Last updated:2021-09-29 22:05:17
Kingsoft Cloud Container Engine (KCE) integrates the native role-based access control (RBAC) authorization policies of Kubernetes to help you manage authorization. In RBAC mode, you can manage the access permissions on Kubernetes resources of clusters in a more fine-grained manner. For example, you can grant an IAM user the read-only permission or the read/write permission on a specific namespace.
Note
- For more information about RBAC, see Using RBAC Authorization.
Identity | RBAC permission on cluster resources |
---|---|
Admin | Has RBAC read/write permissions on resources in all namespaces of the cluster and read/write permissions on cluster nodes, volumes, namespaces, and quotas, and can grant read/write permissions to IAM users. |
O&M engineer | Has RBAC read/write permissions on resources displayed in the console in all namespaces of the cluster and read/write permissions on cluster nodes, volumes, namespaces, and quotas. |
Developer | Has RBAC read/write permissions on resources displayed in the console in all namespaces of the cluster. |
Restricted user | Has RBAC read-only permissions on resources displayed in the console in all namespaces of the cluster. |
Custom user | Has the permissions of the attached ClusterRole role. You must specify the permissions of the ClusterRole role before you attach the role to an IAM user. This ensures that only the required permissions are granted to the IAM user. |
Identity | RBAC permission on cluster resources |
---|---|
Developer | Has RBAC read/write permissions on resources displayed in the console in the specified namespace. |
Restricted user | Has RBAC read-only permissions on resources displayed in the console in the specified namespace. You must select the specified namespace. |
You can manage the permissions of an IAM user. For example, you can add, remove, and change permissions for an IAM user.
You can add permissions to multiple IAM users at a time without affecting their existing permissions.
Log in to the KCE console.
In the left navigation pane, click Authorization Management.
Click Add Permission, select a cluster and a namespace as required, and then select a predefined identity. You can also click the cross icon to remove the permission.
Click OK.
You can use a Kingsoft Cloud account to grant an IAM user the permissions on all clusters with a few clicks.
Log in to the KCE console.
In the left navigation pane, click Authorization Management.
Select the target IAM user and click Grant Permissions on All.
In the dialog box that appears, select a predefined identity as required and click OK.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.