This section describes how to enable DKP insights in DKP Essential or DKP Enterprise, and grant user permissions.

Enable DKP Insights Engine in a Non-Air-Gapped Environment

Follow these steps:

  1. Set the DKP version:

    export DKP_VERSION=v2.5.0
    CODE

  2. Add DKP Insights Engine Addon by applying the following YAML from the CLI:

    kubectl apply -f - <<EOF
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
  name: insights-catalog-applications
  namespace: kommander
  labels:
    kommander.d2iq.io/gitapps-gitrepository-type: dkp
    kommander.d2iq.io/workspace-default-catalog-repository: "true"
spec:
  interval: 1m0s
  ref:
    tag: ${DKP_VERSION} 
  timeout: 20s
  url: https://github.com/mesosphere/insights-catalog-applications
EOF
    CODE

    This grants all Attached clusters the ability to enable the Insights Engine, and to display DKP Insights under Applications.

  3. See Deployment of Catalog Applications in Workspaces to deploy Insights Engine.

Enable DKP Insights Engine in an Air-gapped Environment

Follow these steps:

  1. Complete Install Air-gapped Kommander with DKP Insights and DKP Catalog Applications .

  2. Complete Deployment of Catalog Applications in Workspaces to deploy Insights Engine.

Disable DKP Insights Management

The DKP Insights Management component can be disabled using the instructions for configuring a Kommander installation.

  1. Initialize a default configuration file:

    dkp install kommander --init > kommander.yaml
    CODE

  2. Delete or comment out the line containing dkp-insights-management:null:

    apiVersion: config.kommander.mesosphere.io/v1alpha1
kind: Installation
apps:
  # Sections omitted...
  dkp-insights-management: null # Delete or comment out this line.
  # Sections omitted...
--
    CODE

  3. Install Kommander using the updated configuration file:

    dkp install kommander --installer-config kommander.yaml
    CODE

Grant View Rights to Users

Access control to both Insights summary cards and Insights Alert Details is performed via Kubernetes RBAC on a basis of the namespace to which the Insight Alert is tied.

To allow a user view Insights summary cards in a workspace or a project:

  1. Set up Kubernetes permissions on the management cluster, to allow the user access to the insights resource in the dkp-insights.d2iq.io Kubernetes API group in the corresponding workspace/project namespace via the get, list and watch verbs.

  2. Refer to Access Control to create a corresponding Kommander Role and role binding.

To allow a user view Insight Alert Details in a workspace/project:

  1. Set up Kubernetes permissions on attached clusters, to allow the user access to the insights, rca and solutions resources in the virtual.backend.dkp-insights.d2iq.io Kubernetes API group in the corresponding workspace/project via the get verb.

  2. Set up permissions for viewing Insight Alert Details in a workspace.
    Refer to ​Access Control to configure a corresponding Kommander Cluster Role, and to Workspace Role Bindings to set up a Workspace Role Binding.

  3. Set up permissions for viewing Insight Alert Details in a project.
    Refer to Project Roles and to Project Role Bindings .