diff --git a/app/kubernetes/__module.js b/app/kubernetes/__module.js index e010f5772..d31a54027 100644 --- a/app/kubernetes/__module.js +++ b/app/kubernetes/__module.js @@ -321,6 +321,17 @@ angular.module('portainer.kubernetes', ['portainer.app', registriesModule, custo }, }; + const endpointKubernetesSecurityConstraint = { + name: 'portainer.k8sendpoint.securityConstraint', + url: '/securityConstraint', + views: { + 'content@': { + templateUrl: '../kubernetes/views/security-constraint/constraint.html', + controller: 'KubernetesSecurityConstraintController', + }, + }, + }; + $stateRegistryProvider.register(kubernetes); $stateRegistryProvider.register(helmApplication); $stateRegistryProvider.register(helmTemplates); @@ -350,5 +361,6 @@ angular.module('portainer.kubernetes', ['portainer.app', registriesModule, custo $stateRegistryProvider.register(volume); $stateRegistryProvider.register(registries); $stateRegistryProvider.register(registriesAccess); + $stateRegistryProvider.register(endpointKubernetesSecurityConstraint); }, ]); diff --git a/app/kubernetes/components/kubernetes-sidebar/kubernetes-sidebar.html b/app/kubernetes/components/kubernetes-sidebar/kubernetes-sidebar.html index 487e62fbd..04d2fd52c 100644 --- a/app/kubernetes/components/kubernetes-sidebar/kubernetes-sidebar.html +++ b/app/kubernetes/components/kubernetes-sidebar/kubernetes-sidebar.html @@ -81,7 +81,7 @@ path="kubernetes.cluster" path-params="{ endpointId: $ctrl.endpointId }" is-sidebar-open="$ctrl.isSidebarOpen" - children-paths="['kubernetes.cluster', 'portainer.k8sendpoint.kubernetesConfig', 'kubernetes.registries', 'kubernetes.registries.access']" + children-paths="['kubernetes.cluster', 'portainer.k8sendpoint.kubernetesConfig', 'portainer.k8sendpoint.securityConstraint', 'kubernetes.registries', 'kubernetes.registries.access']" data-cy="k8sSidebar-cluster" > + + Security constraints + + + Environments > {{ endpoint.Name }} > Security constraints + + + + +
+
+
+ + Pod security constraints
+
+ + +
+ +
+
+ + +
+
+
+ + +
+
+
diff --git a/app/kubernetes/views/security-constraint/constraintController.js b/app/kubernetes/views/security-constraint/constraintController.js new file mode 100644 index 000000000..a94623fab --- /dev/null +++ b/app/kubernetes/views/security-constraint/constraintController.js @@ -0,0 +1,25 @@ +import angular from 'angular'; +import { FeatureId } from 'Portainer/feature-flags/enums'; + +angular.module('portainer.kubernetes').controller('KubernetesSecurityConstraintController', [ + '$scope', + 'EndpointProvider', + 'EndpointService', + function ($scope, EndpointProvider, EndpointService) { + $scope.limitedFeaturePodSecurityPolicy = FeatureId.POD_SECURITY_POLICY_CONSTRAINT; + $scope.state = { + viewReady: false, + actionInProgress: false, + }; + + async function initView() { + const endpointID = EndpointProvider.endpointID(); + EndpointService.endpoint(endpointID).then((endpoint) => { + $scope.endpoint = endpoint; + $scope.state.viewReady = true; + }); + } + + initView(); + }, +]); diff --git a/app/portainer/feature-flags/enums.ts b/app/portainer/feature-flags/enums.ts index ea3a4e03d..19d3a355b 100644 --- a/app/portainer/feature-flags/enums.ts +++ b/app/portainer/feature-flags/enums.ts @@ -29,4 +29,5 @@ export enum FeatureId { STACK_PULL_IMAGE = 'stack-pull-image', STACK_WEBHOOK = 'stack-webhook', CONTAINER_WEBHOOK = 'container-webhook', + POD_SECURITY_POLICY_CONSTRAINT = 'pod-security-policy-constraint', } diff --git a/app/portainer/feature-flags/feature-flags.service.ts b/app/portainer/feature-flags/feature-flags.service.ts index b5429153d..a78353796 100644 --- a/app/portainer/feature-flags/feature-flags.service.ts +++ b/app/portainer/feature-flags/feature-flags.service.ts @@ -34,6 +34,7 @@ export async function init(edition: Edition) { [FeatureId.STACK_PULL_IMAGE]: Edition.BE, [FeatureId.STACK_WEBHOOK]: Edition.BE, [FeatureId.CONTAINER_WEBHOOK]: Edition.BE, + [FeatureId.POD_SECURITY_POLICY_CONSTRAINT]: Edition.BE, }; state.currentEdition = currentEdition;