Common Web Console Tasks

The following lists and describes how to perform common management tasks with the web console.

Creating Jobs

You can create the following types of jobs in the web console:

Creating a job from a Docker image

By default, Docker images are assumed to be available on the public Docker hub. You can also specify the URL of a private private Docker registry and authentication credentials to access it. If the Docker image requires a volume for persistence, you can optionally specify a NFS provider to use to create the volume.

To access Artifactory repositories that use SSL, you must also create a package that contains the client certificate file. See Creating a SSL certificate package for Artifactory.

To create a job from a Docker image:

  1. Select Launch > Docker Image from the left navigation.

    Create job from Docker image

    You can also click Launch Docker Image on the main Apps view.

  2. In the Launch Docker Image, enter the full URL to a Docker image location, then click Next.

    App from Docker form

  3. In the App from Docker Image, enter the application name (or the default), select the application's namespace, and check Allow Egress to give the app outbound network egress ability.

    App from Docker form

  4. Click Show Advanced to show advanced Docker image options:

    • Username and Password – If the Docker image is hosted on a private registry that requires authentication, provide the username and password to authenticate with the registry.
      App from Docker form
    • Volume Provider FQN – If the Docker image you are deploying to the system specifies or requires a persisted volume you can bind the Docker job to an NFS provider and get native volume support. By default, the job is configured to ignore Docker volumes (see Using Docker persistence for details).
    • In the RAM, Disk, CPU, Network, and Netmax fields specify the resources to allocate to your application.
    • In the Environment field, add any environment variables to set on the the job.
      App from Docker form
  5. Click Submit. A dialog displays the progress of downloading the Docker image layers and creating the application.

    App from Docker form

    When complete, the web console displays the details page for the newly created job.

Deploying a multi-resource manifest

You can upload a multi-resource manifest using the web console. A multi-resource manifest lets you create and configure multiple jobs in a single operation. Also see the Creating Apps from Docker Images tutorial and video on the Apcera Developer site.

To deploy a multi-resource manifest:

  1. Select Launch > Manifest from the left navigation.

    sdfsdf

  2. Drag and drop your manifest file on the Upload Manifest form, or click Browse to locate it.

    Upload Manifest

  3. Click Upload.

    A dialog shows the progress of the manifest upload and app creation process.

    Manifest upload

Creating a capsule

You can use the web console to create a capsule from an OS package, such as Ubuntu. Also see the Using Capsules to Quickly Create Custom Computing Environments tutorial.

To create a capsule running Ubuntu:

  1. Select Launch > Capsule from the left navigation.

    Capsule launch

    You can also click Create Capsule on the main Capsules view.

  2. Click Ubuntu 14.04 to create a capsule running that OS, or select a package.

    Capsule create

  3. In the Create New Capsule form, enter a name for the capsule and select a namespace. Optionally, enable the Allow Egress option so you can install custom packages into the capsule manually with apt-get or other means.

    Create job from Docker image

  4. To customize job resources, click Show Advanced and enter custom values for RAM, Disk, CPU, Network (floor), and Netmax (ceiling).
  5. Click Submit to create the capsule.

    If you allowed egress on the capsule when created it, you can now SSH into the capsule using APC, for eexample:

       apc capsule connect myubuntu
       root@ip-169-254-0-7:/root#
    

Managing Jobs

You can manage jobs using the web console, including starting and stopping jobs, adding routes to jobs, and binding jobs to services. The following lists common job management tasks you can perform with the web console.

Listing jobs

The Jobs section of the left navigation menu contains menu items to list All jobs, list only Apps, or list only Capsules.

Jobs list

You can sort the job table by clicking a row heading, filter the list to only show jobs in a particular namespace, and filter the list by entering a search term.

  • To view details about a job, click its name in the list.
  • To delete a job, hover your mouse over the job's table row and click the x that appears in the right margin.
  • To filter the list of jobs, use the namespace navigator or by filtering on table data.

Viewing job details

Clicking a job name opens the job's details view. The Summary tab displays basic information about the job such as its name, namespace, number of job instances. It also displays graphs of the job's RAM, CPU, disk, and network resource usage.

Alt text

The App box displays the following information:

  • Job Type – The job type (for example, app, capsule, or stager).
  • FQN – The job's fully-qualified name.
  • Created By – Principal name of the user who created the job.
  • Created At – Date job was created.
  • Desired Instances - The number of desired job instances. Click inside the field to change the number of desired instances.

    Alt text

  • Running Instances - The number of job instances actually running.
  • Allow SSH – Controls whether SSH access to job instances are allowed (see Controlling SSH access).
  • Allow Egress – Controls whether job instances have outbound network access (see Controlling network access).
  • Restart Mode – Restart behavior for instances: Always restart, Never restart, or only restart On Failure.
  • Start Command – The command used to start the job.
  • Start Timeout – The number of seconds to wait for the start command to complete. Click the field to edit its value.
    Start timeout
  • Stop Command – The command used to stop the job.
  • Stop Timeout – The number of seconds to wait for the stop command to complete. As with Start Timeout, click the field to edit its value.
  • Certificate Common Name – (Only displayed for jobs that are semantic pipelines.) The common name of the root certificate used by the semantic pipeline.
  • Certificate Serial Number – (Only displayed for jobs that are semantic pipelines.)The serial number name of the root certificate used by the semantic pipeline to authenticate with an external provider.
  • Certificate Expiration – (Only displayed for jobs that are semantic pipelines.) The expiration date of the root certificate used by the semantic pipeline to authenticate with an external provider.

    To upload another root certificate click Edit Certificate and locate the PEM file you want to upload.

  • Labels – Create, edit or delete labels assigned to the job (see Managing job labels).

The Resources box graphs CPU, Disk, RAM, and Network resources being used by all job instances. Reservation (gray line) specifies the amount the resource reserved for all instances. The Reservation field does not appear if the job does not specify a resource reservation. In Use (purple line) specifies the current resource usage by all instances.

Starting, stopping, and deleting jobs

A job's details view contains controls to start, stop and delete jobs.

Alt text

  • Click Start to start a stopped job.
  • Click Stop or Restart to stop or restart a started job.

When stopping or restarting a job, you are asked to confirm your action.

Alt text

To delete a job, click Delete and then click Yes in the confirmation dialog to complete the action, or click No to cancel

Changing job instance count

You can increase or decrease the number of instances of a job you would like to run.

To change the number of instances running a job:

  1. On the Summary tab of the job details view, click the edit control next to the Desired Instances field.
  2. Enter the number of instances you would like to run:

    Alt text

  3. Press enter or click the check mark to save your changes, or click the X to cancel.

Managing job labels

The Labels section on the job details Summary tab lets you create, edit and delete job labels.

To create a job label:

  1. On the Summary tab of the job details view, click the + button in the Labels section.
  2. Enter the label name and value into the form and click Submit.

    Alt text

To edit a label's name or value:

  1. Click the job label's name or value to edit.
  2. Type the new name or value and press enter, or click the check mark) to save changes.

    Editing job labels

To delete a label:

  • Hover your mouse over the label and click the X that appears.
    Deleting job labels

Controlling SSH access

To allow SSH access to job instances, check the Allow SSH checkbox; to disallow SSH, uncheck the checkbox. You must restart the job for the change to take effect.

Alt text

Controlling network egress

By default, job instances cannot make outbound network connections. To allow all outbound network connections, check the Allow Egress checkbox, or uncheck the option to disable network egress. You must restart the job for the change to take effect.

Alt text

Managing job environment variables

The Environment tab of the job details lists the environment variables defined on a job and its dependent packages. You can also create, edit, or delete a job's environment variables.

The Job Environment section contains a form to create, edit and delete a job's environment variables. You first add, delete or edit environment variables using the provided controls, and then click Submit to update the job. Form fields borders are color-coded according to the action that will be taken on each variable upon submitting the form. A blue outline indicates an update to an existing variable, a green outline indicates a new environment variable, and red indicates a variable to be deleted.

For example, in the following illustration VAR_1 will be updated with a new value, VAR_2 variable will be deleted, VAR_3 and VAR_4 will be unchanged, and a new environment variable named NEW_VAR_5 will be created.

Job environment

The Package Environment section lists each of the job's dependent packages and the environment variables defined on each package. Click the package or variable name to open the package details view where you can edit the package's environment variables.

Job environment

Listing and deleting job instances

The Instances section of the job details Environment tab lists the job instances currently running, each instance's state, the instance manager managing the instance, the data center where the instance is running, and the instance's uptime.

Alt text

To delete an instance, hover your mouse over the instance's table row and click the X that appears in the right margin. The system will attempt to start a new instance automatically, according to the number of requested job instances (see Adding and removing job instances).

To view details about an instance manager running a given instance, click the instance manager's name to open its details view.

Viewing job resources

The Resources tab on the job details view displays graphs of CPU, RAM, disk, and network resource usage for the selected time period. For each resource type a graph displays the current usage (purple line), reserved resource amount (gray line), and 90% of the reserved resource (dashed gray line). Use the drop-down menu to change the time period for which resource usage is graphed.

You can create and delete job links on the Networking tab of the job details tab. Note that the source job must be stopped before you can add a job link to a target job.

To create a job link:

  1. Click the Networking tab on the source job's details view.
  2. In the Job Links section click Add Link.

    Note: A job must be stopped before you can a job link.

  3. In the Target Job field, select or enter the fully-qualified name of the job to link to.
  4. Enter a name for the job link in the Name field. This determines this name of the environment variable set on the source job instance.
  5. Select the port on the target job to link to from the Port pop-up menu.
  6. (Optional) In the Bound IP field, enter the IP address that the source job should use to connect to the target job.
  7. (Optional) In the Bound Port field, enter the port that the the source job should use to connect to the target job.s
  8. Click Submit to create the job link.

    Alt text

To delete a job link:

  • Hover your mouse over the job link to delete and click the X that appears in the right margin.

Managing service bindings

You can create and delete a job's service bindings on the Connections tab of the job details view. You can also manage service bindings from a service's details view.

To create a service binding:

  1. Click the Networking tab on the source job's details view.
  2. In the Service Bindings section click Add Service Binding.
  3. Select the service to bind to from the Services pop-up menu.
  4. Enter a name for the binding in the Name field. This determines this name of the environment variable set on the source job instance.
  5. In the Parameters section enter any parameter names/values expected by the service (optional). Click the add + button to create new parameters.
  6. Click Choose PEM File to select a root certificate used by the service gateway and semantic pipeline to authenticate with the service provider. See Adding root certificates to a provider.
  7. Click Submit to create the binding.

    Add service binding

To delete a service binding:

  • Hover your mouse over the service binding to delete and click the X that appears in the right margin.

Managing a job's routes and ports

A route is a URL that's mapped to an exposed port on a job. To create a route on a job you must first expose a specific port on that job, or let the system select an open port for you.

Note: Currently, you cannot create only create HTTP routes in the Web Console, not TCP routes. You can create TCP routes using APC, or using a manifest.

Creating and deleting routes

To create a route on a job:

  1. Click the Networking tab on the job's details view.
  2. In the Routes section, click Add Route.
  3. In the Endpoint field enter the desired HTTP route (for example, "foo.bar.apcera-platform.io").
  4. In the Weight field enter the proportion of traffic delivered to this route, normalized across all apps sharing the route. See Sharing Routes and Route Weights.
  5. From the Port menu, select an exposed port where the route will be mapped to. Select 0 to have a port selected automatically and exposed to the container in the PORT environment variable.
  6. Click Only Allow HTTPS to enforce HTTPS on this route. See Enforcing HTTPS on Routes for more information.

  7. Click Submit.

To delete a route:

  • Hover your mouse over the route to delete, then click the X that appears in the right margin.

To open a route's URL in a web browser:

  • Click the icon next to the route URL.

    Alt text

Exposing ports on a job

By default, a job has no ports exposed. To create a route on a job you must first expose a port on it.

To expose a port on a job:

  1. Click the Networking tab on the job's details view.
  2. In the Ports page section, click Add Port.
  3. In the Number field, enter the port number to expose.
  4. To include the port in system health checks, check the Include In Health Check option.
  5. Click Submit to expose the port.

To delete a port:

  • Hover your mouse over the port to delete, then click the X that appears in the right margin.

Joining a job to a network

You can use the web console to manage a job's membership in a virtual network. to join jobs to a network. Note that a job can only be joined to a single network at a time.

To join a job from a network:

  1. Click the Networking tab on the job's details view.
  2. In the Networks section, click Join Network. If you don't see this button it means that the job is already joined to a network. If you want to join the job to another network, you must first remove it from the current network (see below).
  3. In the Join Network form, select the FQN of the network to join.
  4. Click Submit.
  5. A confirmation dialog lets you know that the job must be restarted to join the network. Click Yes to confirm or No to cancel.

To remove a job from a network:

  • Hover your mouse over the joined network, then click the X that appears in the right margin.

You can also create networks using the web console.

Managing scheduling tags and job affinities

You can use the web console to tab to manage job scheduling tags and job affinities. Job scheduling tags let you specify whether a job with a given tag should run (or should not run) on a particular instance manager with the same tag. Job affinity lets you specify if a job should run (or should not run) on the same instance manager as a target job.

A scheduling tag or job affinity can "attract" a job to a matching IM, or "repel" a job from a matching IM. In addition, scheduling tags and job affinities can be "hard" or "soft". A hard affinity or scheduling tag means only instance managers running the target job, or with a matching scheduling tag, can run (or can't run) the job. In contrast, a soft affinity or scheduling tag means that Apcera will make a best effort to run (or not run) the job on the matched IM, but the job will be able to run on other instance managers if none satisfying this criterion are available, or those that do are sufficiently loaded.

To create an affinity with another job:

  1. Click the Scheduling tab on the job's details view.
  2. In the Job Affinity section, click Add Tag.
  3. In the New Affinity Tag form, select the affinity requirement, soft or hard, and the affinity type, attract or repel.
  4. In the Target Job FQN field, enter or select the FQN of the target job.
  5. Click Submit. You will need to restart the job for the affinity to take effect.

To add a scheduling tag to a job:

  1. Click the Scheduling tab on the job's details view.
  2. In the Target field enter the tag to associate with the job.
  3. In the Instance Manager Scheduling section, click Add Tag.
  4. In the Add New Tag form, select the scheduling requirement type, soft or hard, and the scheduling affinity type, attract or repel.
  5. Click Submit. You will need to restart the job for the scheduling tag to take effect.

Tailing job logs

To tail a job's logs, click Logs on the job's details view. By default, new log items are streamed to the console as they are created. Click Pause Stream to stop log tailing. Use the drop-down to change the number of log lines displayed.

Alt text

View policy that applies to a job

The Policy tab on the job details view lists each policy document that contains policy that applies to the current job and the job's parent namespaces, and the relevant policy from each document.

Click a policy document from the list to open it for editing in the policy editor.

Alt text

View job audit logs

The Audit tab on the job details view displays auditable events that were recorded for the job.

Alt text

Managing Packages

You can use the web console to list packages on the cluster and view details about a package. You can create, edit and delete environment variables on package.

List available packages

To view available packages click Packages in the navigation. The Packages tab displays the packages in the currently selected namespace, including each package's name, namespace, state, and size in MB. Click the package name to open its details view click its name.

Alt text

View policy on packages

The Policy tab on the Packages view lists policy documents that define policy for all packages. To open a policy document in the policy editor, click its name.

Alt text

View package audit logs

The Package tab on the main packages view displays auditable events for all packages.

Alt text

View package details

A package's details view displays the following information for the package:

  • Basic information including the package's fully-qualified name (FQN), UUID, user who created the package, and date the package was created and last updated.
  • An editable list of environment variables assigned to the package. See Editing package environment variables.
  • A list of dependencies that the package provides and a list of packages that it requires.
  • A list of jobs that use the package.

Alt text

Managing package environment variables

You can create, edit, and delete a package's environment variables in the Web Console. A package's environment variables are inherited by any jobs that use the package.

Alt text

To add a new environment variable:

  1. Click Add Environment Variable in the Environment Variables section.
  2. Enter the environment variable name and value in the form that appears.
  3. Click Submit to add the environment variable.

To edit a package's environment variables:

  1. Click the environment variable's value to enter edit mode.
    Edit package environment variables
  2. Enter the new value for the environment variable.
  3. Press the Enter key to save your changes, or click the check box in the edit mode overlay. To cancel the changes, click the X in the edit mode overlay, or click away from the input field.

To delete a package environment variable:

  1. Hover your mouse over an environment variable.
  2. Click the X that appears in the right margin to delete the variable.

Managing Providers

You can manage the providers in your cluster using the web console.

List available providers

To view a list of providers on your cluster, click Providers in the left-hand navigation. The Providers tab lists each provider's name, namespace, service type, and description. To view details for a provider, click its name.

Alt text

View provider details

The Info section of the provider details view displays the following fields:

  • UUID – Provider ID.
  • Namespace – Provider's namespace.
  • Name – Provider's local name.
  • Type – Provider type, corresponding to the service gateway used to create this provider.
  • Backing Job – If the provider is running as a job within Apcera (rather than an externally hosted service) the Backing Job field displays the name of that job.
  • Backing Job Port – Port used by backing job to accept connections.
  • Created By – Principal name of the cluster user who created the provider.
  • Created On – Date provider was created
  • Status – Provider status.
  • Extended Status – Additional status about the provider.
  • Certificate Common Name – If a root certificate was added to the provider (see Adding root certificates to a provider), displays the common name of the provider's root certificate.
  • Certificate Serial Number – The serial number name of the provider's root certificate.
  • Certificate Expiration – The expiration date of the provider's root certificate.
  • Description – Description of the provider.

The Services using this provider section lists any services that were created on this provider. For example, the following screenshot shows that the selected provider (mysql) is being used by three services. Click a service name to open it's details page.

Alt text

Registering and deleting providers

You can use the web console to register new providers and delete existing providers. You can optionally upload a PEM file that contains root certificate authorities used by the service gateway and semantic pipeline. See Adding root certificates to a provider for more information.

To register a provider:

  1. Click Providers in the left navigation.
  2. Click Create Provider to open the Add a Provider form.
  3. In the Name field enter a name for the provider.
  4. In the Namespace field type or select the namespace where the provider will be created.
  5. In the Type field enter or select a service type. This determines which service gateway is used to register the provider.
  6. In the URL field, enter the provider's administrative connection information (for example, postgres://admin:password@example.com:5432).
  7. If the provider is an internal job on the Apcera cluster, do the following:
    • In the Backing Job FQN field select the appropriate backing job.
    • In the Backing Job Port field enter the port to use to connect to the backing job.
  8. Optionally, enter a description.
  9. If the provider is external, click Choose PEM File to select a root certificate used by the service gateway and semantic pipeline to authenticate with the provider.
  10. Click Submit.

    Register new provider

To delete a provider:

  • Hover your mouse over the list of available providers, and click the X that appears in the right margin.

View policy that applies to a provider

The Policy tab on a provider's details view lists all policy documents that apply to the provider's FQN and the provider's parent namespaces.

Click a policy document from the list to open it for editing in the policy editor.

View provider audit logs

The Audit tab on the policy details view displays auditable events that were recorded for the provider.

Managing Services

You can use the web console to manage your cluster's services. You can list services, create and delete services, view policy on services, and view audit log entries related to services.

List available services

To view a list of services on your cluster, click Services in the left-hand navigation, then click the Services List tab. The list includes each services's name, namespace, and type, provider (if it uses a provider), and description. To view details for a service, click its name.

Alt text

View service details

To view details for a service, click its name in the main service list. The Service Info section displays the service's FQN, UUID, type, and provider (if it uses a provider).

Alt text

The Bound Apps section of the service details lists the applications that are bound to the service. To bind the service to another job, click Add Binding to open the Add New Binding form. Select the job to which you want to bind the service, optionally specify a binding name, and add any custom binding parameters. To upload a root certificate for this binding, click Choose PEM File and select a PEM file containing the root certificate authorities. Also see Adding root certificates to a provider.

Add binding

Click Submit to create the binding.

Creating and deleting services

You can create and delete services from the web console.

To create a service:

  1. On the services list view, click Create Service.
  2. Enter service's name in the Name field.
  3. Enter or select the service's namespace in the Namespace field.
  4. From the Type menu, select the service type.
  5. Select a provider from the Provider menu.
  6. Optionally, provide a description of the service.
  7. Click Submit.

    Alt text

To delete a service:

  • Open the service's details page and click Delete.

Managing Gateways

You can use the web console to manage your cluster's service gateways. You can list available service gateways, promote an existing job to a service gateway, and view policy on service gateways.

List service gateways

To view a list of service gateways on your cluster click Gateways in the left-hand navigation. The Gateway tab lists the following information for each service type:

  • Status – Service gateway's status.
  • Service Type – String that identifies the type of service the service gateway provides.
  • Namespace – Service gateway's namespace.
  • Services – Number of services provisioned by the service gateway.
  • Providers – Number of providers registered with the service gateway.
  • Instances – Number of expected instances to actual of the service gateway that are running.

List of service gateways

View gateway details

To view details for a service gateway, click its name in the list of service gateways.

  • The Info section displays the gateways's FQN, UUID, and principal name of the user who created the gateway. Click the gateway's FQN to view details for the service gateway job.
  • The Providers section lists the providers registered with the service gateway. Click a provider name to view its details. The Services column lists the number of services provisioned on the provider.
  • The Services section lists the services provisioned by the service gateway. Click a service name to view its details. The Provider column lists the name of the provider upon which the service is provisioned.

Service gateway details

Promoting a job to a service gateway

You can promote a job that implements Service Gateway API to a provider.

To promote a job to a service gateway:

  1. Click Gateways in the left navigation.
  2. Click Promote Job to Gateway.
  3. Select the FQN of the job to promote from the Job to Promote combo box.

    Alt text

  4. In the Gateway Type field enter the service type that the gateway will handle.
  5. Click Submit.

Managing Clusters

The web console's Cluster view lets you view cluster statistics such as resource usage, the number of instance managers, started jobs, and total instances running on the cluster. You can also list the data centers the cluster is running on.

Alt text

View cluster statistics and resource usage

The Info section on the cluster view displays the number of instance managers, started jobs, and running instances on the cluster.

Alt text

The Data Centers box lists the data centers that cluster is operating in, and the number of instance managers running in each data center. The purple Instances bar represents the ratio of the number of instances running in the data center to the total number of instances running in the cluster.

Alt text

The Resources section displays the cluster's RAM and disk usage. Capacity (gray line) indicates the total amount of RAM or disk space available to the cluster. Reservation (purple line) indicates the amount of RAM and disk reserved by jobs running on the cluster. The dotted gray line indicates 90% of capacity.

Alt text

List instance managers

To view a list of instance managers on the cluster, click the Instance Managers tab on the Clusters view. The list includes each instance manager's name, data center it's running in, number of instances its managing, uptime, and any scheduling tags attached to the instance manager.

Click an instance manager name to open its details view.

Alt text

View instance manager details

Selecting an instance manager (IM) opens its details view, which displays basic information about the IM including its uptime, number of instances, and resource usage stats and graphs. To view instances running on the instance manager, click the Instances tab.

Alt text

List instances running on an instance manager

To view a list of instances managed by a given instance manager, click the Instances on the instance manager details view. Each list item includes the instance's associated job, job namespace, and resource usage. Click the Job Name field to open the details view for the instance's associated job.

Alt text

Managing Routes

The main Routes view lists all routes defined on a cluster.

  • Type indicates the route type (http or tcp). For HTTPS-only routes, a green lock icon appears next to the route.
  • Endpoint contains the route's URL. Click the external link icon to open the route URL in a new browser window.
  • Jobs lists the job(s) assigned to the route.

    Alt text

Clicking a route's endpoint opens the route's details view, shown below. The table lists the job(s) using that route, including the route type, the route's port on the job, and the relative route weight assigned to each job. For HTTPS-only routes, a green lock icon appears next to the route type.

Alt text

Click Add Job to add another job to the current route. Select a job, port and route weight. Note that a route's HTTPS-only setting cannot be changed when adding a job to the route.

Alt text

Managing Networks

You can use the web console to manage your cluster's networks. You can list available networks, create and delete networks, and add or remove jobs from a network.

List networks

To list existing networks on a cluster, click the Networks menu in the left navigation. The list includes each network's name, namespace, assigned subnet, and number of jobs that have joined the network.

Alt text

View network details

The network Details tab displays the FQN, subnet, netmask, and IP range for jobs in the network. It also lists the jobs that belong to the network and the IPv4 address assigned to each job.

Alt text

You can join or remove jobs to a network from the network details view. You can also do this from the Networking tab of the job details view.

To join a job to the network:

  1. Click Add Job on the network details view.
  2. Enter the target job's FQN and click Submit. You must restart the job to add the job to the network. Click Yes to confirm job restart.

    Alt text

To remove a job from a network:

  • Hover your mouse over the job you want to remove, then click the X in the right margin.

Create and delete networks

You can create and delete networks in the web console.

To create a network:

  1. Click Network in the left navigation.
  2. Click Create Network.
  3. In the Name field enter the network name.
  4. In the Namespace field enter or select the namespace where the network should be created.
  5. Optionally, enter a description.
  6. Click Submit.

    Alt text

To delete a network:

  1. Click Network in the left navigation.
  2. Hover your mouse over the network to delete, then click the X in the right margin

Viewing Audit Logs

The Audit Log view displays all changes to the system made through a user-accessible endpoint (for example, APC, Web Console, or direct API call). The main Audit view (accessible by clicking Audit in the left navigation) displays all audit log items and event types (job.create or package.update for example). Each log item contains the following fields:

Field Description
Date/time Time when the action was initiated (server UTC time).
Event Type A string representation of the event type consisting of the resource type and action (for example, job.update or package.delete). See Audit log event types for a full list of event types.
User Principal name of user who initiated the action.
Resource Type Type of resource affected by the action.
Namespace Namespace of the affected resource.
Local Name Local name of the affected resource.

You can filter your queries by FQN (resource type, namespace, and local name) of the audited item, event type, and date range. You can also paginate through query results. For example, the following example uses APC to query for job.update audit log items generated on October 11, 2016 for the job::/sandbox/admin::mycap resource:

Alt text

Each auditable resource (job, network and so forth) has its own Audit tab that only shows log items for that resource. For instance, the following shows the Audit tab for the job named app2. In this case, the resource type, namespace and local name fields are not shown.

Alt text

Viewing audit log payloads

In addition to the standard audit log item fields (Date and Event Type, for example) some audit log items have an additional payload field that provides further information about the log item. To view an item's payload details, click its item in the Audit view. For example, the following shows the details for an audit log item that was generated when SSH access was removed from the corresponding job (for example, by running apc job update nats-client --remove-ssh).

Alt text

The Changes field indicates the properties were removed from the job object's JSON representation, and properties that were updated, including the old and new values. Deleted properties and old values are displayed in red text; new properties and new values are displayed in green text. The following details show new properties that were added to a job for which network egress was enabled (with apc app update nats-client --allow-egress, for example).

Alt text

Managing Policy

The Policy view lists all policy documents in your cluster. You can create and edit policy documents using the policy editor or upload policy files from your local system. The Data Tables tab lets you easily view and manage the rows of data defined by a policy variable document.

To read or update a policy document, a user must have permissions to read (or update) each realm declared in the policy document (see Policy on Policy Examples).

List policy documents

The list of policy documents displays each policy document's name, version number, timestamp for when the policy document was last updated, and name of the user who made the last update. Click a policy document's name in the list to open the policy in the editor.

Click the Realms tab to view policy on specific realms. Click Audit to view an audit log of changes to policy documents.

Policy document list

Viewing policy on realms

The web console lets you view policy defined on any combination of resource type and namespace. Policy is displayed for the currently selected namespace and all parent namespaces.

To view policy on a realm and namespace:

  1. On the main Policy view, click Resource Types.
  2. Select the resource type and namespace to view policy for.

    Each policy document that contains policy for the selected resource type and namespace (and parent namespaces) is listed, along with the relevant policy defined in each document. Click a document name to open it for editing (see Managing policy documents).

    Policy document list

Creating and editing policy documents

You can use the Web Console's built-in policy editor to create or edit policy documents, or upload documents from your local system. The policy editor validates that policy you enter follows policy syntax rules and reports any syntax errors.

To create a new policy document using the policy editor:

  1. Click Create in the Policy view.
  2. Enter a name for the new document. The name must be a combination of letters, numbers, underscores, and hyphens, only.
  3. Enter policy rules in the editor and click Apply Changes. The editor reports any syntax validation errors in the document.

    Policy editor

To upload a new policy document from your local file system:

  1. Click Upload, locate the policy document to upload and click Open.
  2. Enter a valid name for the policy document or use the default name taken from the file name. Valid names are a combination of letters, numbers, underscores, and hyphens, only.
  3. Click Apply to validate and upload the new policy document. If the document is invalid the console displays an error.

To edit a policy document:

  1. Click the policy to edit on the main Policy view.
  2. Click Edit policy to open the policy document in edit mode.
  3. Make desired changes to the document, then click Apply Changes. If the policy syntax is invalid the console displays an error.

To delete a policy document:

  1. Click the policy document to delete on the main Policy view.
  2. Click Delete then click the confirmation button.

Managing Policy Data Tables

The Data Tables view presents a policy variable's data rows in a filterable, tabular format. Policy variables allow you to separate policy rules from the data those rules operate on. See Administering Policy Variables and Data Tables for more information.