add security menu and BE teaser

app/kubernetes/__module.js

@@ -374,8 +374,8 @@ angular.module('portainer.kubernetes', ['portainer.app', registriesModule, custo
     };
 
     const endpointKubernetesSecurityConstraint = {
-      name: 'kubernetes.cluster.securityConstraint',
+      name: 'kubernetes.security',
-      url: '/securityConstraint',
+      url: '/security',
       views: {
         'content@': {
           templateUrl: '../kubernetes/views/security-constraint/constraint.html',

app/kubernetes/views/security-constraint/constraint.html

@@ -1,10 +1,10 @@
 <page-header
   ng-if="state.viewReady"
-  title="'Kubernetes security constraints'"
+  title="'Security'"
   breadcrumbs="[
 { label:'Environments', link:'portainer.endpoints' }, 
 { label:endpoint.Name, link:'portainer.endpoints.endpoint', linkParams:{id: endpoint.Id} }, 
-'Security constraints'
+'Security'
 ]"
   reload="true"
 ></page-header>
@@ -12,29 +12,73 @@
 <kubernetes-view-loading view-ready="state.viewReady"></kubernetes-view-loading>
 
 <div ng-if="state.viewReady">
-  <div class="row">
+  <div class="be-indicator-container limited-be">
-    <div class="col-sm-12">
+    <div class="overlay">
-      <rd-widget>
+      <div class="limited-be-link vertical-center"
-        <rd-widget-header icon="shield" title-text="Pod security constraints"></rd-widget-header>
+        ><be-feature-indicator feature="limitedFeatureAccessControl"></be-feature-indicator
-        <rd-widget-body>
+        ><portainer-tooltip message="'This feature is currently limited to Business Edition users only. '"></portainer-tooltip
-          <form class="form-horizontal" name="kubernetesSecurityConstraintForm">
+      ></div>
-            <!--  main toggle  -->
+      <div class="limited-be-content">
-            <div class="form-group">
+        <rd-widget>
-              <div class="col-sm-12">
+          <rd-widget-header icon="user" title-text="Access Control"></rd-widget-header>
-                <por-switch-field
+          <rd-widget-body>
-                  checked="formValues.enabled"
+            <div class="inline-flex">
-                  name="'disableSysctlSettingForRegularUsers'"
+              <div class="mr-2 inline"><pr-icon icon="'info'" mode="'primary'"></pr-icon></div>
-                  label="'Enable pod security constraints'"
+              <div class="inline">
-                  feature-id="limitedFeaturePodSecurityPolicy"
+                <div>
-                  label-class="'col-sm-3 col-lg-2 px-0'"
+                  <a class="hyperlink" href="https://kubernetes.io/docs/reference/access-authn-authz/authorization/" target="_blank">Kubernetes authorization</a> generally uses
-                  switch-class="'col-sm-8'"
+                  <a class="hyperlink" href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/" target="_blank">role based access control</a> (RBAC) to determine if a
+                  user or process has the permissions to access or perform certain actions within the cluster.
+                </div>
+                <br />
+                <div
+                  >The <b>Cluster Roles</b> and <b>Roles</b> screens (under this Security sub-menu) list the resources where permissions are defined in your cluster, and the
+                  Bindings that grant those permissions to subjects (Users, Groups and Service Accounts). The <b>Service Accounts</b> screens lists existing identities (typically
+                  for a Pod or set of Pods).</div
                 >
-                </por-switch-field>
               </div>
             </div>
-          </form>
+          </rd-widget-body>
-        </rd-widget-body>
+        </rd-widget>
-      </rd-widget>
+      </div>
+    </div>
+  </div>
+
+  <div class="be-indicator-container limited-be">
+    <div class="overlay">
+      <div class="limited-be-link vertical-center"
+        ><be-feature-indicator feature="limitedFeaturePodSecurityPolicy"></be-feature-indicator
+        ><portainer-tooltip message="'This feature is currently limited to Business Edition users only. '"></portainer-tooltip
+      ></div>
+      <div class="limited-be-content">
+        <rd-widget>
+          <rd-widget-header icon="shield" title-text="Pod security constraints"></rd-widget-header>
+          <rd-widget-body>
+            <form class="form-horizontal" name="kubernetesSecurityConstraintForm">
+              <!--  main toggle  -->
+              <div class="form-group">
+                <div class="col-sm-12">
+                  <p class="text-muted small vertical-center">
+                    <pr-icon icon="'info'" class-name="'icon icon-sm icon-primary'"></pr-icon>
+                    You may configure privilege and access control settings for Pods in your cluster.
+                  </p>
+                </div>
+                <div class="col-sm-12">
+                  <por-switch-field
+                    checked="formValues.enabled"
+                    name="'disableSysctlSettingForRegularUsers'"
+                    label="'Enable pod security constraints'"
+                    feature-id="limitedFeaturePodSecurityPolicy"
+                    label-class="'col-sm-3 col-lg-2 px-0'"
+                    switch-class="'col-sm-8'"
+                  >
+                  </por-switch-field>
+                </div>
+              </div>
+            </form>
+          </rd-widget-body>
+        </rd-widget>
+      </div>
     </div>
   </div>
 </div>

app/kubernetes/views/security-constraint/constraintController.js

@@ -7,6 +7,7 @@ angular.module('portainer.kubernetes').controller('KubernetesSecurityConstraintC
   'EndpointService',
   function ($scope, EndpointProvider, EndpointService) {
     $scope.limitedFeaturePodSecurityPolicy = FeatureId.POD_SECURITY_POLICY_CONSTRAINT;
+    $scope.limitedFeatureAccessControl = FeatureId.K8S_ACCESS_CONTROL;
     $scope.state = {
       viewReady: false,
       actionInProgress: false,

app/react/portainer/feature-flags/enums.ts

@@ -39,4 +39,5 @@ export enum FeatureId {
   K8S_ADM_ONLY_USR_INGRESS_DEPLY = 'k8s-admin-only-ingress-deploy',
   K8S_ROLLING_RESTART = 'k8s-rolling-restart',
   K8S_ANNOTATIONS = 'k8s-annotations',
+  K8S_ACCESS_CONTROL = 'k8s-security',
 }

app/react/portainer/feature-flags/feature-flags.service.ts

@@ -44,6 +44,7 @@ export async function init(edition: Edition) {
     [FeatureId.K8S_ADM_ONLY_USR_INGRESS_DEPLY]: Edition.BE,
     [FeatureId.K8S_ROLLING_RESTART]: Edition.BE,
     [FeatureId.K8S_ANNOTATIONS]: Edition.BE,
+    [FeatureId.K8S_ACCESS_CONTROL]: Edition.BE,
   };
 
   state.currentEdition = currentEdition;

app/react/portainer/feature-flags/feature-ids.js

@@ -16,3 +16,4 @@ export const STACK_PULL_IMAGE = 'stack-pull-image';
 export const STACK_WEBHOOK = 'stack-webhook';
 export const CONTAINER_WEBHOOK = 'container-webhook';
 export const K8S_ANNOTATIONS = 'k8s-annotations';
+export const K8S_ACCESS_CONTROL = 'k8s-security';

app/react/sidebar/KubernetesSidebar/KubernetesSidebar.tsx

@@ -1,4 +1,4 @@
-import { Box, Edit, Layers, Lock, Server, Shuffle } from 'lucide-react';
+import { Box, Edit, Layers, Lock, Server, Shuffle, Shield } from 'lucide-react';
 
 import { EnvironmentId } from '@/react/portainer/environments/types';
 import { Authorized } from '@/react/hooks/useUser';
@@ -100,6 +100,20 @@ export function KubernetesSidebar({ environmentId }: Props) {
         data-cy="k8sSidebar-volumes"
       />
 
+      <Authorized
+        authorizations="K8sClusterSetupRW"
+        adminOnlyCE
+        environmentId={environmentId}
+      >
+        <SidebarItem
+          to="kubernetes.security"
+          params={{ endpointId: environmentId }}
+          label="Security"
+          data-cy="k8sSidebar-security"
+          icon={Shield}
+        />
+      </Authorized>
+
       <SidebarItem
         label="Cluster"
         to="kubernetes.cluster"
@@ -120,19 +134,6 @@ export function KubernetesSidebar({ environmentId }: Props) {
           />
         </Authorized>
 
-        <Authorized
-          authorizations="K8sClusterSetupRW"
-          adminOnlyCE
-          environmentId={environmentId}
-        >
-          <SidebarItem
-            to="kubernetes.cluster.securityConstraint"
-            params={{ endpointId: environmentId }}
-            label="Security constraints"
-            data-cy="k8sSidebar-securityConstraints"
-          />
-        </Authorized>
-
         <SidebarItem
           to="kubernetes.registries"
           params={{ endpointId: environmentId }}