Parameters

The parent key for all of the following parameters is openshift4_splunk_forwarder.

fluentd

type

dictionary
default 
fluentd:
    loglevel: info
    replicas: 2
    sharedkey: '?{vaultkv:${cluster:tenant}/${cluster:name}/openshift4-splunk-forwarder/${_instance}/fluentd/sharedkey}'
    ssl:
      enabled: false
      cert: ""
      key: '?{vaultkv:${cluster:tenant}/${cluster:name}/openshift4-splunk-forwarder/${_instance}/fluentd/privatekey}'
      passphrase: '?{vaultkv:${cluster:tenant}/${cluster:name}/openshift4-splunk-forwarder/${_instance}/fluentd/privatekey-passphrase}'

Fluentd pod parameters.

loglevel

type

string
default

"info"

Log level of the splunk-forwarder pod (docs.fluentd.org/deployment/logging).

replicas

type

integer
default

1

Number of replicas of the splunk-forwarder pod.

sharedkey

type

string
default

Vault reference

A Vault reference pointing to the Vault secret containing the shared key for authentication (see docs.fluentd.org/input/forward).

# Adjust to your environment
instance=#INSTANCE_NAME
key="clusters/kv/${TENANT_ID}/${CLUSTER_ID}/openshift4-splunk-forwarder/${instance}/fluentd"

# Query for existing secrets first
vault kv get "${key}"

# If there are existing secrets, add your instance secrets:
vault kv patch "${key}" sharedkey=$(pwgen -s 32 1)

# If there is no pre-existing secret, create new:
vault kv put "${key}" sharedkey=$(pwgen -s 32 1)

ssl.enabled

type

boolean
default

false

Enable fluentd SSL encryption.

ssl.cert

type

string
default

""

The SSL certificate as a string.

See Create Fluentd Cert to generate the Fluentd certificate.

ssl.key

type

string
default

Vault reference

A Vault reference to the SSL private key.

See Create Fluentd Cert to generate the Fluentd certificate.

splunk

type

dictionary
default 
splunk:
  token: #VAULT_SECRET
  hostname: splunk.syn-splunk.svc
  port: 8088
  insecure: true
  protocol: https
  index: openshift
  sourcetype: openshift
  source: openshift
  ca: ""

Parameters for Splunk integration.

token

type

string
default

Vault reference

A Vault reference pointing to the Vault secret containing the Splunk HEC token.

See Get Splunk Token to acquire the HEC token.

hostname

type

string
default

"splunk.syn-splunk.svc"

Hostname of Splunk server.

port

type

integer
default

8088

Port of Splunk server.

insecure

type

boolean
default

true

If this value is set to true the certificates of Splunk server aren’t validated.

protocol

type

string
default

"https"

Protocol used to forward logs to Splunk server, either http or https.

index

type

string
default

"openshift"

See docs.splunk.com/Splexicon:Index.

sourcetype

type

string
default

"openshift"

See docs.splunk.com/Splexicon:Sourcetype.

source

type

string
default

"openshift"

See docs.splunk.com/Splexicon:Source.

ca

type

string
default

""

The CA certificate for the Splunk server. Only required if the Splunk server is secured with a certificate which is signed by a CA that’s not trusted by default.

Example

applications:
  - openshift4-splunk-forwarder as splunk-forwarder-customer-a

parameters:
  splunk_forwarder_customer_a:
    fluentd:
      ssl:
        enabled: true
        cert: |-
          -----BEGIN CERTIFICATE-----
          ...
          -----END CERTIFICATE-----

    splunk:
      hostname: prd-3948237.splunk.com
      port: 8088
      protocol: https