Currently, the Splunk K8S operator doesn’t support injecting passwords from Kubernetes secrets into the Splunk config. The workaround is to store a complete configuration file as a secret, see https://github.com/splunk/splunk-operator/issues/657
As configuration files can be quite large, I created a small bash script that is using template files for the configuration and filling in the secrets based on user input. You can create the K8S secret containing the configuration by calling:
create-config.sh $NAMESPACE config.tpl
The example is just asking for the Active Directory password, but you can easily extend it with more variables.
The resulting secret is named
splunk-config-secret and stored in the namespace
You can then reference the secret in your splunk-operator resource, e.g.:
apiVersion: enterprise.splunk.com/v2 kind: Standalone metadata: name: s1 finalizers: - enterprise.splunk.com/delete-pvc spec: volumes: - name: default secret: secretName: splunk-config-secret defaultsUrl: /mnt/default/default.yml