Release Notes and Announcements

Release Notes

Announcements

Release Notes

Product Introduction

Overview

Strengths

Architecture

Scenarios

Features

Concepts

Native Kubernetes Terms

Common High-Risk Operations

Regions and Availability Zones

Service Regions and Service Providers

Open Source Components

Purchase Guide

Purchase Instructions

Purchase a TKE General Cluster

Purchasing Native Nodes

Purchasing a Super Node

Getting Started

Beginner’s Guide

Quickly Creating a Standard Cluster

Examples

Container Application Deployment Check List

Cluster Configuration

General Cluster Overview

Cluster Management

Network Management

Storage Management

Node Management

GPU Resource Management

Remote Terminals

Application Configuration

Workload Management

Service and Configuration Management

Component and Application Management

Auto Scaling

Container Login Methods

Observability Configuration

Ops Observability

Cost Insights and Optimization

Scheduler Configuration

Scheduling Component Overview

Resource Utilization Optimization Scheduling

Business Priority Assurance Scheduling

QoS Awareness Scheduling

Security and Stability

TKE Security Group Settings

Identity Authentication and Authorization

Application Security

Multi-cluster Management

Planned Upgrade

Backup Center

Cloud Native Service Guide

Cloud Service for etcd

TMP

TKE Serverless Cluster Guide

TKE Registered Cluster Guide

Use Cases

Cluster

Serverless Cluster

Scheduling

Security

Service Deployment

Network

Release

Logs

Monitoring

OPS

Terraform

DevOps

Auto Scaling

Containerization

Microservice

Cost Management

Hybrid Cloud

Troubleshooting

Disk Full

High Workload

Memory Fragmentation

Cluster DNS Troubleshooting

Cluster kube-proxy Troubleshooting

Cluster API Server Inaccessibility Troubleshooting

Service and Ingress Inaccessibility Troubleshooting

Common Service & Ingress Errors and Solutions

Engel Ingres appears in Connechtin Reverside

CLB Ingress Creation Error

Troubleshooting for Pod Network Inaccessibility

Pod Status Exception and Handling

Authorizing Tencent Cloud OPS Team for Troubleshooting

CLB Loopback

API Documentation

History

Introduction

API Category

Making API Requests

Elastic Cluster APIs

Resource Reserved Coupon APIs

Cluster APIs

Third-party Node APIs

Relevant APIs for Addon

Network APIs

Node APIs

Node Pool APIs

TKE Edge Cluster APIs

Cloud Native Monitoring APIs

Scaling group APIs

Super Node APIs

Other APIs

Data Types

Error Codes

TKE API 2022-05-01

FAQs

TKE General Cluster

TKE Serverless Cluster

About OPS

Hidden Danger Handling

About Services

Image Repositories

About Remote Terminals

Event FAQs

Resource Management

Service Agreement

TKE Service Level Agreement

TKE Serverless Service Level Agreement

Glossary

Using TKE Preset Policy Authorization

PDF

Mode fokus

Ukuran font

Terakhir diperbarui: 2024-12-11 18:50:30

This document describes the preset policies offered by Tencent Kubernetes Engine (TKE). It shows you how to associate sub-accounts with preset policies to grant specific permissions. You can use this document as a reference to configure preset policies that are in line with your particular business needs.
TKE Preset Policies
You can grant relevant permissions to sub-accounts by using the following preset policies:
Policy
Description
QcloudTKEFullAccess
This policy grants full read/write access permissions for TKE, including permissions for TKE and related CVMs, CLBs, VPCs, monitors, and user groups.
QcloudTKEInnerFullAccess
This policy grants full access permission for TKE. However, since TKE involves the use of many products, we recommend configuring QcloudTKEFullAccess.
QcloudTKEReadOnlyAccess
This policy grants read-only permission for TKE.
The following preset policies are used to grant permissions for specific TKE services. We do not recommend associating the following preset policies with a sub-account:
Policy
Description
QcloudAccessForCODINGRoleInAccessTKE
This policy grants the relevant TKE permissions for the Coding service.
QcloudAccessForIPAMDofTKERole
This policy grants the relevant ENI permissions for the TKE service.
QcloudAccessForIPAMDRoleInQcloudAllocateEIP
This policy grants the relevant EIP permissions for the TKE service.
QcloudAccessForTKERole
This policy grants the relevant CVM, Tag, CLB, and CLS permissions for the TKE service.
QcloudAccessForTKERoleInCreatingCFSStorageclass
This policy grants the relevant CFS permissions for the TKE service.
QcloudAccessForTKERoleInOpsManagement
This policy associates the TKE service role (TKE_QCSRole) so that TKE can access other Tencent Cloud services, including CLS.
Associating Sub-accounts with Preset Policies
When setting user permissions during the creation of a sub-account, you can associate preset policies with the sub-account by direct association or association via group.
Direct association
By directly associating your sub-account with a policy, the sub-account obtains the permissions contained in the policy. The direct association process is outlined below:
1. Log in to the CAM console and select Users -> User List on the left sidebar.
2. On the User List page, find the target sub-account and click Grant Permission in the Operation column.
3. On the Associate Policies page, select the policies that you want to associate.
4. Click OK.
Association via group
By adding your sub-account to a user group, the sub-account automatically obtains the permissions that are associated with the user group. To disassociate the sub-account from the policies of the group, you simply need to remove the sub-account from the user group. The group association process is outlined below: 
1. Log in to the CAM console and select Users -> User List on the left sidebar.
2. On the User List page, find the target sub-account and choose More -> Add to Group in the Operation column.
3. On the Add to Group page, select the target user group.
4. Click OK.
Logging in to the sub-account for verification
Log in to the TKE console to verify that the features corresponding to the associated policies can be used and/or accessed properly. If so, this indicates that the sub-account was successfully authorized.

Bantuan dan Dukungan

Apakah halaman ini membantu?

Anda juga dapat Menghubungi Penjualan atau Mengirimkan Tiket untuk meminta bantuan.

masukan

Policy	Description
`QcloudTKEFullAccess`	This policy grants full read/write access permissions for TKE, including permissions for TKE and related CVMs, CLBs, VPCs, monitors, and user groups.
`QcloudTKEInnerFullAccess`	This policy grants full access permission for TKE. However, since TKE involves the use of many products, we recommend configuring `QcloudTKEFullAccess`.
`QcloudTKEReadOnlyAccess`	This policy grants read-only permission for TKE.

Policy	Description
`QcloudAccessForCODINGRoleInAccessTKE`	This policy grants the relevant TKE permissions for the Coding service.
`QcloudAccessForIPAMDofTKERole`	This policy grants the relevant ENI permissions for the TKE service.
`QcloudAccessForIPAMDRoleInQcloudAllocateEIP`	This policy grants the relevant EIP permissions for the TKE service.
`QcloudAccessForTKERole`	This policy grants the relevant CVM, Tag, CLB, and CLS permissions for the TKE service.
`QcloudAccessForTKERoleInCreatingCFSStorageclass`	This policy grants the relevant CFS permissions for the TKE service.
`QcloudAccessForTKERoleInOpsManagement`	This policy associates the TKE service role (TKE_QCSRole) so that TKE can access other Tencent Cloud services, including CLS.

tencent cloud

Tencent Kubernetes Engine

Using TKE Preset Policy Authorization

TKE Preset Policies

Associating Sub-accounts with Preset Policies

Direct association

Association via group

Logging in to the sub-account for verification

Bantuan dan Dukungan