CSPL-3549 Splunk Operator Enhancement – Ingestion and Indexing Separation #1550
Conversation
kasiakoziol
force-pushed
the
CSPL-3551-ingestion-cr
branch
6 times, most recently
from
ca230a9 to
eb21049
Compare
kasiakoziol
force-pushed
the
CSPL-3551-ingestion-cr
branch
from
eb21049 to
2cca0d7
Compare
Pull Request Test Coverage Report for Build 21912466524Details
💛 - Coveralls |
kasiakoziol
force-pushed
the
CSPL-3551-ingestion-cr
branch
from
d3779b0 to
44349fa
Compare
kasiakoziol
force-pushed
the
CSPL-3551-ingestion-cr
branch
13 times, most recently
from
3b2cf1c to
5cad7f9
Compare
…est-index Feature/CSPL-4360 Secret reference for Index & Ingestion separation
…-2-crs CSPL-4358 Split BusConfiguration CR into 2 CRs - Queue and ObjectStorage
|
CLA Assistant Lite bot CLA Assistant Lite bot All contributors have signed the COC ✍️ ✅ |
|
CLA Assistant Lite bot: I have read the CLA Document and I hereby sign the CLA 1 out of 2 committers have signed the CLA. |
kasiakoziol
requested review from
Igor-splunk,
gabrielm-splunk,
kubabuczak,
minjieqiu,
qingw-splunk,
rlieberman-splunk and
vivekr-splunk
|
I have read the CLA Document and I hereby sign the CLA |
|
recheck |
|
I have read the Code of Conduct and I hereby accept the Terms |
|
recheck |
kasiakoziol
changed the title
|
|
||
| // If queue is updated | ||
| if cr.Spec.QueueRef.Name != "" { | ||
| if secretChanged || serviceAccountChanged { |
There was a problem hiding this comment.
I do not think we need to worry about changes to the serviceAccount name or role binding itself. IRSA is external to Splunk and operates at the pod level to provide temporary AWS credentials. As long as the pod is correctly annotated and associated with the IAM role, IRSA will continue to function independently of Splunk’s internal logic.
Separately, and unrelated to Ingestion and Indexing separation, we should consider what happens if the AWS secret changes in the SmartStore configuration. That scenario also requires attention. If object storage credentials are updated, we need a well-defined mechanism to ensure the new credentials are picked up safely and consistently.
Given these cases, the restart logic needs to be revisited. Instead of implementing custom coordination logic inside the controller, we should rely on Kubernetes-native mechanisms. For example:
- Let Kubernetes make eviction decisions based on Pod Disruption Budgets.
- Use standard StatefulSet rolling restart behavior where appropriate.
- Ensure that any SmartStore configuration changes are applied via Ansible and/or init containers during pod restart.
The goal should be to keep the operator lightweight and defer restart orchestration to Kubernetes wherever possible, rather than embedding complex restart coordination inside the controller.
There was a problem hiding this comment.
SmartStore is not implemented to Index and Ingestion separation, so that's a separate case as mentioned by you. We might want to get back to this topic in the nearest future.
Yes, we need to revisit the restart implementation. I created a task as asked by you and we might want to look into this soon.
kasiakoziol
force-pushed
the
CSPL-3551-ingestion-cr
branch
from
0c57283 to
6f08c09
Compare
kasiakoziol
force-pushed
the
CSPL-3551-ingestion-cr
branch
from
6f08c09 to
7d7a55e
Compare
6 participants
Depends on
Description
This PR implements a separation between ingestion and indexing services within the Splunk Operator for Kubernetes. The goal is to enable the operator to independently manage the ingestion service while maintaining seamless integration with the indexing service.
Key Changes
Testing and Verification
Related Issues
Jira Epic: https://splunk.atlassian.net/browse/CSPL-3549
PR Checklist