Splunk - Operator for Kubernetes

September 03, 2022

The Splunk Operator for Kubernetes enables organizations to easily deploy, scale, and manage Splunk Enterprise on your choice of cloud environment. With containers and Kubernetes becoming part of many modernization initiatives - teams can build and test Splunk effeciently at scale.

Splunk Kubernetes Operator

The initial release of verion 1.0 was in 2021 and version 2.0 dropped in 2022, with the evolution of the Splunk Operator App Framework.

What is a Kubernetes Operator?

Operators are software extensions to Kubernetes that make use of a custom resource to manage applications and their components. Operators follow Kubernetes principles, notably the control loop.

The exciting part about the Splunk Operator for Kubernetes is that it presents a real opportunity for customers to create their own automation to get Splunk running, especially at scale.

Splunk Operator for Kubernetes

With the Operater pattern in mind, the Splunk Kubernetes Operator takes the steps that a Splunk Administrator would take to create Splunk instances in a uniform and best practice way and automates it. Think of having the ability to simply enter a single command and have a clustered Splunk environment created based on the Splunk Validated Architecture. I know, this is exciting!


To get started, I would suggest installing a couple of items for local development.


Installing Minikube on you local machine enbables you to do local development and testing of Kubernetes on you laptop or desktop.


Is a client that connects to your Kubernetes cluster and makes it easy to send commands via command-line vs calling the Kubernetes API directly.

Profile picture

Written by Cliff Sanchez who lives and works in New York - building useful things. You should follow them on Twitter