EKSCI supports binding a role to the instance to authorize corresponding permissions to the instance. It is applicable to be used in the scenarios where you need to access other Tencent Cloud services through containers, such as uploading logs to CLS and modifying CLS topic permissions. This document describes how to bind a role to a container instance to authorize permissions.
In the following, we take uploading logs to CLS as an example. The steps are as follows:
You need to bind a role when creating the container instance. The steps are as follows:
- Log in to the TKE console.
- On the list page of container instances, select the region where the instance is located.
- Click Create Instance at the top of the instance list.
- Configure the parameters of the container instance based on actual needs. Click Next.
- Select the role you have created in advance to complete the binding process.
It there is no appropriate role, click Create CAM Role. For directions, see the following:
Creating a policy
You need to create a policy before creating a role. This policy determines what permissions your role has.
- Log in to the CAM console and select Policies in the left sidebar.
- On the Polices page, click Create Custom Policy.
- Select Create by Policy Generator in Select Policy Creation Method pop-up.
- Select the permissions that need to be authorized to the instance. For example, select write operation of "cls:pushLog". Click Next.
- Confirm the policy name and click Done.
Creating a role
You need to bind the policy to a role after creating the policy, so as to make the role have the permissions corresponding to the policy. You can bind multiple policies to one role based on your needs and unbind them at any time.
- Log in to the CAM console, and select [Roles](https://console.intl.cloud.tencent.com/cam/role) in the left sidebar.
- On the Roles page, click Create Role.
- In the Select role entity window that appears, select Tencent Cloud Product Service to go to the Create Custom Role page.
- On the Enter role entity info tab, select Cloud Virtual Machine (cvm) and click Next.
- On the Configure role policy tab, select the name of the policy created in the previous step and click Next.
- On the Review tab, enter the role name to review the role information, and then click Done. For more information, see Creating a Role.
You must select Cloud Virtual Machine (cvm) as the role entity. Authorization cannot be completed if you select any other entity.
- After creating an appropriate role, select it in step 4.
- Click Next to confirm the configuration and complete instance creation. You can verify if the role has been bound properly by performing the actions corresponding to the permissions.