Sisense Service Permissions
Sisense services run only as part of the Sisense user and will not use Root user permissions. The Sisense application is installed as a Kubernetes namespace with about 30 microservices. The services run as the Sisense User - ID - 1000.
For deploying Sisense on a 3rd party cloud provider's Kubernetes (EKS / AKS / GKE / OpenShift), Sisense requires a Sudo to Root on the bastion machine during the installation.
During the installation, Sisense requires an Administrator role on the cluster. After the installation, the user's role can be reduced.
If you cannot provide Sudo permissions for the installation, there is a workaround to install Sisense with a Root user:
- Log in or switch to the Root user:
sudo su -
- Enable SSH access:
ssh-keygen
cd /root/.ssh
cat id_rsa.pub >> authorized_keys
Optional: You can back up the keys as follows:authorized_keys
cp authorized_keys
authorized_keys.back
- Download or unpack the Sisense Linux installation archive:
wget sisense_linux_latest.tar.gz
tar zxf sisense_linux_latest.tar.gz
- Modify the installation by removing the comments out of the user validation:
vi sisense.sh
#validate_user_and_permission
- Configure your installation file:
vi single_config.yaml]
- Modify the following values:
k8s_nodes:- { node: node1, internal_ip: 0.0.0.0, external_ip: 0.0.0.0 }
linux_user = root
ssh_key = "/root/.ssh/id_rsa"
external_monitoring = falseInstead of node1, enter your hostname. Replace the value of internal ip with your host' private IP and external ip with your host public IP , even if they are both the same.
- Run the installation.
./sisense.sh single_config.yaml
- Disable SSH access:
mv authorized_keys authorized_keys_remove
Optional: You can restore the authorized keys if you backed them up.
Monitoring
Monitoring and logging use optional infrastructure components such as Grafana, Prometheus, FluentD, and Metric bit. Some of them require the Root user, but they are optional and can be turned off if necessary.