- 产品文档
- > 计算服务
- > 容器服务
- > 开发指南
- > 容器 OpenAPI
- > 子账号权限管理
子账号权限管理
可授权容器服务 Action 和对应资源
Deployment接口 Action
Action | Action描述 | 资源 |
---|---|---|
comb:ncs:CreateDeployment | 创建 Deployment | comb:ncs:${region}:*:Vpc/${VpcId}、comb:ncs:${region}:*:Subnet/${SubnetId}、comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${* }、comb:ncs:${region}:*:SecurityGroup/${securityGroupId}、 comb:ncs:${region}:*:Image/${Imagepath} |
comb:ncs:ModifyDeployment | 更新Deployment | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${DeploymentId}、comb:ncs:${region}:*:Image/${Imagepath} |
comb:ncs:ResetDeploymentSpecType | 更改Deployment实例规格(按量计费) | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${DeploymentId} |
comb:ncs:ModifyDeploymentReplicas | 更改Deployment副本数 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${DeploymentId} |
comb:ncs:RedeployDeployment | 重新部署Deployment | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${DeploymentId} |
comb:ncs:DescribeDeployments | 查询Deployment列表 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${ *} |
comb:ncs:DescribeDeploymentsAllNamespaces | 查询所有空间下Deployment列表 | comb:ncs:${region}:*:Namespace/${ *}、comb:ncs:${region}:*:Deployment/${ *} |
comb:ncs:DescribeDeploymentInfo | 查询Deployment详情 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${DeploymentId} |
comb:ncs:DescribeDeploymentInstances | 查询Deployment实例列表 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${DeploymentId} |
comb:ncs:DeleteDeployment | 删除Deployment实例 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${DeploymentId} |
comb:ncs:DescribeDeploymentReplicaSets | 查询Deployment的ReplicaSet列表 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${DeploymentId} |
EndPoint接口 Action
Action | Action描述 | 资源 |
---|---|---|
comb:ncs:CreateEndpoint | 创建EndPoint | comb:ncs:${region}:*:Endpoint/${* }、comb:ncs:${region}:*:Namespace/${NamespaceId} |
comb:ncs:DescribeEndpoints | 查询endpoint列表 | comb:ncs:${region}:*:Endpoint/${* }、comb:ncs:${region}:*:Namespace/${NamespaceId} |
comb:ncs:DescribeEndpointsAllNamespaces | 查询所有空间endpoint列表 | comb:ncs:${region}:*:Namespace/${* }、comb:ncs:${region}:*:Endpoint/${*} |
comb:ncs:DescribeEndpoint | 查询endpoint | comb:ncs:${region}:*:Endpoint/${EndpointId}、comb:ncs:${region}:*:Namespace/${NamespaceId} |
comb:ncs:DeleteEndpoint | 删除endpoint | comb:ncs:${region}:*:Endpoint/${EndpointId}、comb:ncs:${region}:*:Namespace/${NamespaceId} |
comb:ncs:ModifyEndpoint | 修改endpoint | comb:ncs:${region}:*:Endpoint/${EndpointId}、comb:ncs:${region}:*:Namespace/${NamespaceId} |
Namespace接口 Action
Action | Action描述 | 资源 |
---|---|---|
comb:ncs:CreateNamespace | 创建Namespace | comb:ncs:${region}:*:Namespace/${* } |
comb:ncs:DeleteNamespace | 删除Namespace | comb:ncs:${region}:*:Namespace/${NamespaceId} |
comb:ncs:DescribeNamespaces | 获取Namespace列表 | comb:ncs:${region}:*:Namespace/${*} |
Service接口 Action
Action | Action描述 | 资源 |
---|---|---|
comb:ncs:CreateService | 创建Service | comb:ncs:${region}:*:Vpc/${VpcId}、comb:ncs:${region}:*:Subnet/${SubnetId}、comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Service/${*} |
comb:ncs:DeleteService | 删除Service | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Service/${ServiceId} |
comb:ncs:DescribeServices | 查询service列表 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Service/${ *} |
comb:ncs:DescribeServicesAllNamespaces | 查询所有空间下服务列表 | comb:ncs:${region}:*:Namespace/${ *}、comb:ncs:${region}:*:Service/${ *} |
comb:ncs:DescribeServiceInfo | 查询服务详情 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Service/${ServiceId} |
comb:ncs:ModifyService | 修改服务 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Service/${ServiceId} |
comb:ncs:ListPods | 通过label查询pod | comb:ncs:${region}:*:Namespace/${NamespaceId} |
StatefulWorkload接口 Action
Action | Action描述 | 资源 |
---|---|---|
comb:ncs:CreateStatefulWorkload | 创建 StatefulWorkload | comb:ncs:${region}:*:Vpc/${VpcId}、comb:ncs:${region}:*:Subnet/${SubnetId}、comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:DataDisk/${DiskId}、comb:ncs:${region}:*:SecurityGroup/${securityGroupId}、comb:ncs:${region}:*:StatefulWorkload/${*}、 comb:ncs:${region}:*:Image/${Imagepath}、comb:ncs:${region}:*:SshKey/${SshKeyId} |
comb:ncs:RedeployStatefulWorkload | 重新部署有状态容器 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId} |
comb:ncs:RestartContainer | 有状态容器重启 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId}、 comb:ncs:${region}:*:Container/${ContainerId} |
comb:ncs:RestartStatefulWorkloadInstance | 强制重启有状态容器 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId} |
comb:ncs:DeleteStatefulWorkload | 删除 StatefulWorkload | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId} |
comb:ncs:ResetStatefulWorkloadSpecType | 更改有状态容器实例规格(按量计费) | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId} |
comb:ncs:DescribeStatefulWorkloads | 【有状态容器】【查询】指定空间下的负载列表 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${ *} |
comb:ncs:DescribeStatefulWorkloadsAllNamespaces | 【有状态容器】【查询】全部空间下的负载列表 | comb:ncs:${region}:*:Namespace/${ *}、comb:ncs:${region}:*:StatefulWorkload/${ *} |
comb:ncs:DescribeStatefulWorkloadInfo | 【有状态容器】【查询】信息详情 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId} |
comb:ncs:DescribeStatefulWorkloadInstances | 【有状态容器】【查询】实例详情 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId} |
comb:ncs:DescribeStatefulWorkloadImages | 【有状态容器】【查询】容器镜像列表 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId}、 comb:ncs:${region}:*:Image/${ *} |
comb:ncs:ModifyStatefulWorkload | 【有状态容器】【更新】定义 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId}、 comb:ncs:${region}:*:Image/${Imagepath}、comb:ncs:${region}:*:SshKey/${SshKeyId} |
comb:ncs:AssociateEipOfStatefulWorkload | 【有状态容器】【更新】绑定弹性公网IP | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId}、comb:ncs:${region}:*:Eip/${EipId} |
comb:ncs:UnAssociateEipOfStatefulWorkload | 【有状态容器】【更新】解绑弹性公网IP | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId}、comb:ncs:${region}:*:Eip/${EipId} |
ScheduledTask接口 Action
Action | Action描述 | 资源 |
---|---|---|
comb:ncs:CreateScheduledTask | 创建定时任务 | comb:ncs:${region}:*:Cluster/${ClusterId}、comb:ncs:${region}:*:Namespace/${NamespaceId}、 comb:ncs:${region}:*:Deployment/${DeploymentId}、comb:ncs:${region}:*:ScheduledTask/${* } |
comb:ncs:ModifyScheduledTask | 修改定时任务 | comb:ncs:${region}:*:Cluster/${ClusterId}、comb:ncs:${region}:*:Namespace/${NamespaceId}、 comb:ncs:${region}:*:Deployment/${DeploymentId}、comb:ncs:${region}:*:ScheduledTask/${ScheduledTaskId} |
comb:ncs:DescribeScheduledTasks | 查询定时任务列表 | comb:ncs:${region}:*:Cluster/${ClusterId}、comb:ncs:${region}:*:Namespace/${NamespaceId}、 comb:ncs:${region}:*:ScheduledTask/${* } |
comb:ncs:DeleteScheduledTask | 删除定时任务 | comb:ncs:${region}:*:ScheduledTask/${ScheduledTaskId} |
公共接口 Action
Action | Action描述 | 资源 |
---|---|---|
comb:ncs:DescribeQuota | 获取配额信息 | N/A |
comb:ncs:GetRecentOpLogs | 获取最近操作日志 | comb:ncs:${region}:*:Namespace/${NamespaceId}、comb:ncs:${region}:*:Deployment/${DeploymentId}、comb:ncs:${region}:*:StatefulWorkload/${StatefulWorkloadId} |
comb:ncs:DescribeResourceStats | 获取用户使用量接口 | comb:ncs:${region}:*:Cluster/${ClusterId} |
comb:ncs:DescribePlatformIps | 获取系统占用用户 VPC 资源列表 | comb:ncs:${region}:*:Cluster/${ClusterId}、comb:ncs:${region}:*:Vpc/${*}、comb:ncs:${region}:*:Subnet/${ *} |
comb:ncs:DescribeEvents | 获取容器事件接口 | comb:ncs:${region}:*:Namespace/${NamespaceFullName}、comb:ncs:${region}:*:Deployment/${DeploymentName}、comb:ncs:${region}:*:Pod/${PodName}、comb:ncs:${region}:*:ReplcaSet/${ReplcaSetName} |
容器接口 Action
Action | Action描述 | 资源 |
---|---|---|
comb:ncs:CreateImage | 容器保存为镜像 | comb:ncs:${region}:*:Container/${ContainerId}、comb:ncs:${region}:*:Repository/${RepositoryName} |
comb:ncs:GetDockerLogs | 查询容器日志 | comb:ncs:${region}:*:Pod/${PodId}、comb:ncs:${region}:*:Namespace/${NamespaceId}、 comb:ncs:${region}:*:Container/${ContainerName} |
策略管理
容器服务管理权限(NcsFullAccess)包括如下Action:
- comb:ncs:CreateDeployment
- comb:ncs:ModifyDeployment
- comb:ncs:ResetDeploymentSpecType
- comb:ncs:ModifyDeploymentReplicas
- comb:ncs:RedeployDeployment
- comb:ncs:DescribeDeployments
- comb:ncs:DescribeDeploymentsAllNamespaces
- comb:ncs:DescribeDeploymentInfo
- comb:ncs:DescribeDeploymentInstances
- comb:ncs:DeleteDeployment
- comb:ncs:DescribeDeploymentReplicaSets
- comb:ncs:CreateEndpoint
- comb:ncs:DescribeEndpoints
- comb:ncs:DescribeEndpointsAllNamespaces
- comb:ncs:DescribeEndpoint
- comb:ncs:DeleteEndpoint
- comb:ncs:ModifyEndpoint
- comb:ncs:CreateNamespace
- comb:ncs:DeleteNamespace
- comb:ncs:DescribeNamespaces
- comb:ncs:CreateService
- comb:ncs:DeleteService
- comb:ncs:DescribeServices
- comb:ncs:DescribeServicesAllNamespaces
- comb:ncs:DescribeServiceInfo
- comb:ncs:ModifyService
- comb:ncs:ListPods
- comb:ncs:CreateStatefulWorkload
- comb:ncs:RedeployStatefulWorkload
- comb:ncs:RestartContainer
- comb:ncs:RestartStatefulWorkloadInstance
- comb:ncs:DeleteStatefulWorkload
- comb:ncs:ResetStatefulWorkloadSpecType
- comb:ncs:DescribeStatefulWorkloads
- comb:ncs:DescribeStatefulWorkloadsAllNamespaces
- comb:ncs:DescribeStatefulWorkloadInfo
- comb:ncs:DescribeStatefulWorkloadInstances
- comb:ncs:DescribeStatefulWorkloadImages
- comb:ncs:ModifyStatefulWorkload
- comb:ncs:AssociateEipOfStatefulWorkload
- comb:ncs:UnAssociateEipOfStatefulWorkload
- comb:ncs:CreateScheduledTask
- comb:ncs:ModifyScheduledTask
- comb:ncs:DescribeScheduledTasks
- comb:ncs:DeleteScheduledTask
- comb:ncs:DescribeQuota
- comb:ncs:GetRecentOpLogs
- comb:ncs:DescribeResourceStats
- comb:ncs:DescribePlatformIps
- comb:ncs:DescribeEvents
- comb:ncs:CreateImage
- comb:ncs:GetDockerLogs
容器服务只读权限(NcsReadOnlyAccess)包括如下Action:
- comb:ncs:DescribeDeployments
- comb:ncs:DescribeDeploymentsAllNamespaces
- comb:ncs:DescribeDeploymentInfo
- comb:ncs:DescribeDeploymentInstances
- comb:ncs:DescribeDeploymentReplicaSets
- comb:ncs:DescribeEndpoints
- comb:ncs:DescribeEndpointsAllNamespaces
- comb:ncs:DescribeEndpoint
- comb:ncs:DescribeNamespaces
- comb:ncs:DescribeServices
- comb:ncs:DescribeServicesAllNamespaces
- comb:ncs:DescribeServiceInfo
- comb:ncs:ListPods
- comb:ncs:DescribeStatefulWorkloads
- comb:ncs:DescribeStatefulWorkloadsAllNamespaces
- comb:ncs:DescribeStatefulWorkloadInfo
- comb:ncs:DescribeStatefulWorkloadInstances
- comb:ncs:DescribeStatefulWorkloadImages
- comb:ncs:DescribeScheduledTasks
- comb:ncs:DescribeQuota
- comb:ncs:GetRecentOpLogs
- comb:ncs:DescribeResourceStats
- comb:ncs:DescribePlatformIps
- comb:ncs:DescribeEvents
- comb:ncs:GetDockerLogs
使用Ingress需配置负载均衡Ingress策略
- 负载均衡Ingress管理权限 (IngFullAccess)
- 负载均衡Ingress只读权限 (IngReadOnlyAccess)