Merge pull request #4044 from mercedes-benz/feature-4043-helm-server-access-with-role

server access only with role sechub-frontend #4043

Author: sven-dmlr

sechub-solution/helm/sechub-server/Chart.yaml

@@ -9,4 +9,4 @@ type: application
 # This is the chart version.
 # This version number should be incremented each time you make changes to the chart and its templates.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.8.0
+version: 2.9.0

sechub-solution/helm/sechub-server/templates/networkpolicy.yaml

@@ -8,12 +8,8 @@ spec:
   ingress:
   - from:
     - podSelector:
-{{- if .Values.security.allowAccessFromSameNamespace }}
-        {}
-{{- else }}
         matchLabels:
-          name: web-ui  # Allow SecHub Web-UI access
-{{- end }}
+          role: sechub-frontend  # Allow SecHub Web-UI access
     ports:
     - protocol: TCP
       port: 8443

sechub-solution/helm/sechub-server/values.yaml

@@ -218,8 +218,6 @@ security:
     # Secret key used to encrypt the access token which is sent back to the user after sucessful authentication (or login).
     # Must be AES256 compatible (256 bit / 32 byte)
     secretKey: Insert-your-32-byte-string-here.
-  # When set to `true` then Pods from the same k8s namespace are allowed to connect. `false`: only web-ui is allowed.
-  allowAccessFromSameNamespace: false
 
 storage:
   local:

sechub-web-ui-solution/helm/web-ui/Chart.yaml

@@ -11,4 +11,4 @@ type: application
 # This version number should be incremented each time you make changes to the chart and its templates.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 1.1.0
+version: 1.2.0

sechub-web-ui-solution/helm/web-ui/templates/deployment.yaml

@@ -18,6 +18,7 @@ spec:
     metadata:
       labels:
         name: web-ui
+        role: sechub-frontend
 {{- if .Values.templateMetadataAnnotations }}
       annotations:
         {{ .Values.templateMetadataAnnotations | indent 8 | trim }}