tencent cloud

Tencent Kubernetes Engine

소식 및 공지 사항
릴리스 노트
제품 릴리스 기록
제품 소개
제품 장점
제품 아키텍처
시나리오
제품 기능
리전 및 가용존
빠른 시작
신규 사용자 가이드
표준 클러스터를 빠르게 생성
Demo
클라우드에서 컨테이너화된 애플리케이션 배포 Check List
TKE 표준 클러스터 가이드
Tencent Kubernetes Engine(TKE)
클러스터 관리
네트워크 관리
스토리지 관리
Worker 노드 소개
Kubernetes Object Management
워크로드
클라우드 네이티브 서비스 가이드
Tencent Managed Service for Prometheus
TKE Serverless 클러스터 가이드
TKE 클러스터 등록 가이드
실습 튜토리얼
Serverless 클러스터
네트워크
로그
모니터링
유지보수
DevOps
탄력적 스케일링
자주 묻는 질문
클러스터
TKE Serverless 클러스터
유지보수
서비스
이미지 레지스트리
원격 터미널
문서Tencent Kubernetes Engine

Custom Policy Authorization

포커스 모드
폰트 크기
마지막 업데이트 시간: 2024-12-11 18:50:30
This document describes how to grant specified permissions to a sub-account by customizing ClusterRoles and Roles in Kubernetes to fit your specific business requirements.

Policy Syntax Description

You can write your own policy syntax or use the Cloud Access Management (CAM) policy generator to create custom policies. An example YAML is shown below:

Role: for a namespace

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: testRole
  namespace: default
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch


ClusterRole: for a cluster

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: testClusterRole
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch 


Directions

Note:
This section describes how to bind a custom ClusterRole policy to a sub-account. This operation is basically the same as that for binding a Role policy. Following the directions below, you can bind policies to fit your specific business requirements.
1. Log in to the TKE console and click Cluster on the left sidebar.
2. On the Cluster Management page, click the ID of the target cluster.
3. On the cluster details page, select Authorization Management -> ClusterRole on the left sidebar, as shown in the following figure.


4. On the ClusterRole page, select Create using YAML in the upper-right corner.
5. On the editing page, enter the YAML content of the custom policy and then click Complete to create the ClusterRole policy. For this step, the ClusterRole: for a cluster YAML is used as an example. After the policy is created, you can view the custom permission testClusterRole on the ClusterRole page.
6. On the ClusterRoleBinding page, click RBAC Policy Generator.
7. When you select a sub-account on the Administration Permissions page, select the target sub-account and click Next, as shown in the following figure.


8. On the Cluster RBAC Setting page, set the permissions as instructed, as shown in the following figure.


Namespace List: specify the namespaces for which the permissions apply.
Permissions: select Custom and click Select Custom Permissions. Then, select the desired permissions from the custom permission list. Here, we select the previously created custom permission testClusterRole as an example.
Note:
You can also click Add Permission to continue customizing the permissions.
9. Click Done to complete the authorization.

For your Reference

For more information, see the Kubernetes official documentation: Using RBAC for authorization.
다음 주제: TKE Serverless 클러스터 업데이트(2023년)

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백