BeaverDeck logo
BeaverDeck

Home / BeaverDeck / Docs / Insights Guide

Insight Checks Guide

This guide documents every Insight check currently implemented by BeaverDeck. Use it to understand exactly what a finding means, why the condition can be risky, what to inspect, and when the signal may be expected rather than actionable.

Permissions: viewing checks requires insights: view. Opening a linked object or logs requires the corresponding resource permission, and the BeaverDeck ServiceAccount must be allowed to read the Kubernetes resources used by the check. Suppressing a finding requires insights: edit and affects all users.

Check Categories

SectionChecksPurpose
Node Insights 4 Node health, metrics availability, requested-resource pressure, and low requested utilization.
Workload Insights 8 Scheduling, readiness, restart, memory, and CPU/memory request quality for pods and DaemonSets.
GPU Insights 11 GPU discovery, allocation pressure, placement, quota, fragmentation, and expensive-capacity usage.
Networking Insights 6 Service reachability, ingress references and TLS, external address provisioning, and route ownership.
Storage Insights 3 PVC provisioning and usage, plus PersistentVolumes left in Released state.
Security Insights 4 High-risk pod privileges, explicit root execution, sensitive literal environment values, and namespace NetworkPolicy presence.
Configuration Insights 1 Required Secret and ConfigMap object references used by active Pods.

How To Use A Finding

  1. Read the finding details and confirm the affected namespace, resource, node, and measured value.
  2. Open the resource, events, manifest, or logs and verify that the condition is still present.
  3. Fix the owning controller or infrastructure source instead of editing a generated Pod directly.
  4. Refresh the relevant Insights section and verify both the finding and the underlying workload.
  5. Suppress a finding only for a reviewed, intentional exception; suppression is global for all users.

Interpretation Limits

Insights are point-in-time operational signals, not a replacement for monitoring, policy enforcement, security scanning, or capacity forecasting. Some checks depend on metrics availability or selected namespaces, and several intentionally use simple heuristics. Each check page describes those limits.