Help Center/ Cloud Container Engine/ FAQs/ Storage/ What Should I Do If a Yearly/Monthly EVS Disk Cannot Be Automatically Created?
Updated on 2024-09-04 GMT+08:00

What Should I Do If a Yearly/Monthly EVS Disk Cannot Be Automatically Created?

Symptom

When creating a yearly/monthly EVS disk, the payment permission cannot be added to cce_cluster_agency.

To dynamically create yearly/monthly EVS disks, your cluster version must be v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later. Additionally, you will need to have the Everest add-on 2.4.16 or later installed in the cluster.

Possible Causes

cce_cluster_agency is the system agency of CCE. It contains the cloud service resource operation permissions required by CCE components, but does not include the payment permission. For details, see System Entrustment Description. When creating yearly/monthly EVS disks, cce_cluster_agency must have the payment permissions, so you must manually add the bss:order:pay permission to cce_cluster_agency.

Solution

You can create a custom policy, add the bss:order:pay permission to it, and grant the policy to cce_cluster_agency.

  1. Create a custom policy.

    1. Log in to the IAM console. In the navigation pane, choose Permissions > Policies/Roles. Then click Create Custom Policy.
    2. Configure parameters for the policy.
      • Policy Name: Set it to CCE Subscribe Operator.
      • Policy View: Select JSON.
      • Policy Content: Configure it as follows:
        {
            "Version": "1.1",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Action": [
                        "bss:order:pay"
                    ]
                }
            ]
        }
    3. Click OK.

  2. Grant the custom policy to cce_cluster_agency.

    1. Log in to the IAM console. In the navigation pane, choose Agencies.
    2. Locate the agency named cce_cluster_agency and click Authorize.
    3. Search for the CCE Subscribe Operator custom policy, select it, and click Next.
    4. Select an authorization scope as needed.

      By default, All resources is selected.

    5. Click OK.

  3. Go back to the CCE console, create a yearly/monthly EVS disk again, and verify that this problem has been resolved.