Description
Requirement
In deploying Jaeger with the production strategy, using Cassandra for storage, I've noticed that despite pointing to a Secret in the Jaeger CRD, the pods created by *-cassandra-schema-job and *-spark-dependencies-* jobs have the credentials added to them as plain text environment variables.
Users who would've otherwise been unable to read Secret objects could retrieve these credentials from the Pods, as long as they remain in etcd.
Problem
Jaeger Operator seems to behave differently for jaeger-query and jaeger-collector, which use the provided Secret resource, unlike the pods created from each Job / CronJob.
Proposal
Make it so the Job and CronJob definition refer to the same Secret provided in the CRD configuration, which is already used by the deployments created where the Jaeger resource is found.
Open questions
Is there already a way to guarantee these jobs use the Secret? Is this specific to my version of the operator (1.31.0)?