腾讯云容器服务授权腾讯云售后运维排障同尘科技

默认情况下腾讯云无法登录集群进行问题排障，如果您需要腾讯云售后协助进行运维排障，请参考以下步骤授予腾讯云运维权限。您有权随时吊销回收授予腾讯云的运维排障权限。

通过控制台授予腾讯云权限

1. 登录 容器服务控制台。2. 在集群管理中选择需要腾讯云协助的集群。3. 在集群详情页，选择授权管理 > 授权腾讯云运维。4. 在集群RBAC设置中，选择赋予腾讯云的操作权限。如下图所示：

5. 设置完成后，您可在 我的工单 中查看问题处理进度。注意默认情况下腾讯云无法登录集群进行问题排障，如果您需要腾讯云售后协助进行运维排障，您可以授予腾讯云指定的运维权限，同时您有权随时吊销回收授予腾讯云的运维排障权限。
您可以通过删除相关资源(ClusterRoleBinding/tkeopsaccount-ClusterRole、ServiceAccount/tkeopsaccount、Sercet/tkeopsaccount-token-xxxx)吊销腾讯云运维权限。

通过 Kubernetes API 授予腾讯云权限

您可以通过创建以下 Kubernetes 资源授予腾讯云指定权限。

ServiceAccount 授予腾讯云访问集群凭证

kind: ServiceAccountapiVersion: v1metadata:  name: tkeopsaccount  namespace: kube-system  labels:    cloud.tencent.com/tke-ops-account: tkeops

ClusterRoleBinding/RoleBing 授予腾讯云的操作权限规则

说明1. 名称和 label 需按如下规则创建。2. roleRef 可替换为您期望授权腾讯云的权限。

apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  annotations:    cloud.tencent.com/tke-ops-account: tkeops  labels:    cloud.tencent.com/tke-ops-account: tkeops  name: tkeopsaccount-ClusterRoleroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: tke:adminsubjects:- kind: ServiceAccount  name: tkeopsaccount  namespace: kube-system

（可选）ClusterRole/Role 授予腾讯云的操作权限

如集群内有相关 ClusterRole/Role 可直接使用 ClusterRoleBinding/RoleBinding 关联。通过控制台授权，将自动创建策略，无需单独创建。管理员权限只读权限

apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRolemetadata:  labels:    cloud.tencent.com/tke-rbac-generated: "true"  name: tke:adminrules:- apiGroups:  - '*'  resources:  - '*'  verbs:  - '*'- nonResourceURLs:  - '*'  verbs:  - '*'

apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRolemetadata:  labels:    cloud.tencent.com/tke-rbac-generated: "true"  name: tke:rorules:- apiGroups:  - ""  resources:  - pods  - pods/attach  - pods/exec  - pods/portforward  - pods/proxy  verbs:  - get  - list  - watch- apiGroups:  - ""  resources:  - configmaps  - endpoints  - persistentvolumeclaims  - replicationcontrollers  - replicationcontrollers/scale  - secrets  - serviceaccounts  - services  - services/proxy  verbs:  - get  - list  - watch- apiGroups:  - ""  resources:  - nodes  - persistentvolumes  verbs:  - get  - list  - watch- apiGroups:  - ""  resources:  - events  - replicationcontrollers/status  - pods/log  - pods/status  - componentstatuses  verbs:  - get  - list  - watch- apiGroups:  - apps  resources:  - daemonsets  - deployments  - deployments/rollback  - deployments/scale  - replicasets  - replicasets/scale  - statefulsets  verbs:  - get  - list  - watch- apiGroups:  - autoscaling  resources:  - horizontalpodautoscalers  verbs:  - get  - list  - watch- apiGroups:  - storage.k8s.io  resources:  - storageclasses  verbs:  - get  - list  - watch- apiGroups:  - batch  resources:  - cronjobs  - jobs  verbs:  - get  - list  - watch- apiGroups:  - extensions  - networking.k8s.io  resources:  - daemonsets  - deployments  - deployments/rollback  - deployments/scale  - ingresses  - replicasets  - replicasets/scale  - replicationcontrollers/scale  verbs:  - get  - list  - watch- apiGroups:  - servicecatalog.k8s.io  resources:  - clusterserviceclasses  - clusterserviceplans  - clusterservicebrokers  - serviceinstances  - servicebindings  verbs:  - get  - list  - watch- apiGroups:  - policy  resources:  - poddisruptionbudgets  verbs:  - get  - list- apiGroups:  - networking.istio.io  - config.istio.io  - rbac.istio.io  - authentication.istio.io  - security.istio.io  - install.istio.io  resources:  - '*'  verbs:  - get  - list  - watch- apiGroups:  - apiextensions.k8s.io  resources:  - customresourcedefinitions  verbs:  - get  - list  - watch- apiGroups:  - networking.tke.cloud.tencent.com  resources:  - '*'  verbs:  - get  - list  - watch- apiGroups:  - cloud.tencent.com  resources:  - '*'  verbs:  - get  - list  - watch- apiGroups:  - ccs.cloud.tencent.com  resources:  - '*'  verbs:  - get  - list  - watch- apiGroups:  - cls.cloud.tencent.com  resources:  - '*'  verbs:  - get  - list  - watch



容器服务官网1折活动，限时活动，即将结束，速速收藏
同尘科技为腾讯云授权服务中心。
购买腾讯云产品享受折上折，更有现金返利。同意关联立享优惠