GKE群集上的权限 [英] Permissions on GKE cluster
问题描述
在Google Cloud Platform Console中创建标准GKE集群后,我单击该集群并查看集群的设置即权限"设置,如下所示:
我不了解的是,我相信我对其中的许多服务都允许API访问,那么为什么只有云平台"显示为已启用"?这是在创建集群时启用的功能吗?!
选择编辑"时,您无法从此处启用"这些服务...,那么这些权限究竟是什么?
将使用在高级编辑"选项卡的访问范围"部分中设置的权限创建GKE群集.因此,只有本节中启用了访问的API才会显示为已启用. 这些权限表示授予节点池中的VM的API访问权限的类型和级别.范围通知您的群集节点整体将具有对特定GCP服务的访问级别.有关访问范围的更多信息,请参见此链接. /p>
在创建Kubernetes集群"的选项卡中,单击高级编辑".然后,您将看到另一个名为编辑节点池"的选项卡,其中带有更多选项.如果单击设置每个API的访问权限",则会看到用于设置这些权限的选项.
权限"是在创建集群时定义的.创建后,您不能直接在集群上对其进行编辑.您可能想要创建具有适当权限的新群集,或者使用所需的新作用域创建新的节点池,然后按照此 解决方案
The GKE cluster will be created with the permissions that is set on the 'Access scopes' section in the 'Advanced edit' tab. So only the APIs with the access enabled in this section will be shown as enabled. These permissions denote the type and level of API access granted to the VM in the node pool. Scopes inform the access level your cluster nodes will have to specific GCP services as a whole. Please see this link for more information about accesss scopes.
In the tab of 'Create a Kubernetes cluster', click 'Advanced edit'. Then you will see another tab called 'Edit node pool' pops up with more options. If you click 'Set access for each API', you will see the option to set these permissions.
'Permissions' are defined when the cluster is created. You can not edit it directly on the cluster after the creation. You may want to create a new cluster with appropriate permissions or create a new Node Pool with the new scopes you need and then delete your old 'default' Node Pool as specified in this link .
这篇关于GKE群集上的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
