Skip to main content
Skip table of contents

Grant View Rights to Users

Only admin users have access to the Insights section of the DKP UI and to the detailed alert view by default.

To allow additional users and user groups to view these Insights resources, create roles that include rights to view them. Then, assign these roles to users or user groups.

Access control to both Insights summary cards and Insights Alert Details is performed via Kubernetes RBAC on a basis of the namespace to which the Insight Alert is tied.

Workspace-based Access Control

Create a Role with View Rights to Summary Cards - Workspace-based Access Control

Create a Role with View Rights to Summary Cards

When assigned, this role allows users and user groups to view the summary table of all DKP Insights alerts for all workspaces and projects.

  1. Select the Management Cluster Workspace. The workspace selector is located at the top navigation bar. (Option available for Enterprise customers only)

  2. Select Administration > Access Control in the sidebar menu.

  3. Select Create Role, and add a Role Name.

  4. Select DKP Role, as you are providing access to DKP UI resources.

  5. Select + Add Rule in the Rules section.

  6. Enter the following information:

Field

Value

Resources

insights

Resource Names

[Leave this field empty]

API Groups

dkp-insights.d2iq.io

Verbs

get, list and watch

  1. Select Save to exit the rule configuration window and Save again to create the new role.

Now, assign the role you created to a user group.

  1. Assign the roles you created to a user group as explained in (2.6) Workspace Role Bindings.

It will take a few minutes for the resource to be created.

 

Create a Role with View Rights to Insights Alert Details - Workspace-based Access Control

Create a Role with View Rights to Insights Alert Details

This role, when assigned to a user or user group, allows them to view alert details for an alert generated in a specific workspace.

  1. Select the workspace for which you want to grant view rights. The workspace selector is located at the top navigation bar. (Option available for Enterprise customers only)

  2. Select Administration > Access Control in the sidebar menu.

  3. Select the Cluster Roles tab, and Create Role.

  4. Provide a name for the role.

  5. Select Cluster Role, as you are providing access to Insights resources across clusters.

  6. Select + Add Rule in the Rules section.

  7. Enter the following information:

Field

Value

Select Rule Type

Resources

Resources

insights, rca, solutions

Resource Names

[Leave this field empty]

API Groups

virtual.backend.dkp-insights.d2iq.io

Verbs

get

  1. Select Save to exit the rule configuration window and Save again to create the new role.

Now, assign the role you created to a user group.

  1. Assign the role you created to a user group as explained in (2.6) Workspace Role Bindings.

  2. If you want to grant view rights to the alert details for clusters in another Workspace, repeat the same procedure on a per-Workspace basis.

  • It will take a few minutes for the resource to be created.

  • insights, rca, solutions are virtual resources and are not listed as a Kubernetes API resource.

 

Project-based Access Control

Create a Role with View Rights to Summary Cards - Project-based Access Control

Create a Role with View Rights to Summary Cards

When assigned, this role allows users and user groups to view the summary table of all DKP Insights alerts for all workspaces and projects.

  1. Select the Management Cluster Workspace. The workspace selector is located at the top navigation bar. (Option available for Enterprise customers only)

  2. Select Projects in the sidebar menu. Select or create a Project for which you want to create a role.

  3. Select the Roles tab > Create Role.

  4. Select DKP Role, as you are providing access to DKP UI resources, and add a Role Name.

  5. Select + Add Rule in the Rules section.

  6. Enter the following information:

Field

Value

Resources

insights

Resource Names

[Leave this field empty]

API Groups

dkp-insights.d2iq.io

Verbs

get, list and watch

  1. Select Save to exit the rule configuration window and Save again to create the new role.

Now, assign the role you created to a user group.

  1. Assign the roles you created to a user group as explained in (2.6) Project Role Bindings.

It will take a few minutes for the resource to be created.

 

Create a Role with View Rights to Insights Alert Details - Project-based Access Control

Create a Role with View Rights to Insights Alert Details

This role, when assigned to a user or user group, allows them to view alert details for an alert generated in a specific project.

  1. Select the workspace for which you want to grant view rights. The workspace selector is located at the top navigation bar. (Option available for Enterprise customers only)

  2. Select Projects in the sidebar menu. Select or create a Project for which you want to create a role.

  3. Select the Roles tab > Create Role, and assign a name to the role.

  4. Select Role, as you are providing access to Insights resources across clusters.

  5. Select + Add Rule in the Rules section.

  6. Enter the following information:

Field

Value

Select Rule Type

Resources

Resources

insights, rca, solutions

Resource Names

[Leave this field empty]

API Groups

virtual.backend.dkp-insights.d2iq.io

Verbs

get

  1. Select Save to exit the rule configuration window and Save again to create the new role.

Now, assign the role you created to a user group.

  1. Assign the role you created to a user group as explained in (2.6) Project Role Bindings.

  2. If you want to grant view rights to the alert details for clusters in another Workspace, repeat the same procedure on a per-Workspace basis.

  • It will take a few minutes for the resource to be created.

  • insights, rca, solutions are virtual resources and are not listed as a Kubernetes API resource.

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close