Skip to content

[jaeger] Add extraSecretMounts to jaeger#747

Open
DevErenOzcan wants to merge 1 commit intojaegertracing:mainfrom
DevErenOzcan:main
Open

[jaeger] Add extraSecretMounts to jaeger#747
DevErenOzcan wants to merge 1 commit intojaegertracing:mainfrom
DevErenOzcan:main

Conversation

@DevErenOzcan
Copy link
Copy Markdown

@DevErenOzcan DevErenOzcan commented Mar 9, 2026
edited
Loading

Description

This PR introduces the extraSecretMounts capability to the Jaeger deployment chart.

Currently, users relying on external secret management tools like HashiCorp Vault via the Secrets Store CSI Driver face limitations because there is no native way to attach these external volumes directly to the Jaeger pods without complex workarounds (like creating auxiliary pause pods).

Similar to the implementation in kube-prometheus-stack, this feature allows users to easily define secret mounts in their values.yaml, and the template automatically handles both the volumes and volumeMounts configurations.

Related Issues:

Changes Made

  • Added extraSecretMounts block parsing to jaeger/templates/jaeger/jaeger-deploy.yaml (handles both volumeMounts and volumes).
  • Added an empty extraSecretMounts: [] list to jaeger/values.yaml to ensure backward compatibility and serve as documentation.

How to Test

You can test this by adding the following block to your values.yaml and running helm template:

jaeger:
  extraSecretMounts:
    - name: secrets-store-inline
      mountPath: "/mnt/secrets-store"
      readOnly: true
      csi:
        driver: secrets-store.csi.k8s.io
        readOnly: true
        volumeAttributes:
          secretProviderClass: "vault-jaeger-creds"

This commit introduces extraSecretMounts to jaeger-deploy.yaml, allow…
b46fa21 
…ing users to mount external secrets (e.g., via Vault CSI) seamlessly.

Signed-off-by: Eren Özcan <eren.ozcan@wechiptech.com>
Copilot AI review requested due to automatic review settings March 9, 2026 12:50
@DevErenOzcan DevErenOzcan changed the title This commit introduces extraSecretMounts to jaeger-deploy.yaml, allow… [jaeger] Add extraSecretMounts to jaeger Mar 9, 2026
Copilot AI reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds an extraSecretMounts values hook to the Jaeger Deployment template so users can attach additional mounted content (notably Secrets Store CSI volumes) to the Jaeger pod without workarounds.

Changes:

  • Added jaeger.extraSecretMounts to values.yaml (default empty list).
  • Rendered additional volumeMounts and corresponding volumes entries in jaeger/templates/jaeger/jaeger-deploy.yaml based on jaeger.extraSecretMounts.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
charts/jaeger/values.yaml Introduces the new jaeger.extraSecretMounts values key with an empty default.
charts/jaeger/templates/jaeger/jaeger-deploy.yaml Wires jaeger.extraSecretMounts into the Jaeger Deployment’s volumeMounts and volumes (CSI-focused).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread charts/jaeger/templates/jaeger/jaeger-deploy.yaml
Comment on lines +137 to +141
- name: {{ .name }}
csi:
{{- toYaml .csi | nindent 12 }}
{{- end }}
{{- end }}
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because volumes: is always emitted but all items are conditional, the rendered manifest can end up with volumes: null when no volumes are configured. Other templates in this chart avoid this by conditionally emitting the entire volumes: block (e.g., templates/spark/spark-dependencies.yaml). Consider applying the same pattern here (wrap volumes: + entries in an if, or render volumes: []).

Copilot uses AI. Check for mistakes.
Comment thread charts/jaeger/values.yaml
Comment on lines 170 to +171
# See https://www.jaegertracing.io/docs/cli/
extraSecretMounts: []
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This new extraSecretMounts value is placed directly under the comment block for “command line arguments / CLI flags”, but it configures pod volume mounts rather than CLI args. Please move it to a more appropriate subsection (or add a short comment explaining its structure: name, mountPath, optional readOnly, and csi/secret fields) so users don’t miss or misinterpret it.

Copilot uses AI. Check for mistakes.
Comment thread charts/jaeger/templates/jaeger/jaeger-deploy.yaml
Comment thread charts/jaeger/templates/jaeger/jaeger-deploy.yaml
Comment on lines +137 to +141
- name: {{ .name }}
csi:
{{- toYaml .csi | nindent 12 }}
{{- end }}
{{- end }}
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extraSecretMounts is used by other chart components (spark / es-* cronjobs) with a secretName-based schema that renders secret: volumes, but here it assumes a CSI-backed volume (csi:). Reusing the same values key for different structures across the chart is likely to confuse users. Consider supporting both secret: and csi: volume sources in one schema, or renaming this field to something CSI-specific to avoid an ambiguous API.

Copilot uses AI. Check for mistakes.
Comment thread charts/jaeger/templates/jaeger/jaeger-deploy.yaml
Comment on lines +116 to +120
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- end }}
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because volumeMounts: is always emitted but all items are conditional, the rendered manifest can end up with volumeMounts: null when no mounts are configured. Other templates in this chart avoid this by conditionally emitting the entire volumeMounts: block (e.g., templates/spark/spark-dependencies.yaml). Consider applying the same pattern here (wrap volumeMounts: + entries in an if, or render volumeMounts: []).

Copilot uses AI. Check for mistakes.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. You may re-open it if you need more time.

@github-actions github-actions Bot added the stale label May 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@naseemkullah naseemkullah Awaiting requested review from naseemkullah naseemkullah is a code owner

@pavelnikolov pavelnikolov Awaiting requested review from pavelnikolov pavelnikolov is a code owner

Assignees

No one assigned

Labels

stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Add extraVolumes/extraVolumeMounts support to jaeger deployment [Bug]: Missing support for extraSecretMounts

2 participants

@DevErenOzcan