Deploy an Insight Point to a Kubernetes cluster.
The Insight Point Helm chart accepts the following configuration parameters via --set flags. Typically only key is required.
key
Insight Point Registration key for connecting to Veza
""
--set key=abc123
addr
Address for Veza API connection, overriding the one provided by the key
""
--set addr=customer.vezacloud.com
skipVerify
Disable TLS certificate validation
false
--set skipVerify=true
authority
Overrides the request authority for certificate validation
""
--set authority=veza.example.com
key is your unique Insight Point registration key, generated in the Veza UI.
Create a key in Veza: Integrations > Insight Points > Create
Store this value securely as it cannot be recovered if lost
skipVerify (TLS_INSECURE_SKIP_VERIFY) should only be set to true to disable certificate validation for testing/troubleshooting.
When using an HTTPS inspection proxy:
Set to addrto your proxy's address if different from the Veza endpoint. This value overrides the default request authority.
Ensure your proxy can connect to your Veza deployment.
authority specifies the domain name to use for TLS certificate validation and is only required when addr points to a proxy instead of directly to Veza. Must be a specific domain (wildcards not supported).
To trust an HTTPS proxy, you will need to modify the Helm chart to add a volume for the proxy's CA certificate, mount it into the container, and configure the certificate path:
A Kubernetes Helm chart is a package format used to define, install, and upgrade applications in Kubernetes. Helm is often referred to as a package manager for Kubernetes. To install the chart, you will need:
Insight Point Key: You will need to generate a secret key for the Insight Point. To create one, go to Veza Integrations > Insight Point > Create.
Access to the Kubernetes Cluster: Ensure you have the necessary permissions and access credentials to interact with the target Kubernetes cluster.
Your organization security policies must allow chart installation from the VEZA ECR public.ecr.aws/veza
Customize Values and Install the Insight Point:
Use the helm install command to install the Insight Point into the Kubernetes cluster. Replace <NAME>, <VERSION>, <KEY>, and key with your specific values:
--namespace <NAMESPACE>: required if installing the Insight Point into a different namespace than the default.
--create-namespace: required if the namespace does not exist yet.
--set enableSecrets=true: optional field, required to enable Kubernetes Secrets extraction. Secrets will not be extracted by default.
An Veza Insight Point Key must be provided. To do this, you can specify the value with the --set key=<registration-key> option when installing the chart.
Example:
Verify Installation:
Verify the status of the installation by running:
This command will return a list of Helm releases, including the Insight Point you just installed. Ensure the STATUS is "DEPLOYED."
Get Insight Point Logs:
If the Insight Point fails to initialize or can't connect to Veza, you can get more details by reviewing the container logs. You can retrieve this using the terminal:
Upgrade and Maintain:
Over time, you may need to upgrade the Insight Point to newer versions or adjust its configuration. Use the helm upgrade command to make these changes.
Example:
Uninstall the Insight Point:
If you need to uninstall the Insight Point, you can do so using the helm uninstall command:
The requires an running within the cluster to discover RBAC entities. When adding the integration, you will specify the cluster details and the Insight Point to use. Veza provides a helm chart to simplify the process of deploying and managing the Insight Point.
Insight Point Version: Note the most recent Insight Point version (e.g. 2024.8.12-9) from .
Helm Installed: Ensure Helm version 3.8 or greater is installed on your local machine. You can install Helm by following the official documentation: .