Use secret for creds instead of configMap
General MR
Summary
Replaces the use of a configmap with the use of a secret. Still inherits the registryCredentials from the umbrella but creates a secret with them instead of a configmap.
Relevant logs/screenshots
Kubescape detects nothing:
danieldides@BPH-MAC14 ~/P/b/p/bbctl-chart (dd/creds-secret)> kubescape scan control C-0012 -v | grep bbctl
{"level":"info","ts":"2025-07-09T17:30:59-04:00","msg":"Kubescape scanner initializing..."}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Initialized scanner"}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loading policies..."}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loaded policies"}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loading exceptions..."}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loaded exceptions"}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loading account configurations..."}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Loaded account configurations"}
{"level":"info","ts":"2025-07-09T17:31:03-04:00","msg":"Accessing Kubernetes objects..."}
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Accessed Kubernetes objects"}
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Scanning","Cluster":"k3d-k3s-default"}
100% |█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| (1/1, 5993 it/s)
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Done scanning","Cluster":"k3d-k3s-default"}
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Done aggregating results"}
{"level":"info","ts":"2025-07-09T17:31:04-04:00","msg":"Received interrupt signal, exiting..."}
Credentials configmap is not made:
k get cm -n bbctl | grep credentials | wc -l
0
but a secret is:
> k get secret -n bbctl | grep credentials | wc -l
1
Secret correctly inherited the registryCredentials passed in from the umbrella chart:
k view-secret -n bbctl bbctl-bbctl-credentials
Choosing key: credentials.yaml
credentials:
- password: redacted
uri: registry1.dso.mil
username: Daniel_Dides
- password: ""
uri: repo1.dso.mil
username: ""⏎
Linked Issue
closes https://repo1.dso.mil/big-bang/product/packages/bbctl/-/issues/336
Upgrade Notices
N/A
Edited by Daniel Dides