Managing Access Rules

Prerequisites

• You have created a log group and log stream. For details, see Creating Log Groups and Log Streams. You can also directly create them on the Add Access Rule page.
• You have created a cluster, namespace, and workload by referring to Cloud Container Engine User Guide and also configured a container log collection path.

Adding Access Rules

To map the logs of CCE or custom clusters in AOM to LTS, perform the following steps:

1. Log in to the AOM console. In the navigation pane, choose Log > Access LTS.
2. Click Add Access Rule.
3. Select an access type. Access by Namespace, Access by Workload, or Automatic Mapping are available.
   • Access by Namespace: All logs of the selected namespace are connected to the specified log stream.
     1. Rule Name: Enter a custom rule name.
     2. Cluster: Select a cluster from the drop-down list.
     3. Namespace: Select a namespace from the drop-down list.
     4. Workload: Retain the default value All.
     5. Container Name: Select a container from the drop-down list box.
     6. Set an access rule.
        • Access all logs: If you select this option, select a log group and log stream.
        • Specify log paths: If you select this option, specify a log path and then select a log group and log stream.
        

        If no log group or stream meets your requirements, click Create Log Group or Create Log Stream to create one. After creating a log stream, select an enterprise project.

   • Access by Workload: Logs of the selected workload are connected to the specified log stream.
     1. Rule Name: Enter a custom rule name.
     2. Cluster: Select a cluster from the drop-down list.
     3. Namespace: Select a namespace from the drop-down list.
     4. Workload: Select one or more workloads from the drop-down list.
     5. Container Name: Select a container from the drop-down list box.
     6. Set an access rule.
        • Access all logs: If you select this option, select a log group and log stream.
        • Specify log paths: If you select this option, specify a log path and then select a log group and log stream.
        

        If no log group or stream meets your requirements, click Create Log Group or Create Log Stream to create one. After creating a log stream, select an enterprise project.

   • Automatic Mapping: Workload logs are automatically connected to the generated log streams with the same names as the workloads.
     1. Rule Name: Enter a custom rule name.
     2. Cluster: Select a cluster from the drop-down list.
     3. Namespace: Select a namespace from the drop-down list.
     4. Workload: Select one or more workloads from the drop-down list.

        If you select one workload, the rule name is changed to Custom rule name_0 after the rule is created, for example, test_0. If you select multiple workloads, the rule names are changed to Custom rule name_0, Custom rule name_1, and so on, such as test_0 and test_1.

     5. Set an access rule: Select a log group and an enterprise project, and specify a log stream prefix. A log stream will be generated based on the log stream prefix and workload name. By default, all logs of the selected workload are connected.

Managing Access Rules

On the Access LTS page, you can search for, view, edit, and delete access rules.

• Search
  Click the search box, select a search dimension, for example, Workload, and then select options under this dimension. You can also directly enter a keyword in the search box. In this case, the system searches for information based on access rule names by default.

  Figure 1 Selecting a search dimension
  
• View

  In the rule list, view the cluster name and namespace of the created rule. Click in the upper right corner of the search box to customize the display of columns. Click a log group name in the Log Group column to go to the log group details page on the LTS console.

• Edit

  Click Edit in the Operation column to edit the access rule. For details about the impact of modifying an access rule, see Modifying a Mapping.

• Delete

  Click Delete in the Operation column to delete the access rule. Select one or more access rules and click Delete above the rule list.

  

  Deleted access rules or mapped log streams cannot be recovered. Exercise caution when performing this operation. For details about the impact of deleting an access rule, see Deleting a Mapping.