Upgrade to the RBAC mode

Kingsoft Cloud Container Engine (KCE) supports the basic and role-based access control (RBAC) authorization modes. The RBAC mode allows you to manage the permissions on the Kubernetes resources of clusters in a more fine-grained manner. If you want to upgrade the authorization mode of a cluster from basic to RBAC, perform the following operations with your Kingsoft Cloud account:

1. Log in to the KCE console.
2. In the left navigation pane, click Authorization Management.
3. Click Upgrade to RBAC Mode. In the dialog box that appears, click OK.

Upgrade notes

• To ensure the compatibility with the basic authorization mode, the RBAC mode reserves the cluster-admin permissions for the Identity and Access Management (IAM) users of your clusters.
• After the upgrade, you must revoke permissions from the IAM users of your clusters as required.

Note

• 1. During the upgrade of the authorization mode, the ClusterRoleBinding object is written to all your clusters. If one of the clusters is inaccessible, the upgrade fails. In this case, you cannot grant permissions in RBAC mode.
• 2. After you upgrade to the RBAC mode, you cannot roll back to the basic authorization mode.
• 3. After the RBAC mode is enabled, you can revoke permissions from or modify the permissions of your IAM users as required. For more information, seeManage the RBAC permissions of IAM users