jaeger-operator icon indicating copy to clipboard operation
jaeger-operator copied to clipboard

Published 20 hours ago verified publisher icon jaegertracing

[Feature]: Get Cassandra credentials from Secret in Spark Dependencies & Create Schema pods

Open d3adb5 opened this issue 2 years ago • 0 comments

Requirement

In deploying Jaeger with the production strategy, using Cassandra for storage, I've noticed that despite pointing to a Secret in the Jaeger CRD, the pods created by *-cassandra-schema-job and *-spark-dependencies-* jobs have the credentials added to them as plain text environment variables.

Users who would've otherwise been unable to read Secret objects could retrieve these credentials from the Pods, as long as they remain in etcd.

Problem

Jaeger Operator seems to behave differently for jaeger-query and jaeger-collector, which use the provided Secret resource, unlike the pods created from each Job / CronJob.

Proposal

Make it so the Job and CronJob definition refer to the same Secret provided in the CRD configuration, which is already used by the deployments created where the Jaeger resource is found.

Open questions

Is there already a way to guarantee these jobs use the Secret? Is this specific to my version of the operator (1.31.0)?

d3adb5 avatar Sep 06 '22 14:09 d3adb5