add support for admin-managed-pv annotation

Patryk Wasielewski · Patryk Wasielewski · commit 86ecdaadbdd9 · 2025-05-19T15:56:15.000+02:00
diff --git a/docs/CustomResources.md b/docs/CustomResources.md
@@ -403,6 +403,45 @@ spec:
   replicas: 1
 ```
 
+#### admin-managed-pv Annotations
+The admin-managed-pv annotation in the splunk-operator's Custom Resource allows the admin to control whether Persistent Volumes (PVs) are dynamically created for the StatefulSet associated with the CR. If set to `true`, no PVs will be created, and the Persistent Volume Claim templates in the StatefulSet manifest will include a selector block to match `app.kubernetes.io/instance` and `app.kubernetes.io/name` labels for pre-created PVs. This means that `/opt/splunk/etc` and `/opt/splunk/var` related PVCs will contain code block like below 
+
+```
+apiVersion: v1
+kind: PersistentVolumeClaim
+...
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: splunk-cm-cluster-manager
+      app.kubernetes.io/name: cluster-manager
+```
+
+To match selector definition like this, Persistent Volume must set labels accordingly 
+
+```
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-example-etc
+  labels:
+    app.kubernetes.io/instance: splunk-cm-cluster-manager
+    app.kubernetes.io/name: cluster-manager
+```
+
+When admin-managed-pv is set to `false`, PVs will be dynamically created as usual, providing dedicated persistent storage for the StatefulSet.
+
+Here is an example of a Standalone with the admin-managed-pv annotation set. After 
+```
+apiVersion: enterprise.splunk.com/v4
+kind: Standalone
+metadata:
+  name: single
+  finalizers:
+  - enterprise.splunk.com/delete-pvc
+  annotations:
+    enterprise.splunk.com/admin-managed-pv: "true"
+```
+
 #### Container Logs
 The Splunk Enterprise CRDs deploy Splunkd in Kubernetes pods running [docker-splunk](https://github.com/splunk/docker-splunk) container images. Adding a couple of environment variables to the CR spec as follows produces `detailed container logs`:
 
diff --git a/pkg/splunk/enterprise/configuration.go b/pkg/splunk/enterprise/configuration.go
@@ -23,6 +23,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"strconv"
+	"strings"
 
 	orderedmap "github.com/wk8/go-ordered-map/v2"
 	appsv1 "k8s.io/api/apps/v1"
@@ -98,52 +99,69 @@ func getSplunkLabels(instanceIdentifier string, instanceType InstanceType, partO
 }
 
 // getSplunkVolumeClaims returns a standard collection of Kubernetes volume claims.
-func getSplunkVolumeClaims(cr splcommon.MetaObject, spec *enterpriseApi.CommonSplunkSpec, labels map[string]string, volumeType string) (corev1.PersistentVolumeClaim, error) {
+func getSplunkVolumeClaims(cr splcommon.MetaObject, spec *enterpriseApi.CommonSplunkSpec, labels map[string]string, volumeType string, adminManagedPV bool) (corev1.PersistentVolumeClaim, error) {
 	var storageCapacity resource.Quantity
 	var err error
-
-	storageClassName := ""
+	var storageClassName string
+	var	volumeClaim corev1.PersistentVolumeClaim
 
 	// Depending on the volume type, determine storage capacity and storage class name(if configured)
 	if volumeType == splcommon.EtcVolumeStorage {
 		storageCapacity, err = splcommon.ParseResourceQuantity(spec.EtcVolumeStorageConfig.StorageCapacity, splcommon.DefaultEtcVolumeStorageCapacity)
 		if err != nil {
 			return corev1.PersistentVolumeClaim{}, fmt.Errorf("%s: %s", "etcStorage", err)
 		}
-		if spec.EtcVolumeStorageConfig.StorageClassName != "" {
-			storageClassName = spec.EtcVolumeStorageConfig.StorageClassName
-		}
+		storageClassName = spec.EtcVolumeStorageConfig.StorageClassName
 	} else if volumeType == splcommon.VarVolumeStorage {
 		storageCapacity, err = splcommon.ParseResourceQuantity(spec.VarVolumeStorageConfig.StorageCapacity, splcommon.DefaultVarVolumeStorageCapacity)
 		if err != nil {
 			return corev1.PersistentVolumeClaim{}, fmt.Errorf("%s: %s", "varStorage", err)
 		}
-		if spec.VarVolumeStorageConfig.StorageClassName != "" {
-			storageClassName = spec.VarVolumeStorageConfig.StorageClassName
-		}
+		storageClassName = spec.VarVolumeStorageConfig.StorageClassName
 	}
 
-	// Create a persistent volume claim
-	volumeClaim := corev1.PersistentVolumeClaim{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      fmt.Sprintf(splcommon.PvcNamePrefix, volumeType),
-			Namespace: cr.GetNamespace(),
-			Labels:    labels,
-		},
-		Spec: corev1.PersistentVolumeClaimSpec{
-			AccessModes: []corev1.PersistentVolumeAccessMode{"ReadWriteOnce"},
-			Resources: corev1.ResourceRequirements{
-				Requests: corev1.ResourceList{
-					corev1.ResourceStorage: storageCapacity,
+	volumeClaim.Spec.StorageClassName = &storageClassName
+
+	if adminManagedPV {
+		volumeClaim = corev1.PersistentVolumeClaim{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      fmt.Sprintf(splcommon.PvcNamePrefix, volumeType),
+				Namespace: cr.GetNamespace(),
+				Labels:    labels,
+			},
+			Spec: corev1.PersistentVolumeClaimSpec{
+				AccessModes: []corev1.PersistentVolumeAccessMode{"ReadWriteOnce"},
+				Resources: corev1.ResourceRequirements{
+					Requests: corev1.ResourceList{
+						corev1.ResourceStorage: storageCapacity,
+					},
+				},
+				Selector: &metav1.LabelSelector{
+					MatchLabels: map[string]string{
+						"app.kubernetes.io/name": labels["app.kubernetes.io/name"],
+						"app.kubernetes.io/instance": labels["app.kubernetes.io/instance"],
+					},
 				},
 			},
-		},
-	}
-
-	// Assign storage class name if specified
-	if storageClassName != "" {
-		volumeClaim.Spec.StorageClassName = &storageClassName
+		}
+	} else {
+		volumeClaim = corev1.PersistentVolumeClaim{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      fmt.Sprintf(splcommon.PvcNamePrefix, volumeType),
+				Namespace: cr.GetNamespace(),
+				Labels:    labels,
+			},
+			Spec: corev1.PersistentVolumeClaimSpec{
+				AccessModes: []corev1.PersistentVolumeAccessMode{"ReadWriteOnce"},
+				Resources: corev1.ResourceRequirements{
+					Requests: corev1.ResourceList{
+						corev1.ResourceStorage: storageCapacity,
+					},
+				},
+			},
+		}
 	}
+	
 	return volumeClaim, nil
 }
 
@@ -483,7 +501,16 @@ func addSplunkVolumeToTemplate(podTemplateSpec *corev1.PodTemplateSpec, name str
 func addPVCVolumes(cr splcommon.MetaObject, spec *enterpriseApi.CommonSplunkSpec, statefulSet *appsv1.StatefulSet, labels map[string]string, volumeType string) error {
 	// prepare and append persistent volume claims if storage is not ephemeral
 	var err error
-	volumeClaimTemplate, err := getSplunkVolumeClaims(cr, spec, labels, volumeType)
+	var adminManagedPV bool
+
+	annotations := cr.GetAnnotations()
+
+	// determine if CR's PVs are managed by an admin
+	if value, ok := annotations["enterprise.splunk.com/admin-managed-pv"]; ok && strings.ToLower(value) == "true" {
+		adminManagedPV = true
+	}
+
+	volumeClaimTemplate, err := getSplunkVolumeClaims(cr, spec, labels, volumeType, adminManagedPV)
 	if err != nil {
 		return err
 	}
