunk/Chart.yaml @@ -28,4 +28,4 @@ sources: - https://splunk.github.io/docker-splunk - https://hub.docker.com/r/splunk/splunk type: application -version: 2.1.1 +version: 3.0.0 diff --git a/charts/incubator/splunk/questions.yaml b/charts/incubator/splunk/questions.yaml index f1f181bcf20..2d24f9af041 100644 --- a/charts/incubator/splunk/questions.yaml +++ b/charts/incubator/splunk/questions.yaml @@ -8,30 +8,43 @@ questions: # Include{replicas} # Include{replica1} # Include{controllerExpertExtraArgs} - - variable: env - group: "App Configuration" - label: "Image Environment" + - variable: splunk + group: App Configuration + label: Splunk Configuration schema: additional_attrs: true type: dict attrs: - - variable: SPLUNK_CLI_ARGS - label: "SPLUNK_CLI_ARGS" - description: "Arguments to start Splunk with. " + - variable: acceptLicense + label: Accept License + description: Arguments to start Splunk with. + schema: + type: boolean + default: true + - variable: password + label: Splunk Password + description: Splunk Web UI admin password. schema: type: string - default: "--accept-license --no-prompt" - - variable: ADMIN_PASSWORD - label: "ADMIN_PASSWORD" - description: "Splunk Web UI admin password." + private: true + default: "" + - variable: extraArgs + label: Extra Startup Arg schema: - type: string - default: "changeme2019" + type: list + default: [] + items: + - variable: argEntry + label: Arg Entry + schema: + type: string + required: true + default: "" # Include{containerConfig} # Include{serviceRoot} - variable: main - label: "Main Service" - description: "The Primary service on which the healthcheck runs, often the webUI" + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI schema: additional_attrs: true type: dict @@ -39,21 +52,21 @@ questions: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main - label: "Main Service Port Configuration" + label: Main Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port - label: "Port" - description: "This port exposes the container port on the service" + label: Port + description: This port exposes the container port on the service schema: type: int default: 8000 required: true - variable: management - label: 'management service' - description: "HTTPS API" + label: management service + description: HTTPS API schema: additional_attrs: true type: dict @@ -61,21 +74,21 @@ questions: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: management - label: "management Service Port Configuration" + label: management Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port - label: "Port" - description: "This port exposes the container port on the service" + label: Port + description: This port exposes the container port on the service schema: type: int default: 8089 required: true - variable: dataingest - label: 'dataingest service' - description: "SplunkTCP input" + label: dataingest service + description: SplunkTCP input schema: additional_attrs: true type: dict @@ -83,14 +96,14 @@ questions: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: dataingest - label: "dataingest Service Port Configuration" + label: dataingest Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port - label: "Port" - description: "This port exposes the container port on the service" + label: Port + description: This port exposes the container port on the service schema: type: int default: 9997 @@ -100,25 +113,25 @@ questions: # Include{serviceExpert} # Include{serviceList} # Include{persistenceRoot} - - variable: datapersist - label: "datapersist Storage" - description: "For indexed data persistence" + - variable: data + label: data Storage + description: For indexed data persistence schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - - variable: configpersist - label: "configpersist Storage" - description: "For config and app data persistence" + - variable: config + label: config Storage + description: For config and app data persistence schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - - variable: appcredspersist - label: "appcredspersist Storage" - description: "For passwordencryption persistence" + - variable: appcreds + label: appcreds Storage + description: For passwordencryption persistence schema: additional_attrs: true type: dict @@ -127,7 +140,7 @@ questions: # Include{persistenceList} # Include{ingressRoot} - variable: main - label: "Main Ingress" + label: Main Ingress schema: additional_attrs: true type: dict @@ -139,41 +152,41 @@ questions: # Include{security} # Include{securityContextAdvancedRoot} - variable: privileged - label: "Privileged mode" + label: Privileged mode schema: type: boolean default: false - variable: readOnlyRootFilesystem - label: "ReadOnly Root Filesystem" + label: ReadOnly Root Filesystem schema: type: boolean default: false - variable: allowPrivilegeEscalation - label: "Allow Privilege Escalation" + label: Allow Privilege Escalation schema: type: boolean default: false - variable: runAsNonRoot - label: "runAsNonRoot" + label: runAsNonRoot schema: type: boolean default: false # Include{podSecurityContextRoot} - variable: runAsUser - label: "runAsUser" - description: "The UserID of the user running the application" + label: runAsUser + description: The UserID of the user running the application schema: type: int default: 0 - variable: runAsGroup - label: "runAsGroup" - description: The groupID this App of the user running the application" + label: runAsGroup + description: The groupID this App of the user running the application schema: type: int default: 0 - variable: fsGroup - label: "fsGroup" - description: "The group that should own ALL storage." + label: fsGroup + description: The group that should own ALL storage. schema: type: int default: 568 diff --git a/charts/incubator/splunk/templates/_config.tpl b/charts/incubator/splunk/templates/_config.tpl new file mode 100644 index 00000000000..d835620871e --- /dev/null +++ b/charts/incubator/splunk/templates/_config.tpl @@ -0,0 +1,32 @@ +{{/* Define the secret */}} +{{- define "splunk.secret" -}} + +{{- $splunkSecret := printf "%s-splunk-config" (include "tc.common.names.fullname" .) }} +{{- $argList := list -}} + +{{- if .Values.splunk.acceptLicense -}} + {{- $argList = append $argList "--accept-license" -}} +{{- end -}} + +{{- with .Values.splunk.extraArgs -}} + {{- range . -}} + {{- $argList = append $argList . -}} + {{- end -}} +{{- end }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $splunkSecret }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +stringData: + {{- with $argList }} + SPLUNK_START_ARGS: {{ join " " . | quote }} + {{- end }} + + {{- with .Values.splunk.password }} + SPLUNK_PASSWORD: {{ . }} + {{- end }} +{{- end -}} diff --git a/charts/incubator/splunk/templates/common.yaml b/charts/incubator/splunk/templates/common.yaml index cbf66c20818..f8fb2812de8 100644 --- a/charts/incubator/splunk/templates/common.yaml +++ b/charts/incubator/splunk/templates/common.yaml @@ -1,2 +1,5 @@ -{{/* Render the templates */}} -{{ include "tc.common.loader.all" . }} +{{ include "tc.common.loader.init" . }} + +{{- include "splunk.secret" . }} + +{{ include "tc.common.loader.apply" . }} diff --git a/charts/incubator/splunk/values.yaml b/charts/incubator/splunk/values.yaml index f476eb935f7..54f7d2f47a9 100644 --- a/charts/incubator/splunk/values.yaml +++ b/charts/incubator/splunk/values.yaml @@ -1,26 +1,25 @@ -env: - ADMIN_PASSWORD: changeme2019 - SPLUNK_CLI_ARGS: --accept-license --no-prompt image: pullPolicy: IfNotPresent - repository: tccr.io/truecharts/splunk - tag: latest@sha256:869e2d91515fd8704c0647931d4f46695536a3779bfbb181e20003042c96bb2a -persistence: - appcredspersist: - enabled: true - mountPath: /opt/splunk/etc/auth - configpersist: - enabled: true - mountPath: /opt/splunk/etc/apps - datapersist: - enabled: true - mountPath: /splunkdata + repository: splunk/splunk + tag: 9.0.2@sha256:a12eca0fbe252329e3b8c235cd8b26b31f4203a32132eb31c42ae1a86cd79256 + podSecurityContext: runAsGroup: 0 runAsUser: 0 + securityContext: readOnlyRootFilesystem: false runAsNonRoot: false + +splunk: + acceptLicense: true + password: changeme + extraArgs: [] + +envFrom: + - secretRef: + name: '{{ include "tc.common.names.fullname" . }}-splunk-config' + service: dataingest: enabled: true @@ -45,5 +44,16 @@ service: protocol: HTTP targetPort: 8089 +persistence: + appcreds: + enabled: true + mountPath: /opt/splunk/etc/ + config: + enabled: true + mountPath: /opt/splunk/var + datap: + enabled: true + mountPath: /splunkdata + portal: enabled: true