use chart release namespace for CREDS_SECRET_NAMESPACE (#303)

README.md

@@ -358,6 +358,9 @@ kubeclarity scan registry/nginx:private --config $HOME/own-kubeclarity-config
 Kubeclarity is using [k8schain](https://github.com/google/go-containerregistry/tree/main/pkg/authn/k8schain#k8schain) of google/go-containerregistry for authenticating to the registries.
 If the necessary service credentials are not discoverable by the k8schain, they can be defined via secrets described below.
 
+In addition, if service credentials are not located in "kubeclarity" Namespace, please set CREDS_SECRET_NAMESPACE to kubeclarity Deployment.
+When using helm [charts](/charts), CREDS_SECRET_NAMESPACE is set to the release namespace installed kubeclarity.
+
 ### Amazon ECR
 
 Create an [AWS IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console) with `AmazonEC2ContainerRegistryFullAccess` permissions.

charts/kubeclarity/templates/deployment.yaml

@@ -149,6 +149,8 @@ spec:
               value: "{{ .Release.Namespace }}"
             - name: READ_CLUSTER_SECRETS
               value: "{{ index .Values "kubeclarity" "clusterRole" "readClusterSecrets" }}"
+            - name: CREDS_SECRET_NAMESPACE
+              value: "{{ .Release.Namespace }}"
           ports:
             - containerPort: 8080
               name: http