检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
identity authentication provider for the cluster-admin entry. ccictl config set-credentials cluster-admin --auth-provider=iam --auth-provider-arg=iam-endpoint=example.com # Delete the iam-endpoint configuration value of the IAM identity provider for the cluster-admin entry. ccictl
Log in to the IAM console as the delegating party (account A). Create an agency, enter the account name of the delegated party (account B), and grant permissions of the CCIFullAccess policy to the delegated party.
It works with Identity and Access Management (IAM) to provide a variety of authorization methods, including IAM fine-grained authorization, IAM token authorization, namespace authorization, and resource authorization in namespaces.
Figure 1 Image address IAM users do not have sufficient permissions to pull images.
Constraints CCI resources cannot be operated using ccictl in IAM 5.0 (Landing Zone).
IAM users can use their own access keys to mount parallel file system volumes and control access to OBS. For details, see Differences Between OBS Permissions Control Methods.
You can view the agency on the IAM console. (Optional) Uploading Images The cloud platform provides the SoftWare Repository for Container (SWR) service for you to upload container images to the image repository.
> --auth-provider-arg=ak=<$ak> --auth-provider-arg=sk=<$sk> Table 2 Username and password Command Flag Description domain-name Tenant name, which is the account name. user-name IAM username. password Password of the account or IAM user.
Obtain the IAM token.
Creating a User and Granting Permissions This section describes how to use IAM to implement fine-grained permissions control for your CCI 2.0 resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
For more information about IAM, see IAM Service Overview. CCI Permissions By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
NOTE: If you are an IAM user, you must obtain permissions before you can use the private images in the account. For details on how to obtain permissions, see Uploading Images. Currently, CCI does not support third-party image repositories.
