- Function Overview
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
- Clusters
- Workloads
- Network
- Storage
- O&M
- Namespaces
- ConfigMaps and Secrets
- Auto Scaling
- Add-ons
- Helm Chart
- Permissions
- Settings
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs
- Autopilot Cluster Management
- Add-on Management for Autopilot Clusters
-
Autopilot Cluster Upgrade
- Upgrading a Cluster
- Obtaining Cluster Upgrade Task Details
- Retrying a Cluster Upgrade Task
- Obtaining a List of Cluster Upgrade Task Details
- Performing a Pre-upgrade Check for a Cluster
- Obtaining Details About a Pre-upgrade Check Task of a Cluster
- Obtaining a List of Pre-upgrade Check Tasks of a Cluster
- Performing a Post-upgrade Check for a Cluster
- Backing Up a Cluster
- Obtaining a List of Cluster Backup Task Details
- Obtaining the Cluster Upgrade Information
- Obtaining a Cluster Upgrade Path
- Obtaining the Configuration of Cluster Upgrade Feature Gates
- Enabling the Cluster Upgrade Process Booting Task
- Obtaining a List of Upgrade Workflows
- Obtaining Details About a Specified Cluster Upgrade Booting Task
- Updating the Status of a Specified Cluster Upgrade Booting Task
- Quota Management for Autopilot Clusters
- Tag Management for Autopilot Clusters
-
Chart Management for Autopilot Clusters
- Uploading a Chart
- Obtaining a Chart List
- Obtaining a Release List
- Creating a Release
- Updating a Chart
- Deleting a Chart
- Updating a Release
- Obtaining a Chart
- Deleting a Release
- Obtaining a Release
- Downloading a Chart
- Obtaining Chart Values
- Obtaining Historical Records of a Release
- Obtaining the Quota of a User Chart
- Kubernetes APIs
- Permissions and Supported Actions
- Appendix
-
FAQs
- Billing
- Workloads
- Network Management
-
Storage
- Can PVs of the EVS Type in a CCE Autopilot Cluster Be Restored After They Are Deleted or Expire?
- What Can I Do If a Storage Volume Fails to Be Created?
- Can CCE Autopilot PVCs Detect Underlying Storage Faults?
- How Can I Delete the Underlying Storage If It Remains After a Dynamically Created PVC is Deleted?
- Permissions
- General Reference
Show all
Copied.
Can I Use kubectl If the Cluster Management Permissions Are Not Configured?
IAM authentication is not required for running kubectl commands. Therefore, you can run kubectl commands without configuring cluster management (IAM) permissions. The prerequisite is that the kubectl configuration file (kubeconfig) with the namespace permissions needs to be obtained. In the following scenarios, information leakage may occur during file transmission.
- Scenario 1
If an IAM user has been configured with the cluster management permissions and namespace permissions, downloads the kubeconfig authentication file and then deletes the cluster management permissions (reserving the namespace permissions), kubectl can still be used to perform operations on Kubernetes clusters. If you want to permanently delete the user's permissions, you must also delete the cluster management permissions and namespace permissions of the user.
- Scenario 2
An IAM user has certain cluster management and namespace permissions and downloads the kubeconfig authentication file. CCE Autopilot determines which Kubernetes resources can be accessed by kubectl based on the user information. Essentially, the user's authentication information is stored in kubeconfig, which can be used by anyone to access the cluster.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
