tencent cloud

Feedback

Announcement on Authentication Upgrade of Some TKE APIs

Last updated: 2024-10-12 16:04:32
    To provide a more comprehensive authentication feature, Tencent Kubernetes Engine (TKE) plans to integrate Cloud Access Management (CAM) authentication for some APIs on October 16, 2024. If your sub-accounts still need access to the corresponding APIs, refer to Creating Custom Policies via Policy Generator; otherwise, your sub-accounts will not be able to access the corresponding APIs. Thank you for your trust and support for Tencent Cloud. If you encounter any problems while using our cloud products, please contact us.

    Common Authorization Methods

    Method 1: Creating a Custom Policy

    Implementation Method

    Create policies for different sub-accounts by following the principle of least privilege and bind them to sub-users.

    Applicable Scenario

    Strict permission control is required, and the operation scope of each sub-user needs to be refined as needed.

    Directions

    1. On the Policy page in the CAM console, click Create Custom Policy in the upper left corner.
    2. In the pop-up Select Creation Method window, click Create by Policy Syntax to enter the Select Policy Template page.
    3. On the Select Policy Template page, you can enter keywords to search. For example, if the template type is set to All Templates, you can enter the keyword 'a' to select the AdministratorAccess template.
    4. Click Next to enter the Edit Policy page.
    5. On the Edit Policy page, confirm the policy name and content, and then click Complete to finish creating a custom policy by policy syntax. The default policy name and content are automatically generated by the console. The default policy name is policygen, with a suffix number generated according to the creation date.
    6. On the Policy page in the CAM console, locate the created policy and click Associate Users/Groups/Roles in the Operation column.
    7. In the Associate Users/User Groups/Roles window, select the user, user group, or role you want to associate and click Confirm to complete the association.

    Method 2: Binding a Preset Policy

    Implementation Method

    Bind the QcloudTKEInnerFullAccess preset policy, which contains all TKE API operation permissions, to sub-accounts.

    Applicable Scenario

    Business personnel have operation permissions for all feature modules.

    Directions

    1. On the Policy page in the CAM console, select the policy type TKE, locate QcloudTKEInnerFullAccess, and click Associate Users/Groups/Roles in the Operation column.
    2. In the Associate Users/User Groups/Roles window, select the user, user group, or role you want to associate and click Confirm to complete the association.

    List of APIs with Added Authentication

    API Name
    Description
    DescribeInstancesVersion
    Queries versions of worker nodes
    ModifyClusterNodePool
    Edits a node pool
    DescribeInstanceTypesForDirectENI
    Queries the models available in independent ENI mode
    DescribeClusterStatus
    Queries the cluster status list
    DescribeClusterVirtualNodePools
    Queries the list of virtual node pools
    DescribeClusterVirtualNode
    Queries the list of virtual nodes
    GetPodSecurityGroups
    Queries Pod security groups
    GetPodById
    Queries Pod information
    DescribeNodePools
    Queries the list of TKE node pools
    DescribeSuperNodes
    Queries the list of super nodes
    DescribeRegions
    Queries the list of regions
    DescribeMachineConfiguration
    Queries machine configuration information
    DescribeVpcCniPodLimits
    Queries the maximum number of Pods in the VPC-CNI mode supported by a model
    DescribeClusterSecurityGroup
    Queries cluster security group information
    DescribeClusterSchedulerPolicy
    Queries cluster scheduling policies
    DescribeFlowIdStatus
    Queries the status of enabling port flow in a cluster
    DescribeClusterAvailableExtraArgs
    Queries available custom parameters for a cluster
    DescribeEksAlarmSetting
    Queries whether monitoring and alarms are set in the cluster list
    DescribeClusterRoutes
    Queries cluster routes
    DescribeClusterRouteTables
    Queries cluster routing tables
    GetPods
    Queries information of all Pods within a cluster
    DescribeClusterResourceLabels
    Queries the list of cluster resource tags
    DescribeClusterExtraArgs
    Queries custom parameters for a cluster
    DescribeClusterCIDRs
    Queries the Classless Inter-Domain Routing (CIDR) used under the cluster VPC
    DescribeHealthCheckTemplate
    Queries health check policy templates
    DescribeClusterNodePools
    Queries the node pool list
    DescribeClusterNodePoolDetail
    Queries detailed information of a node pool
    DescribeImageRegistryCredentials
    Queries image repository credentials
    DescribeImageCaches
    Queries image cache information
    DescribeOldStaticIPSubnets
    Queries the list of subnets exclusive to legacy fixed IP clusters
    DescribeEnableVpcCniProgress
    Queries the async task progress of enabling VPC-CNI mode
    DescribeAvailableInstanceConfigInfo
    Queries available model information
    GetZoneResource
    Queries availability zone resources
    DescribeMetaFeatureProgress
    Queries the progress of enabling cross-tenant features
    DescribeRouteTableConflicts
    Queries the list of routing table conflicts
    DescribeBatchModifyTagsStatus
    Queries the status of modifying tags in batches
    GetMostSuitableImageCache
    Queries the matching image cache
    DescribeLogSwitches
    Queries log switches
    DescribeEKSContainerInstanceEvent
    Queries container instance events
    DescribeEksContainerInstanceLog
    Queries container instance logs
    DescribeContainerLog
    Queries container logs in a container group
    DescribeExistedInstances
    Queries whether existing nodes can be added to a cluster
    DescribeProductVersions
    Queries the list of application product versions
    DescribeProductVersionDetails
    Queries details of application product versions
    DescribeProducts
    Queries the list of application products
    DescribeRIPodDetail
    Queries reserved coupons and Pod quantity
    DescribeZoneInstanceConfigInfos
    Queries model configurations of native nodes
    DescribeClusterMachines
    Queries the native node list
    DescribeCcnRoutes
    Queries Cloud Connect Network (CCN) routes
    DescribeCcnInstances
    Queries CCN instances
    DescribeZoneDiskQuota
    Queries cloud disk quotas in each availability zone
    GetAccountType
    Queries account types
    GetPodSpecQuota
    Queries quotas for specified Pod specifications
    DescribeClusterControllers
    Queries Kubernetes controller status
    DescribeMasterLog
    Queries primary log switch information
    GetPodChargeInfo
    Queries the billing information of a Pod
    CheckPodRetain
    Queries whether a Pod is retained
    GetPod
    Queries Pod information
    RunClusterInspections
    Triggers cluster inspection
    CreateUpdateNodeUnit
    Creates or updates a NodeUnit
    CreateCluster
    Creates a cluster
    CreateClusterRoute
    Creates cluster routes
    CreateClusterRouteTable
    Creates a cluster routing table
    CreateClusterAsGroup
    Creates a cluster scaling group
    CreateClusterNodePool
    Creates a node pool
    CreateImageRegistryCredential
    Creates image repository credentials
    CreateImageCache
    Creates an image cache
    CreateCLSLogConfig
    Creates log collection rules
    CreateClusterVirtualNode
    Creates a virtual node
    CreateClusterVirtualNodePool
    Creates a virtual node pool
    SwitchParameterCreateNativeNode
    Creates native node pool parameter conversion
    CreatePod
    Creates a Pod
    UninstallLogAgent
    Uninstalls the Cloud Log Service (CLS) log collection component from a TKE cluster
    AddClusterCIDR
    Adds ClusterCIDR to a cluster
    ModifyClusterInspection
    Updates cluster inspection configurations
    UpdateImageRegistryCredential
    Updates image repository credentials
    UpdateImageCache
    Updates image cache
    DisableVpcCniNetworkType
    Disables additional VPC-CNI network capabilities
    DisableMasterLog
    Disables primary log collection
    StopEks
    Shuts down
    DescribeClusterInspectionOverviews
    Queries the cluster health check list
    DescribeClusterInspectionReport
    Queries cluster inspection report details
    GetUpgradeInstanceProgress
    Obtains the current progress of node upgrade
    GetPodSpecification
    Obtains Pod specifications
    DescribeClusterCreateProgress
    Queries the cluster creation progress
    DescribeClusterMetricsData
    Queries the monitoring data of a cluster
    DescribeClusterResourceDetails
    Queries detailed information of the resources corresponding to a cluster
    DescribeClusterEndpoints
    Queries cluster access addresses
    DescribeClusterLevelAttribute
    Queries the cluster scale
    DescribeClusterStaticInstaller
    Queries the static installation scripts of a cluster node
    DescribeClusterInstanceIds
    Queries the cluster node ID list
    GetQuota
    Obtains the quota for creating Pods in a cluster
    DescribeAvailableClusterVersion
    Queries all versions that a cluster can upgrade to
    DescribeClustersResourceStatus
    Queries the resource status within a cluster
    DescribeClusterNamespaces
    Queries the namespace list of a cluster
    ListExpiredClusterAuth
    Obtains expired permission information within a cluster
    DescribeQuota
    Queries the cluster quota
    DescribeClusterPods
    Queries the container list of a cluster
    DescribeClusterMasterDiff
    Queries the differences between control plane components before and after cluster upgrade
    DescribeClusterAuthorizationMode
    Queries the cluster authorization mode
    GetTkeAppUpgradeInfo
    Obtains the upgrade information of components under a cluster
    ListClusterCertificates
    Obtains the cluster certificate list
    DescribeClusterCommonNames
    Queries the CommomNames for sub-accounts to access a cluster
    DescribeClusterServices
    Queries the cluster service list
    DescribeInstanceCreateProgress
    Queries the node creation progress
    DescribeSpotPodDetail
    Queries the spot Pod details
    DescribeImages
    Queries image information
    DescribeOSImageId
    Queries the image ID
    DescribeEdgeRegion
    Queries the region list
    DescribeClusterGlobalStatistics
    Queries the number of clusters in all regions
    DescribeNodeParamUpdateProcess
    Queries the parameters for rolling updates of native nodes
    GetSubnetVip
    Obtains the reserved VIP within a subnet
    GetSubnetResource
    Obtains subnet resources
    DescribeECMInstances
    Queries the Edge Computing Machine (ECM) instance information
    DescribeIPAMD
    Queries information about eniipamd components
    DescribeGPUInfo
    Queries GPU information
    DescribeNodeGroup
    Queries NodeGroup information
    DescribeNodeUnit
    Queries NodeUnit information
    DescribeOSImages
    Queries OS aggregation information
    ListEKSPods
    Obtains detailed Pod information
    DescribeClusterKubeconfig
    Queries the cluster kubeconfig file
    GetTkeAppChartList
    Obtains the list of applications supported by TKE
    GetTkeAppDiff
    Obtains Diff information for TKEApp
    DescribeTKEEdgeAppChartList
    Queries the list of applications supported by TKEEdge
    DescribeSupportedRuntime
    Queries available runtime versions based on Kubernetes versions
    DescribeVersions
    Queries cluster version information
    CreateClusterRelease
    Creates applications for a cluster
    DescribeClusterHealthyStatus
    Queries cluster health status
    UpgradeClusterInstances
    Upgrades cluster nodes
    DescribeUpgradeClusterProgress
    Queries cluster upgrade progress
    ModifyClusterUpgradingState
    Modifies cluster upgrade status
    DescribeClusterAuthStatus
    Queries whether a cluster automatically cleans up expired sub-accounts
    DescribeClusterInspections
    Queries cluster inspection overview
    CheckClusterRuntimeConfig
    Checks cluster runtime configurations
    EnableMetaFeature
    Enables cluster meta features
    CheckClusterCIDR
    Checks cluster CIDR for conflicts
    CheckClusterHostName
    Checks hostnames of cluster nodes
    CheckClusterImage
    Checks whether an image can be set as a cluster image
    CheckUseTKE
    Checks whether you are a new TKE user
    CheckMigrateVm
    Checks instance routing
    AddNodeToNodePool
    Moves nodes in a cluster to a node pool
    SetNodePoolNodeProtection
    Enables removal protection for the nodes in a node pool
    OpUpgradeClusterInstances
    Controls the node upgrade task status
    CheckInstancesUpgradeAble
    Checks whether the nodes can be upgraded
    UpdateClusterAuthStatus
    Enables or disables automatic cleanup of expired sub-accounts for a cluster
    EnableMasterLog
    Enables primary log collection
    EnableVpcCniNetworkType
    Enables the VPC-CNI network mode
    RotateClusterToken
    Rotates cluster static tokens
    DescribeClusterRuntimeVersion
    Queries cluster runtime version information
    DrainClusterVirtualNode
    Drains a virtual node
    DeleteClusterInstances
    Deletes nodes from a cluster
    DeleteClusterRoute
    Deletes a cluster route
    DeleteClusterRouteTable
    Deletes a cluster routing table
    DeleteEKSNode
    Deletes a node
    DeleteClusterNodePool
    Deletes a node pool
    DeleteImageRegistryCredentials
    Deletes image repository credentials
    DeleteImageCaches
    Deletes image caches
    DeleteClusterVirtualNode
    Deletes a virtual node
    DeleteClusterVirtualNodePool
    Deletes a virtual node pool
    DeleteRetainPod
    Deletes a reserved Pod
    DeleteNodeUnit
    Deletes a NodeUnit
    DeletePod
    Deletes a Pod
    UpdateClusterVersion
    Upgrades a cluster
    UpgradeLogAgent
    Upgrades a log component
    UpgradeClusterRelease
    Upgrades an application
    GrantCodingClusterRoleBinding
    Authorizes Coding service role permissions
    InquirePriceRefundNativeNode
    Inquires about refund for native nodes
    ValidateClusterAddVirtualNodeConditions
    Verifies the conditions for adding virtual nodes to a cluster
    CheckComponentVersion
    Verifies the cluster component versions
    CheckSubaccountAuthority
    Verifies sub-account permissions
    ModifyPodSecurityGroups
    Modifies Pod security groups
    ModifySuperNodeTag
    Modifies the tag of a super node
    ModifyExternalNodePool
    Modifies the third-party node pool
    ModifyClusterTags
    Modifies cluster tags
    ModifyClusterImage
    Modifies a cluster image
    ModifyNodePoolInstanceTypes
    Modifies the model of instances in a node pool
    ModifyNodePoolDesiredCapacityAboutAsg
    Modifies the expected number of instances for the scaling group associated with a node pool
    ModifyClusterVirtualNodePool
    Modifies a virtual node pool
    ModifyReservedInstanceName
    Modifies the name of a reserved coupon
    SwitchParameterRenewNativeNode
    Converts parameters for renewing native node pools
    InquirePriceRenewNativeNode
    Inquires about renewal for native nodes
    ClearExpiredClusterAuth
    Cleans up expired permission information within a cluster with one click
    RemoveNodeFromNodePool
    Removes a node from a node pool
    InstallLogAgent
    Installs the CLS log collection component in a TKE cluster
    AddVpcCniSubnets
    Adds cluster subnets
    DescribeAggregationData
    Queries aggregated data
    ListHousekeeperRegion
    Queries the Housekeeper region list
    InquirePriceHousekeeper
    Inquires about Housekeeper
    GetPrice
    Inquires about TKE Serverless
    DisableEksEventPersistence
    Disables the event persistence feature for a TKE Serverless cluster
    EnableEksEventPersistence
    Enables the event persistence feature for a TKE Serverless cluster
    EnableMetaFeatureForEks
    Enables the cross-tenant ENI for a TKE Serverless cluster
    UpdateMetaFeatureForEks
    Updates cross-tenant ENI configurations for a TKE Serverless cluster
    UpdateMetaFeature
    Updates cross-tenant ENI global configurations for a TKE Serverless cluster
    AttachEKSDisks
    Binds TKE Serverless cloud disks
    DescribeEKSDisks
    Queries the TKE Serverless cloud disk list
    QueryEKSDiskTask
    Queries TKE Serverless cloud disk tasks
    GetEksClusterUsed
    Queries elastic cluster quotas and the number of created clusters
    DescribeEKSClusterStatus
    Queries the elastic container cluster status
    DescribeEKSInstances
    Queries elastic container instances
    ListEKSZone
    Queries available availability zones for TKE Serverless in the corresponding region
    DescribeEksMetaFeatureProgress
    Queries the cross-tenant ENI enabling status for a TKE Serverless cluster
    DescribeEksLogSwitches
    Queries log switch information of a TKE Serverless cluster
    GetEKSClusterResources
    Queries TKE Serverless cluster resources
    ListEKSRegion
    Queries available regions for TKE Serverless
    CreateEKSDisk
    Creates a TKE Serverless CBS disk
    CreateEKSInstances
    Creates elastic container instances
    CreateEksLogConfig
    Creates log collection rules for a TKE Serverless cluster
    UpdateEKSClusterKubeconfig
    Updates kubeconfig information for a TKE Serverless cluster
    DisableEksAudit
    Disables elastic cluster audit
    DescribeEKSClusterCredential
    Queries authentication information of a TKE Serverless cluster
    DescribeEKSClusterAuthorizationMode
    Queries the authorization mode of a TKE Serverless cluster
    GetEKSAppUpgradeInfo
    Obtains component upgrade information under a TKE Serverless cluster
    ListEKSClusterCertificates
    Obtains the certificate list of a TKE Serverless cluster
    DescribeEKSClusterCommonNames
    Queries the CommomNames for sub-accounts to access a TKE Serverless cluster
    GetEksSpecs
    Obtains all supported specifications for TKE Serverless
    ListEKSK8SVersion
    Obtains supported Kubernetes versions for TKE Serverless
    GetEksAppDiff
    Obtains Diff information for TKE ServerlessApp
    ActivateEKSCluster
    Activates an elastic cluster
    CheckEksClusterCIDR
    Checks elastic cluster CIDR for conflicts
    CheckUseEks
    Checks whether a user is using elastic container service
    DetachEKSDisks
    Unbinds TKE Serverless cloud disks
    EnableEksAudit
    Enables elastic cluster audit
    DrainEksNode
    Drains a node from an elastic cluster
    DeleteEKSDisk
    Deletes a TKE Serverless cloud disk
    DeleteEKSCluster
    Deletes an elastic cluster
    DeleteEKSInstances
    Deletes elastic container instances
    DeletePodsById
    Deletes a TKE Serverless Pod
    UpgradeEKSClusterAuthorizationMode
    Upgrades the TKE Serverless cluster authorization mode to RBAC
    NotifyResult
    Notifies of TKE Serverless operation result
    UninstallEksLogAgent
    Uninstalls the log collection component in an elastic cluster
    UpdateEKSCluster
    Modifies elastic cluster TKE Serverless
    InstallEksLogAgent
    Installs the CLS log collection component in an elastic cluster
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support