Permissions
In order to use ack-ram-tool normally, you need to grant the necessary RAM permissions and RBAC permissions for the Alibaba Cloud RAM user or RAM role that uses this tool. The minimum permission information required for each subcommand is shown in the following table:
| Command | RAM Permissoins | RBAC Permissions |
|---|---|---|
rrsa status | cs:DescribeClusterDetail | |
rrsa enable | cs:DescribeClusterDetail cs:ModifyCluster cs:DescribeClusterLogs | |
rrsa associate-role | cs:DescribeClusterDetail ram:GetRole ram:CreateRole ram:UpdateRole | |
rrsa install-helper-addon | cs:DescribeClusterDetail cs:DescribeClusterAddonsVersion cs:InstallClusterAddons | |
rrsa assumerole | ||
rrsa disable | cs:DescribeClusterDetail cs:ModifyCluster cs:DescribeClusterLogs | |
rrsa setup-addon | cs:DescribeClusterDetail ram:GetRole ram:CreateRole ram:UpdateRole ram:CreatePolicy ram:ListPoliciesForRole ram:AttachPolicyToRole | |
rrsa demo | ||
credential-plugin get-kubeconfig | cs:DescribeClusterUserKubeconfig | |
credential-plugin get-credential | cs:DescribeClusterUserKubeconfig | |
credential-plugin get-token | ||
export-credentials |