Home / BeaverDeck / Docs / Configuration Guide / Suppressed alerts
Suppressed Alerts ConfigMap
Suppressed alerts are global for all users and are deliberately stored outside the auth Secret. The ConfigMap data value is a JSON array of exact Insight alert keys, not YAML objects or check names.
Default Empty ConfigMap
The Helm chart creates an empty list, which means every check is enabled.
apiVersion: v1
kind: ConfigMap
metadata:
name: beaverdeck-suppressed-insights
namespace: beaverdeck
labels:
app.kubernetes.io/name: beaverdeck
app.kubernetes.io/component: insights
data:
suppressed_insights.json: "[]"Preconfigured Suppressed Alerts
Use a JSON block when preconfiguring multiple keys. Replace the examples with exact keys from your cluster.
apiVersion: v1
kind: ConfigMap
metadata:
name: beaverdeck-suppressed-insights
namespace: beaverdeck
labels:
app.kubernetes.io/name: beaverdeck
app.kubernetes.io/component: insights
data:
suppressed_insights.json: |-
[
"cluster-metrics-server",
"network-policy-missing:apps",
"node-underutilized:worker-1",
"pod-high-restarts:apps:api-7b9d6f5d8c-example"
]Alert Key Format
Keys identify one concrete finding. Most contain a check prefix followed by namespace, resource name, node name, or route identity. Resource replacement can therefore produce a new key.
| Example | Meaning |
|---|---|
cluster-metrics-server | Cluster-level metrics-server check. |
node-condition:worker-1 | Node condition finding for one node. |
node-underutilized:worker-1 | Node underutilization finding. |
pod-high-restarts:apps:api-pod | High restart finding for a pod in a namespace. |
pod-sensitive-env:apps:api-pod | Sensitive literal environment value finding. |
network-policy-missing:apps | Namespace NetworkPolicy coverage finding. |
pvc-almost-full:apps:data | PVC usage finding. |
ingress-tls:apps:web | Ingress TLS finding. |
Ignore in the Insights UI, then inspect the ConfigMap if
you need the exact key for another cluster. You can also read the key field from the
/api/insights response. Do not derive keys from display text.
Configure From Scratch
- Use the chart-created ConfigMap or create the complete manifest above in the BeaverDeck namespace.
- Keep
suppressed_insights.jsonas valid JSON containing only string values. - Apply the ConfigMap and refresh the relevant Insights page.
- Use
Show suppressed alertsto confirm the expected findings are hidden but still available for review.
kubectl apply -f beaverdeck-suppressed-alerts.yaml
kubectl -n beaverdeck get configmap beaverdeck-suppressed-insights \
-o jsonpath='{.data.suppressed_insights\.json}'UI and Manual Updates
Ignoreadds the alert key;Restoreremoves it.- Application writes remove duplicates and sort keys.
- Manual data changes are read on the next Insights request and do not require a pod restart.
- Changing the ConfigMap name or data key changes pod environment configuration and requires a rollout.
- Suppressed alerts are not included in auth configuration export/import.
- Back up this ConfigMap separately from the auth Secret.
Helm Values
| Value | Default | Description |
|---|---|---|
suppressedInsights.configMapName | Generated release name | Overrides the ConfigMap name used by the chart and application. |
suppressedInsights.key | suppressed_insights.json | ConfigMap data key containing the JSON array. |
Failure Behavior
- A missing ConfigMap, missing data key, or empty value is treated as an empty suppression list.
- The first UI suppression can create a missing ConfigMap when the ServiceAccount has create permission.
- Invalid JSON causes Insights loading to fail until the value is corrected.
- Empty keys, keys longer than 512 characters, and keys containing line breaks or control characters are rejected.
- An unknown but well-formed key has no effect unless an Insight produces the exact same key.