| Product | Role Name | Role Types | Role Entity |
|---|---|---|---|
| Tencent Kubernetes Engine | TKE_QCSLinkedRoleInEIS | Service-Related Roles | eis.tke.cloud.tencent.com |
| Tencent Kubernetes Engine | TKE_QCSLinkedRoleInTDCC | Service-Related Roles | cvm.qcloud.com tdcc.tke.cloud.tencent.com |
| Tencent Kubernetes Engine | TKE_QCSLinkedRoleInEKSLog | Service-Related Roles | cvm.qcloud.com ekslog.tke.cloud.tencent.com |
| Tencent Kubernetes Engine | TKE_QCSLinkedRoleInEtcdService | Service-Related Roles | cvm.qcloud.com etcdservice.tke.cloud.tencent.com |
| Tencent Kubernetes Engine | TKE_QCSLinkedRoleInEKSCostMaster | Service-Related Roles | cvm.qcloud.com ekscostmaster.tke.cloud.tencent.com |
| Tencent Kubernetes Engine | TKE_QCSLinkedRoleInPrometheusService | Service-Related Roles | cvm.qcloud.com prometheusservice.tke.cloud.tencent.com |
Use Cases: The current role is the Tencent Kubernetes Engine (TKE) service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cvm:ModifyInstancesProject",
"cvm:DescribeInstances",
"tke:InstallAddon",
"tke:DescribeAddon",
"tke:DescribeAddonValues",
"tke:UpdateAddon",
"tke:DeleteAddon",
"tke:AddVpcCniSubnets",
"tke:CheckClusterCIDR",
"tke:DescribeClusterKubeconfig",
"tke:AcquireClusterKubeConfigForProduct",
"tke:ModifyClusterTags",
"tke:ModifyClusterAttribute",
"tke:DisableClusterDeletionProtection",
"tke:DescribeClusterInstances",
"tke:DeleteCluster",
"tke:DescribeClusterStatus",
"tke:DescribeClusters",
"tke:DescribeExistedInstances",
"tke:CreateCluster",
"tke:DeleteClusterInstances",
"tke:AddExistedInstances",
"cls:CreateLogset",
"cls:DescribeLogsets",
"cls:CreateTopic",
"cls:DescribeTopics",
"monitor:DescribePrometheusInstances",
"monitor:CreatePrometheusMultiTenantInstancePostPayMode",
"monitor:CreatePrometheusClusterAgent",
"monitor:DescribePrometheusClusterAgents",
"monitor:DeletePrometheusClusterAgent",
"monitor:TerminatePrometheusInstances",
"monitor:CreateExporterIntegration",
"monitor:DescribeExporterIntegrations",
"monitor:CreateExternalCluster",
"monitor:DescribeExternalClusterRegisterCommand",
"vpc:DescribeSubnets",
"tke:CreateClusterRelease",
"tke:DescribeClusterReleases",
"tke:DescribeClusterPendingReleases",
"tke:UninstallClusterRelease",
"tke:DescribeLogSwitches",
"cvm:DescribeImages",
"cvm:RebootInstances",
"cvm:DescribeMarketImages",
"cvm:ModifyInstancesAttribute",
"cvm:RunInstances",
"cvm:ResetInstance",
"cvm:DescribeZones",
"cvm:DescribeInstanceTypeConfigs",
"cvm:DescribeZoneInstanceConfigInfos"
],
"resource": "*"
}
]
}
Use Cases: The current role is the TKE service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cls:listTopic",
"cls:getTopic",
"cls:createTopic",
"cls:modifyTopic",
"cls:listMachineGroup",
"cls:getMachineGroup",
"cls:createMachineGroup",
"cls:modifyMachineGroup",
"cls:deleteMachineGroup",
"cls:getMachineStatus",
"cls:pushLog",
"cls:agentHeartBeat",
"cls:getConfig",
"cls:getIndex",
"cls:modifyIndex",
"cls:ApplyConfigToMachineGroup",
"cls:CreateConfig",
"cls:CreateIndex",
"cls:CreateLogset",
"cls:CreateMachineGroup",
"cls:CreateTopic",
"cls:DeleteConfig",
"cls:DeleteConfigFromMachineGroup",
"cls:DeleteLogset",
"cls:DeleteMachineGroup",
"cls:DeleteTopic",
"cls:DescribeConfigMachineGroups",
"cls:DescribeConfigs",
"cls:DescribeLogsets",
"cls:DescribeMachineGroupConfigs",
"cls:DescribeMachineGroups",
"cls:DescribeTopics",
"cls:ModifyConfig",
"cls:ModifyIndex",
"cls:ModifyMachineGroup",
"cls:ModifyTopic"
],
"resource": [
"*"
]
}
]
}
Use Cases: The current role is the TKE service role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cls:pushLog",
"cls:agentHeartBeat",
"cls:getConfig"
],
"resource": [
"*"
]
}
]
}
Use Cases: The current role is the TKE service role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"cos:DeleteBucket",
"cos:GetBucket",
"cos:PutBucket",
"cos:HeadBucket",
"cos:GetObject",
"cos:HeadObject",
"cos:PutObject",
"cos:DeleteObject",
"cos:DeleteMultipleObjects",
"cos:ListMultipartUploads",
"cos:AbortMultipartUpload"
]
}
]
}
Use Cases: The current role is the TKE service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"version": "2.0",
"statement": [
{
"action": [
"monitor:DescribeMidDimensionValueList",
"monitor:DescribeStatisticData",
"monitor:GetMonitorData"
],
"resource": "*",
"effect": "allow"
}
]
}
Use Cases: The current role is the TKE service role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"statement": [
{
"action": [
"cos:DeleteBucket",
"cos:GetBucket",
"cos:PutBucket",
"cos:HeadBucket",
"cos:GetObject",
"cos:HeadObject",
"cos:PutObject",
"cos:DeleteObject",
"cos:DeleteMultipleObjects",
"cos:ListMultipartUploads",
"cos:AbortMultipartUpload",
"cos:AbortMultipartUpload",
"cos:ListMultipartUploads",
"monitor:DescribePrometheusInstances",
"monitor:DescribeRecordingRules",
"monitor:DescribeAlertRules",
"monitor:DescribeAlarmNotice",
"monitor:DescribeAlarmNotices",
"monitor:DescribeAlarmNoticeCallbacks",
"monitor:DescribeAlarmHistories",
"monitor:CreatePrometheusMultiTenantInstance",
"monitor:TerminatePrometheusInstances",
"monitor:ModifyPrometheusInstanceAttributes",
"monitor:CreateRecordingRule",
"monitor:DeleteRecordingRules",
"monitor:UpdateRecordingRule",
"monitor:CreateAlertRule",
"monitor:DeleteAlertRules",
"monitor:UpdateAlertRule",
"monitor:UpdateAlertRuleState",
"monitor:CreateAlarmNotice",
"monitor:DeleteAlarmNotices",
"monitor:ModifyAlarmNotice",
"monitor:ModifyAlarmPolicyNotice",
"monitor:CreateManagedEKSAgent",
"monitor:DescribeManagedEKSAgent",
"monitor:CreateAlertRuleReceiverNotRequired",
"monitor:UpdateAlertRuleReceiverNotRequired",
"monitor:DescribeExporterIntegrations",
"monitor:CreateExporterIntegration",
"monitor:UpdateExporterIntegration",
"monitor:DeleteExporterIntegration",
"monitor:CreateGrafanaInstance",
"monitor:CreatePrometheusMultiTenantInstancePostPayMode",
"monitor:BindPrometheusManagedGrafana",
"monitor:DescribeGrafanaInstances",
"tdcc:DescribeExternalClusters",
"tdcc:DescribeExternalClusterCredential",
"monitor:UpgradeGrafanaDashboard",
"monitor:UninstallGrafanaDashboard",
"monitor:DescribePrometheusAlertGroups",
"monitor:CreatePrometheusAlertGroup",
"monitor:UpdatePrometheusAlertGroup",
"monitor:DeletePrometheusAlertGroups",
"monitor:UpdatePrometheusAlertGroupState",
"tke:DescribeTKEEdgeExternalKubeconfig",
"tke:DescribeTKEEdgeClusterCredential",
"tke:DescribeTKEEdgeClusters",
"tke:DescribeClusters",
"tke:DescribeClusterSecurity"
],
"effect": "allow",
"resource": [
"*"
]
}
],
"version": "2.0"
}
피드백