You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/nginx-one/rbac/rbac-api.md
+6-6
Original file line number
Diff line number
Diff line change
@@ -7,15 +7,15 @@ product: NGINX One
7
7
docs: DOCS-000
8
8
---
9
9
10
-
Beyond [Default roles]({{< relref "/nginx-one/rbac/roles.md" >}}), you may need to set up custom roles. For convenience, we include a list of API groups that you could use to specify permissions for custom roles.
11
-
12
-
These are not NGINX One APIs.
10
+
Beyond the [Default roles]({{< relref "/nginx-one/rbac/roles.md" >}}) for NGINX One Console access, you can create [custom roles](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt/roles#custom-roles) with more precisely defined access permissions.
11
+
You can assign custom roles to users or service accounts. You can associate these roles with specific namespaces, to help facilitate the principle of least privilege across your tenant.
12
+
For this use-case, we include a list of API groups that you can use to specify permissions for custom roles with more granular access controls to NGINX One Console APIs.
13
13
14
14
## F5 API groups for NGINX One
15
15
16
-
The following table lists the **[F5 XC roles](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt/roles)** that you can use. These are narrowly scoped API Groups that align with all the features and functionality within the NGINX One Console. These groups can help you create custom roles tailored to your specific needs.
16
+
The following table lists the available API groups that you can use to construct a Role. These are narrowly scoped API groups that align with all the features and functionality within the NGINX One Console. These groups can help you create custom roles tailored to your specific needs.
17
17
18
-
{{< note >}}If you create custom roles using the more granular API Groups, users may not have access until you add the corresponding API Groups to their roles.{{< /note >}}
18
+
{{< note >}}If you create custom roles using these API groups, users may not have access to all capabilities of the browser web portal.{{< /note >}}
19
19
20
20
| API Group Name | Level of Access | Description |
| f5xc-nginx-one-custom-data-plane-key-manage | Write | View, create, update, and delete any Data Plane Keys. Note: The actual Data Plane Key is shown _only_ when created. |
Copy file name to clipboardExpand all lines: content/nginx-one/rbac/roles.md
+4-3
Original file line number
Diff line number
Diff line change
@@ -13,13 +13,14 @@ We provide three default **[roles](https://docs.cloud.f5.com/docs-v2/administrat
13
13
14
14
### Admin
15
15
16
-
The Admin role, identified as <code>f5xc-nginx-one-admin</code>, provides full read and write access to all endpoints and features within the NGINX One Console.
16
+
The Admin role, identified as `f5xc-nginx-one-admin`, provides full read and write access to all endpoints and features within the NGINX One Console.
17
+
It also supports RBAC for related XC services, as described in [Role-based Access Control Concepts](https://flatrender.tora.reviews/docs-v2/administration/how-tos/user-mgmt/rbac).
17
18
18
19
### User
19
20
20
-
Our standard User role, listed as <code>f5xc-nginx-one-user</code> in the role list, provides read and write access to all endpoints and features, save for those considered to be administrator level. An example of an administrator level feature would be **[Instance Settings](https://docs.nginx.com/nginx-one/how-to/nginx-configs/clean-up-unavailable-instances/)** where unavailable instance clean up logic is set.
21
+
Our standard User role, listed as `f5xc-nginx-one-user` in the role list, provides read and write access to all endpoints and features, save for those considered to be administrator level. An example of an administrator level feature would be **[Instance Settings](https://docs.nginx.com/nginx-one/how-to/nginx-configs/clean-up-unavailable-instances/)** where unavailable instance clean up logic is set.
21
22
22
23
### Monitor
23
24
24
-
Our read only or Monitor role, <code>f5xc-nginx-one-monitor</code>, grants read only access to all non-administrator features and endpoints within the NGINX One Console.
25
+
Our read only or Monitor role, `f5xc-nginx-one-monitor`, grants read only access to all non-administrator features and endpoints within the NGINX One Console.
We’re introducing the new percentage capacity metric, `nginxaas.capacity.percentage`, which provides a more accurate estimate of your deployment's load compared to the previous consumed NCUs metric. The new capacity metric expresses the capacity consumed as a percentage of the deployment's total capacity. Please modify any alerts and monitoring on deployment performance to use the new percentage capacity metric. The consumed NCUs metric is being deprecated and will be removed in the near future. Please see [Scaling guidance]({{< relref "/nginxaas-azure/quickstart/scaling.md">}}) for more details.
21
+
16
22
## March 5, 2025
17
23
18
24
- {{% icon-info %}} **Retirement of Standard Plan**
| ncu.provisioned || count | The number of successfully provisioned NCUs during the aggregation interval. During scaling events, this may lag behind `ncu.requested` as the system works to achieve the request. Available for Standard plan(s) only. | deployment |
39
39
| ncu.requested || count | The requested number of NCUs during the aggregation interval. Describes the goal state of the system. Available for Standard plans(s) only. | deployment |
40
-
|ncu.consumed|| count | The estimated number of NCUs used to handle the current traffic. This may burst above the `ncu.provisioned`. This can be used to guide scaling out or in to match your workload. See [Scaling Guidance]({{< relref "/nginxaas-azure/quickstart/scaling.md#iterative-approach" >}}) for details. Available for Standard plan(s) only. | deployment |
40
+
|nginxaas.capacity.percentage|| count | The percentage of the deployment's total capacity being used. This can be used to guide scaling your workload. See [Scaling Guidance]({{< relref "/nginxaas-azure/quickstart/scaling.md#iterative-approach" >}}) for details. Available for Standard plan(s) only. | deployment |
41
41
| system.worker_connections | pid process_name | count | The number of nginx worker connections used on the dataplane. This metric is one of the factors which determines the deployment's consumed NCU value. | deployment |
42
42
| nginxaas.certificates | name status | count | The number of certificates added to the NGINXaaS deployment dimensioned by the name of the certificate and its status. Refer to [Certificate Health]({{< relref "/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md#monitor-certificates" >}}) to learn more about the status dimension. | deployment |
43
43
| nginxaas.maxmind | status | count | The status of any MaxMind license in use for downloading geoip2 databases. Refer to [License Health]({{< relref "/nginxaas-azure/quickstart/geoip2.md#monitoring" >}}) to learn more about the status dimension. | deployment |
44
44
45
45
{{</bootstrap-table>}}
46
46
47
+
{{< warning >}}The `ncu.consumed` metric is now deprecated and is on the path to retirement. Please change any alerting on this metric to use the new Capacity Percentage metric.{{< /warning >}}
| system.interface.total_bytes| interface | count | System Interface Total Bytes, sum of bytes_sent and bytes_rcvd. | deployment |
227
229
| system.interface.egress_throughput| interface | count | System Interface Egress Throughput, i.e. bytes sent per second| deployment |
230
+
| system.listener_backlog.max| listen_addr, file_desc | count | The fullness (expressed as a fraction) of the fullest backlog queue. | deployment |
231
+
| system.listener_backlog.length| listen_address, file_desc | count | The number of items in a specific backlog queue, labelled by listen address. | deployment |
232
+
| system.listener_backlog.queue_limit| listen_address, file_desc | count | The capacity of a specific backlog queue, labelled by listen address. | deployment |
0 commit comments