Only admin users have access to the Insights section of the DKP UI and to the detailed alert view by default.
To allow additional users and user groups to view these Insights resources, create roles that include rights to view them. Then, assign these roles to users or user groups.
Access control to both Insights summary cards and Insights Alert Details is performed via Kubernetes RBAC on a basis of the namespace to which the Insight Alert is tied.
Workspace-based Access Control
Create a Role with View Rights to Summary Cards - Workspace-based Access Control
Create a Role with View Rights to Summary Cards
When assigned, this role allows users and user groups to view the summary table of all DKP Insights alerts for all workspaces and projects.
Select the Management Cluster Workspace. The workspace selector is located at the top navigation bar. (Option available for Enterprise customers only)
Select Administration > Access Control in the sidebar menu.
Select Create Role, and add a Role Name.
Select DKP Role, as you are providing access to DKP UI resources.
Select + Add Rule in the Rules section.
Enter the following information:
Field | Value |
---|
Resources | insights
|
Resource Names | [Leave this field empty] |
API Groups | dkp-insights.d2iq.io
|
Verbs | get , list and watch
|
Select Save to exit the rule configuration window and Save again to create the new role.
Now, assign the role you created to a user group.
Assign the roles you created to a user group as explained in Workspace Role Bindings.
It will take a few minutes for the resource to be created.
Create a Role with View Rights to Insights Alert Details - Workspace-based Access Control
Create a Role with View Rights to Insights Alert Details
This role, when assigned to a user or user group, allows them to view alert details for an alert generated in a specific workspace.
Select the workspace for which you want to grant view rights. The workspace selector is located at the top navigation bar. (Option available for Enterprise customers only)
Select Administration > Access Control in the sidebar menu.
Select the Cluster Roles tab, and Create Role.
Provide a name for the role.
Select Cluster Role, as you are providing access to Insights resources across clusters.
Select + Add Rule in the Rules section.
Enter the following information:
Field | Value |
---|
Select Rule Type | Resources |
Resources | insights , rca , solutions
|
Resource Names | [Leave this field empty] |
API Groups | virtual.backend.dkp-insights.d2iq.io
|
Verbs | get
|
Select Save to exit the rule configuration window and Save again to create the new role.
Now, assign the role you created to a user group.
Assign the role you created to a user group as explained in Workspace Role Bindings.
If you want to grant view rights to the alert details for clusters in another Workspace, repeat the same procedure on a per-Workspace basis.
It will take a few minutes for the resource to be created.
insights
, rca
, solutions
are virtual resources and are not listed as a Kubernetes API resource.
Project-based Access Control
Create a Role with View Rights to Summary Cards - Project-based Access Control
Create a Role with View Rights to Summary Cards
When assigned, this role allows users and user groups to view the summary table of all DKP Insights alerts for all workspaces and projects.
Select the Management Cluster Workspace. The workspace selector is located at the top navigation bar. (Option available for Enterprise customers only)
Select Projects in the sidebar menu. Select or create a Project for which you want to create a role.
Select the Roles tab > Create Role.
Select DKP Role, as you are providing access to DKP UI resources, and add a Role Name.
Select + Add Rule in the Rules section.
Enter the following information:
Field | Value |
---|
Resources | insights
|
Resource Names | [Leave this field empty] |
API Groups | dkp-insights.d2iq.io
|
Verbs | get , list and watch
|
Select Save to exit the rule configuration window and Save again to create the new role.
Now, assign the role you created to a user group.
Assign the roles you created to a user group as explained in Project Role Bindings.
It will take a few minutes for the resource to be created.
Create a Role with View Rights to Insights Alert Details - Project-based Access Control
Create a Role with View Rights to Insights Alert Details
This role, when assigned to a user or user group, allows them to view alert details for an alert generated in a specific project.
Select the workspace for which you want to grant view rights. The workspace selector is located at the top navigation bar. (Option available for Enterprise customers only)
Select Projects in the sidebar menu. Select or create a Project for which you want to create a role.
Select the Roles tab > Create Role, and assign a name to the role.
Select Role, as you are providing access to Insights resources across clusters.
Select + Add Rule in the Rules section.
Enter the following information:
Field | Value |
---|
Select Rule Type | Resources |
Resources | insights , rca , solutions
|
Resource Names | [Leave this field empty] |
API Groups | virtual.backend.dkp-insights.d2iq.io
|
Verbs | get
|
Select Save to exit the rule configuration window and Save again to create the new role.
Now, assign the role you created to a user group.
Assign the role you created to a user group as explained in Project Role Bindings.
If you want to grant view rights to the alert details for clusters in another Workspace, repeat the same procedure on a per-Workspace basis.
It will take a few minutes for the resource to be created.
insights
, rca
, solutions
are virtual resources and are not listed as a Kubernetes API resource.