The recommendations to configure Splunk instances that are running on K8S using the Splunk operator is by bundling .conf files in Splunk apps.

Unfortunately some things can’t be configured with Splunk apps, e.g. adding a user. Then you have two options:

  1. Adding the user manually via CLI or UI and therefore not having the configuration in Git OR
  2. Deploying a second instance in K8S that is doing the configuration for the first instance

Here’s the deployment YAML for this second option:

It’s just calling remotely /opt/splunk/bin/splunk add user rest -password test -role rest periodically every 60s to ensure that the user exists.

I know this is just a workaround, please support therefore: