UNCLASSIFIED - NO CUI

Skip to content

Use secret for creds instead of configMap

Daniel Didesrequested to merge
dd/creds-secret into main

General MR

Summary

Replaces the use of a configmap with the use of a secret. Still inherits the registryCredentials from the umbrella but creates a secret with them instead of a configmap.

Relevant logs/screenshots

Kubescape detects nothing:

danieldides@BPH-MAC14 ~/P/b/p/bbctl-chart (dd/creds-secret)> kubescape scan control C-0012 -v | grep bbctl
{"level":"info","ts":"2025-07-09T17:30:59-04:00","msg":"Kubescape scanner initializing..."}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Initialized scanner"}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loading policies..."}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loaded policies"}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loading exceptions..."}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loaded exceptions"}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loading account configurations..."}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loaded account configurations"}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Accessing Kubernetes objects..."}
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Accessed Kubernetes objects"}
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Scanning","Cluster":"k3d-k3s-default"}
 100% |█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| (1/1, 5993 it/s)
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Done scanning","Cluster":"k3d-k3s-default"}
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Done aggregating results"}
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Received interrupt signal, exiting..."}

Credentials configmap is not made:

k get cm -n bbctl | grep credentials | wc -l
       0

but a secret is:

> k get secret -n bbctl | grep credentials | wc -l
       1

Secret correctly inherited the registryCredentials passed in from the umbrella chart:

k view-secret -n bbctl bbctl-bbctl-credentials
Choosing key: credentials.yaml
credentials:
- password: redacted
  uri: registry1.dso.mil
  username: Daniel_Dides
- password: ""
  uri: repo1.dso.mil
  username: ""⏎

Dashboards populating: Screenshot_2025-07-11_at_17.02.34

Linked Issue

closes https://repo1.dso.mil/big-bang/product/packages/bbctl/-/issues/336

Upgrade Notices

N/A

Edited by Daniel Dides

Merge request reports

UNCLASSIFIED - NO CUI