检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
After you agree to delegate permissions, CCE uses IAM to create an agency named cce_admin_trust. This agency is granted Tenant Administrator permissions for the resources of other cloud services (excluding IAM).
Current account: Grant permissions to a specific IAM account under the current account. Other accounts: Grant permissions to a specific IAM account under another account. Other accounts XXX(account ID)/XXX (IAM ID) Resources Specify the authorized resources.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
metadata: name: debugger-binding subjects: - kind: User name: "xxx" # User ID apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: ephemeral-debugger apiGroup: rbac.authorization.k8s.io For details about how to obtain a user ID, see Obtaining Account, IAM
After you agree to delegate permissions, CCE uses IAM to create an agency named cce_admin_trust. This agency is granted Tenant Administrator permissions for the resources of other cloud services (excluding IAM).
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Figure 10 Configuring advanced settings Table 10 Advanced settings Parameter Description Modifiable After Cluster Creation IAM Authentication CCE clusters support IAM authentication. You can call IAM authenticated APIs to access CCE clusters.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
On the IAM console, a user deletes cce_admin_trust. All the preceding actions will cause CCE cluster functions to be abnormal. Proactive O&M CCE provides multi-dimensional monitoring and alarm reporting functions, allowing users to locate and rectify faults as soon as possible.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
For details, see 1.d. access-key <Access key ID> Specifies the access key ID of an IAM user. It is used as the identity authentication information for accessing the storage.
Only Huawei Cloud accounts, HUAWEI IDs, or IAM users with CCE administrator or FullAccess permissions can perform all operations using Alarm Center. IAM users with the CCE ReadOnlyAccess permission can only view all resources.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
After you agree to delegate permissions, CCE uses IAM to create an agency named cce_admin_trust. This agency is granted Tenant Administrator permissions for the resources of other cloud services (excluding IAM).
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Prerequisites A cluster is available and the cluster version meets the following requirements: v1.21: v1.21.10-r0 or later v1.23: v1.23.8-r0 or later v1.25: v1.25.3-r0 or later Versions later than v1.25 To drain a node as an IAM user, you must have at least one of the following permissions
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
