检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
identity authentication provider for the cluster-admin entry. ccictl config set-credentials cluster-admin --auth-provider=iam --auth-provider-arg=iam-endpoint=example.com # Delete the iam-endpoint configuration value of the IAM identity provider for the cluster-admin entry. ccictl
Log in to the IAM console as the delegating party (account A). Create an agency, enter the account name of the delegated party (account B), and grant permissions of the CCIFullAccess policy to the delegated party.
It works with Identity and Access Management (IAM) to provide a variety of authorization methods, including IAM fine-grained authorization, IAM token authorization, namespace authorization, and resource authorization in namespaces.
Figure 1 Image address IAM users do not have sufficient permissions to pull images.
Constraints CCI resources cannot be operated using ccictl in IAM 5.0 (Landing Zone).
You can use either of the following methods to grant permissions to an IAM user: On the details page of an image, click the Permissions tab, click Add Permission, and then grant the read, write, and manage permissions to the user.
> --auth-provider-arg=ak=<$ak> --auth-provider-arg=sk=<$sk> Table 2 Username and password Command Flag Description domain-name Tenant name, which is the account name. user-name IAM username. password Password of the account or IAM user.
Obtain the IAM token.
Creating a User and Granting Permissions This section describes how to use IAM to implement fine-grained permissions control for your CCI 2.0 resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
For more information about IAM, see IAM Service Overview. CCI Permissions By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
NOTE: If you are an IAM user, you must obtain permissions before you can use the private images in the account. For details on how to obtain permissions, see Uploading Images. Currently, CCI does not support third-party image repositories.