Manage Permissions

When multiple users access a Kubernetes cluster, you can assign permissions for specific APIs or namespaces to define access scopes. You can apply Kubernetes’ role-based access control (RBAC) feature to set permissions for each cluster or namespace. You can create and manage ClusterRoles, ClusterRoleBindings, Roles, and RoleBindings.

Managing Cluster Roles

You can set and manage access permissions at the cluster level. You can also set permissions for APIs or resources that are not limited to a namespace.

Create ClusterRole

To create a cluster role, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Cluster Role under the Permissions menu. 2. Go to the Cluster role list page.
3. On the Cluster Role List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check detailed information of the cluster role

To view detailed information about the cluster role, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Cluster Role under the Permissions menu. 2. Go to the Cluster role list page.
3. Cluster role list page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. ClusterRole list page, select the item you want to view detailed information for. 4. Navigate to the Cluster role details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete ClusterRole	Delete the ClusterRole
   Detailed Information	View detailed information of the cluster role
   YAML	The resource file of the ClusterRole can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred within the cluster role
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the metadata information of the ClusterRole
   Policy Rule Information	View the policy rule information of a ClusterRole Resources: List of resources to which the rule applies Non-Resource URLs: Non-Resource URLs are the set of partial URLs that a user needs to access * is allowed, but only as the final segment of the entire path Non-resource URLs are not namespaced, so this field can only be used in a ClusterRole referenced by a ClusterRoleBinding A rule can apply to an API resource (e.g., “pods” or “secrets”) or a non-resource URL path (e.g., “/api”), but not to both ResourceNames: ResourceNames is an optional whitelist of names that the rule applies to. An empty set means everything is allowed Verbs: Verbs are the API actions used in resource requests such as get, list, create, update, patch, watch, delete, deletecollection For more information, see the Kubernetes official documentation > API Verbs

   Table. Cluster role detailed information items

Delete cluster role

To delete the cluster role, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Cluster Role under the Permissions menu. 2. Navigate to the Cluster Role List page.
3. On the Cluster role list page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the items you want to delete on the Cluster role list page. 4. Navigate to the Cluster role details page.
5. On the Cluster role details page, click Delete cluster role.
6. When the notification confirmation window appears, click the Confirm button.

Managing ClusterRoleBinding

You can create and manage a cluster role binding by linking a cluster role with a specific target.

Create ClusterRoleBinding

To create a ClusterRoleBinding, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. 2. Navigate to the ClusterRoleBinding List page.
3. ClusterRoleBinding List on the page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

View detailed information of ClusterRoleBinding

To view detailed information about the cluster role binding, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. 2. Navigate to the Cluster Role Binding List page.
3. On the ClusterRoleBinding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view details for on the Cluster Role Binding List page. 4. Navigate to the Cluster Role Binding Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete ClusterRoleBinding	Delete the cluster role binding
   Detailed Information	View detailed information of the ClusterRoleBinding
   YAML	The resource file of the cluster role binding can be edited in the YAML editor Edit button to click and after modifying the resource, click the Done button to apply the changes When editing content, click the Diff button to view the changed content
   event	Check the events that occurred within the ClusterRoleBinding
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the metadata information of the ClusterRoleBinding
   Role/Target Information	Check the role and target information of the ClusterRole

   Table. Cluster Role Binding detailed information items

Delete ClusterRoleBinding

To delete a ClusterRoleBinding, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. 2. Go to the Cluster Role Binding List page.
3. ClusterRoleBinding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the Cluster Role Binding List page. 4. Navigate to the Cluster Role Binding Details page.
5. On the Cluster Role Binding Details page, click Delete Cluster Role Binding.
6. When the notification confirmation window appears, click the Confirm button.

Manage roles

A role is a rule that specifies permissions for a specific API or resource. You can create and manage permissions that allow access only to the namespace to which the role belongs.

Create role

To create a role, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role under the Permissions menu. 2. Go to the Roll List page.
3. Roles page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check roll detailed information

To view detailed roll information, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role under the Permissions menu. 2. Go to the Role List page.
3. On the Roles List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Roll List page. 4. Roll Details navigate to the page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete Role	Delete the role
   Detailed Information	View detailed information of the roll
   YAML	The resource files of Roll can be edited in a YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred within the roll
   Account information	Check basic information about the Account, such as name, location, and creation date and time.
   Metadata Information	Check the roll’s metadata information
   Policy Rule Information	View Role policy rule information Resources: List of resources to which the rule applies Non-Resource URLs: Non-Resource URLs are the set of partial URLs that a user may access * is allowed, but only as the final segment of the path Non-resource URLs are not namespaced, so this field can only be used in a ClusterRole referenced by a ClusterRoleBinding A rule can apply to an API resource (e.g., “pods” or “secrets”) or a non-resource URL path (e.g., “/api”), but not both Resource Names: Resource names are an optional whitelist of names the rule applies to; an empty set means all are allowed Verbs: Verbs are the API actions used in resource requests such as get, list, create, update, patch, watch, delete, deletecollection For more details, see the Kubernetes official documentation > API Verbs

   Table. Role detailed information items

Delete role

To delete the role, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role under the Permissions menu. 2. Navigate to the Role List page.
3. Role List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. On the Roll List page, select the item you want to delete. 4. Roll Details page will be opened.
5. On the Roll Details page, click Delete Roll.
6. When the notification confirmation window appears, click the Confirm button.

Managing Role Bindings

You can create and manage role bindings by linking a role to a specific subject.

Create RoleBinding

To create a role binding, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role Binding under the Permissions menu. 2. Navigate to the Roll Binding List page.
3. On the Roll Binding List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

View detailed role binding information

To view detailed roll binding information, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role Binding under the Permissions menu. 2. Go to the Roll Binding List page.
3. Roll Binding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Roll Binding List page, select the item you want to view detailed information for. 4. Navigate to the Roll Binding Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries are displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete roll binding	Delete roll binding
   Detailed Information	View detailed information of roll binding
   YAML	The resource file of RollBinding can be edited in a YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changes
   event	Check events that occurred within roll binding
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the metadata information of roll binding
   Role/Target Information	Check the role’s responsibilities and target information

   Table. Role binding detailed information items

Delete Role Binding

To delete the roll binding, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role Binding under the Permissions menu. 2. Go to the Roll Binding List page.
3. Roll Binding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the Roll Binding List page. 4. Navigate to the Roll Binding Details page.
5. On the Roll Binding Details page, click Delete Roll Binding.
6. When the notification dialog appears, click the Confirm button.