secretName is undocumented #702
Comments
|
The secret support is generic can have many purposes. One of them could be to host the certs required to enable TLS in different components, like when acting as a client to an Elasticsearch cluster, or the certs to use as a server on gRPC ports. Then, you can combine the secret with volumes/volume mounts to have them available as local files in the container, and pass this path as a CLI parameter to the component. This example shows how volumes can be combined with the configuration of a component (badger, in this case): https://github.com/jaegertracing/jaeger-operator/blob/master/deploy/examples/with-badger-and-volume.yaml . But I agree with you: we need to better document how the secret should look like for concrete use cases. Cases that we could document:
|
jpkrohling
added
Elasticsearch
|
The first one (gRPC) is an easy one, so, I'm tagging this as "good first issue". The second one (Elasticsearch client) is a bit harder and involves understanding the following code: https://github.com/jaegertracing/jaeger-operator/blob/master/scripts/cert_generation.sh |
|
It's not just storage in one component that gets affected; it's the:
|
|
And one more case:
It would also be good to reference the ES documentation if (and only if) ES supports doing TLS client authentication (I presume so from the above comments) |
pavolloffay
removed
the
Elasticsearch
jpkrohling
added
needs-triage
|
ES documentation already contains explanation that secret can be used for user password. The secret docs could explain that values are passed as ENV variables that jaeger can consume. |
How does it work? It's documented that is can be used https://www.jaegertracing.io/docs/1.14/operator/#secrets-support but not what its intent is: to provide a key-value pair for username-password, or to provide ENV vars that gets fed the container?
The text was updated successfully, but these errors were encountered: