Currently, the Splunk K8S operator doesn’t support injecting passwords from Kubernetes secrets into the Splunk config. The workaround is to store a complete configuration file as a secret, see https://github.com/splunk/splunk-operator/issues/657

As configuration files can be quite large, I created a small bash script that is using template files for the configuration and filling in the secrets based on user input. You can create the K8S secret containing the configuration by calling:

create-config.sh $NAMESPACE config.tpl

The example is just asking for the Active Directory password, but you can easily extend it with more variables.

The resulting secret is named splunk-config-secret and stored in the namespace $NAMESPACE.

You can then reference the secret in your splunk-operator resource, e.g.:

apiVersion: enterprise.splunk.com/v2
kind: Standalone
metadata:
  name: s1
  finalizers:
  - enterprise.splunk.com/delete-pvc
spec:
  volumes:
    - name: default
      secret:
        secretName: splunk-config-secret
  defaultsUrl: /mnt/default/default.yml