Product | Role Name | Role Types | Role Entity |
---|---|---|---|
Tencent Kubernetes Engine | TKE_QCSLinkedRoleInTDCC | Service-Related Roles | cvm.qcloud.com tdcc.tke.cloud.tencent.com |
Tencent Kubernetes Engine | TKE_QCSLinkedRoleInEKSLog | Service-Related Roles | cvm.qcloud.com ekslog.tke.cloud.tencent.com |
Tencent Kubernetes Engine | TKE_QCSLinkedRoleInEtcdService | Service-Related Roles | cvm.qcloud.com etcdservice.tke.cloud.tencent.com |
Tencent Kubernetes Engine | TKE_QCSLinkedRoleInEKSCostMaster | Service-Related Roles | cvm.qcloud.com ekscostmaster.tke.cloud.tencent.com |
Tencent Kubernetes Engine | TKE_QCSLinkedRoleInPrometheusService | Service-Related Roles | cvm.qcloud.com prometheusservice.tke.cloud.tencent.com |
Use Cases: The current role is the TKE service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cls:listTopic",
"cls:getTopic",
"cls:createTopic",
"cls:modifyTopic",
"cls:listMachineGroup",
"cls:getMachineGroup",
"cls:createMachineGroup",
"cls:modifyMachineGroup",
"cls:deleteMachineGroup",
"cls:getMachineStatus",
"cls:pushLog",
"cls:agentHeartBeat",
"cls:getConfig",
"cls:getIndex",
"cls:modifyIndex",
"cls:ApplyConfigToMachineGroup",
"cls:CreateConfig",
"cls:CreateIndex",
"cls:CreateLogset",
"cls:CreateMachineGroup",
"cls:CreateTopic",
"cls:DeleteConfig",
"cls:DeleteConfigFromMachineGroup",
"cls:DeleteLogset",
"cls:DeleteMachineGroup",
"cls:DeleteTopic",
"cls:DescribeConfigMachineGroups",
"cls:DescribeConfigs",
"cls:DescribeLogsets",
"cls:DescribeMachineGroupConfigs",
"cls:DescribeMachineGroups",
"cls:DescribeTopics",
"cls:ModifyConfig",
"cls:ModifyIndex",
"cls:ModifyMachineGroup",
"cls:ModifyTopic"
],
"resource": [
"*"
]
}
]
}
Use Cases: The current role is the TKE service role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cls:pushLog",
"cls:agentHeartBeat",
"cls:getConfig"
],
"resource": [
"*"
]
}
]
}
Use Cases: The current role is the TKE service role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"cos:DeleteBucket",
"cos:GetBucket",
"cos:PutBucket",
"cos:HeadBucket",
"cos:GetObject",
"cos:HeadObject",
"cos:PutObject",
"cos:DeleteObject",
"cos:DeleteMultipleObjects",
"cos:ListMultipartUploads",
"cos:AbortMultipartUpload"
]
}
]
}
Use Cases: The current role is the TKE service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"version": "2.0",
"statement": [
{
"action": [
"monitor:DescribeMidDimensionValueList",
"monitor:DescribeStatisticData",
"monitor:GetMonitorData"
],
"resource": "*",
"effect": "allow"
}
]
}
Use Cases: The current role is the TKE service role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
{
"statement": [
{
"action": [
"cos:DeleteBucket",
"cos:GetBucket",
"cos:PutBucket",
"cos:HeadBucket",
"cos:GetObject",
"cos:HeadObject",
"cos:PutObject",
"cos:DeleteObject",
"cos:DeleteMultipleObjects",
"cos:ListMultipartUploads",
"cos:AbortMultipartUpload",
"cos:AbortMultipartUpload",
"cos:ListMultipartUploads",
"monitor:DescribePrometheusInstances",
"monitor:DescribeRecordingRules",
"monitor:DescribeAlertRules",
"monitor:DescribeAlarmNotice",
"monitor:DescribeAlarmNotices",
"monitor:DescribeAlarmNoticeCallbacks",
"monitor:DescribeAlarmHistories",
"monitor:CreatePrometheusMultiTenantInstance",
"monitor:TerminatePrometheusInstances",
"monitor:ModifyPrometheusInstanceAttributes",
"monitor:CreateRecordingRule",
"monitor:DeleteRecordingRules",
"monitor:UpdateRecordingRule",
"monitor:CreateAlertRule",
"monitor:DeleteAlertRules",
"monitor:UpdateAlertRule",
"monitor:UpdateAlertRuleState",
"monitor:CreateAlarmNotice",
"monitor:DeleteAlarmNotices",
"monitor:ModifyAlarmNotice",
"monitor:ModifyAlarmPolicyNotice",
"monitor:CreateManagedEKSAgent",
"monitor:DescribeManagedEKSAgent",
"monitor:CreateAlertRuleReceiverNotRequired",
"monitor:UpdateAlertRuleReceiverNotRequired",
"monitor:DescribeExporterIntegrations",
"monitor:CreateExporterIntegration",
"monitor:UpdateExporterIntegration",
"monitor:DeleteExporterIntegration",
"monitor:CreateGrafanaInstance",
"monitor:CreatePrometheusMultiTenantInstancePostPayMode",
"monitor:BindPrometheusManagedGrafana",
"monitor:DescribeGrafanaInstances",
"tdcc:DescribeExternalClusters",
"tdcc:DescribeExternalClusterCredential",
"monitor:UpgradeGrafanaDashboard",
"monitor:UninstallGrafanaDashboard",
"monitor:DescribePrometheusAlertGroups",
"monitor:CreatePrometheusAlertGroup",
"monitor:UpdatePrometheusAlertGroup",
"monitor:DeletePrometheusAlertGroups",
"monitor:UpdatePrometheusAlertGroupState",
"tke:DescribeTKEEdgeExternalKubeconfig",
"tke:DescribeTKEEdgeClusterCredential",
"tke:DescribeTKEEdgeClusters",
"tke:DescribeClusters",
"tke:DescribeClusterSecurity"
],
"effect": "allow",
"resource": [
"*"
]
}
],
"version": "2.0"
}
Was this page helpful?