This is an idea developed within the context of this engagement. To be extended and used at own risk.
This project is part of DEV1362 Technical Session at
- All apps are stored into a single GitHub repository
- Deployment performed by custom scripts
- Automation provided by GitHub Actions
- Fork and clone this repository
- Add custom apps files in
apps/directory - Add environment configuration files in
environments/ - Add environment names into
deploy.ymlmatrix - In Github, add secrets to repository, in particular:
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_REGION(of S3 Bucket),SPLUNK_USERNAME(forsplunk.comaccount)SPLUNK_PASSWORD(forsplunk.comaccount)SPLUNK_TOKEN_{INSTANCE_ID}(e.g.SPLUNK_TOKEN_TEST_ES, one token for each instance)
Splunk Tokens can be created either using UI or REST API: documentation
- Make changes to apps and/or environment configration, merge changes and enjoy the running automation!
Check: SYSTEM_DESIGN.md
- Pipelines triggers could differ from the suggested ones depending on the branches used
- New pipelines could integrate AppInspect execution via dedicated action(s)
deployment.ymlcould have more parameters, the suggested ones are the bare minimum- Remember: the main concept is keeping development and configurations separated!
- Be inspired by this solution! No need to apply revolutionary changes to the current architecture, maybe only a couple of them would be enough
- Splunkbase apps MUST be installed from Splunkbase on Splunk Cloud environments. ACS API can be leveraged to automatically install Splunkbase apps, but:
- Splunkbase apps cannot be installed from S3 because of App ID conflicts (they are not private apps!)
- Splunkbase apps cannot be installed with a custom configuration; once installed, they will have to be configured via UI or by calling other APIs
- Splunk Cloud ACS API
- AppInspect CLI Action
- AppInspect API Action
- Anatomy of Splunk Apps - Highly recommended read to clarify any doubts about usage of
default/andlocal/directories in Splunk Apps.