检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Administrators of the IAM Admin user group can grant cluster management permissions (such as CCE Administrator and CCE FullAccess) to IAM sub-users or grant namespace permissions for a cluster on the CCE console.
Only the users with the cluster management (IAM) permission can download the cluster certificate. Note that information leakage may occur during certificate transmission. Parent Topic: Permissions
kind: User name: 0c97ac3cb280f4d91fa7c0096739e1f8 # User ID of user-example apiGroup: rbac.authorization.k8s.io The subjects section binds a Role with an IAM user so that the IAM user can obtain the permissions defined in the Role, like in the following figure.
Why Can't an IAM User Make API Calls?
It combines the advantages of IAM and RBAC to provide a variety of authorization methods, including IAM fine-grained/token authorization and cluster-/namespace-scoped authorization.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has their own identity credentials (password and access keys).
The Kubernetes permissions of the configuration file downloaded by an IAM user are the same as those of the IAM user on the CCE console.
You can go to the IAM console, choose Security Settings > Critical Operations, and enable operation protection. Resource Tag: You can add resource tags to classify resources. Cluster Description: specifies the description that you entered for a cluster.
{Endpoint} indicates the endpoint of IAM, which can be obtained from Endpoints. For details about API authentication, see Authentication. The following is an example response.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Constraints Only Huawei Cloud accounts, HUAWEI IDs, or IAM users with CCE Administrator or FullAccess permissions can perform all operations using Alarm Center. IAM users with the CCE ReadOnlyAccess permission can only view all resources.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Only Huawei Cloud accounts, HUAWEI IDs, and IAM users in the admin user group can perform this operation. Configure the add-on specifications as needed.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
