更新时间:2023-02-06 GMT+08:00

授权项分类

表1 Namespace

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建Namespace

POST /api/v1/namespaces

CCI:namespace:create

查询namespace

GET /api/v1/namespaces/{name}

CCI:namespace:get

列出namespaces

GET /api/v1/namespaces

CCI:namespace:list

删除namespace

DELETE /api/v1/namespaces/{name}

CCI:namespace:delete

表2 Pod

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建Pod

POST /api/v1/namespaces/{namespace}/pods

CCI:namespaceSubResource:Create

查询Pod

GET /api/v1/namespaces/{namespace}/pods/{name}

CCI:namespaceSubResource:Get

查询指定Namespace下所有Pod

GET /api/v1/namespaces/{namespace}/pods

CCI:namespaceSubResource:List

查询Pod状态

GET /api/v1/namespaces/{namespace}/pods/{name}/status

CCI:namespaceSubResource:Get

查询Pod日志

GET /api/v1/namespaces/{namespace}/pods/{name}/log

CCI:namespaceSubResource:Get

列出用户所有的Pod

GET /api/v1/pods

cci:namespaceSubResource:List

替换Pod

PUT /api/v1/namespaces/{namespace}/pods/{name}

CCI:namespaceSubResource:Update

更新Pod

PATCH /api/v1/namespaces/{namespace}/pods/{name}

CCI:namespaceSubResource:Update

删除Pod

DELETE /api/v1/namespaces/{namespace}/pods/{name}

CCI:namespaceSubResource:Delete

删除所有Pod

DELETE /api/v1/namespaces/{namespace}/pods

CCI:namespaceSubResource:Delete

表3 Deployment

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建Deployment

POST /apis/apps/v1/namespaces/{namespace}/deployments

  • CCI:namespaceSubResource:Create
  • elb:loadbalancers:create

查询Deployment

GET /apis/apps/v1/namespaces/{namespace}/deployments/{name}

CCI:namespaceSubResource:Get

查询Namespace下所有Deployment

GET /apis/apps/v1/namespaces/{namespace}/deployments

CCI:namespaceSubResource:List

查询Deployment的状态

GET /apis/apps/v1/namespaces/{namespace}/deployments/{name}/status

CCI:namespaceSubResource:Get

查询Deployment伸缩操作

GET /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale

CCI:namespaceSubResource:Get

列出用户所有的Deployment

GET /apis/apps/v1/deployments

CCI:namespaceSubResource:List

替换Deployment

PUT /apis/apps/v1/namespaces/{namespace}/deployments/{name}

CCI:namespaceSubResource:Update

替换Deployment伸缩操作

PUT /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale

CCI:namespaceSubResource:Update

更新Deployment

PATCH /apis/apps/v1/namespaces/{namespace}/deployments/{name}

CCI:namespaceSubResource:Update

更新Deployment伸缩操作

PATCH /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale

CCI:namespaceSubResource:Update

删除Deployment

DELETE /apis/apps/v1/namespaces/{namespace}/deployments/{name}

CCI:namespaceSubResource:Delete

删除Namespace下所有Deployment

DELETE /apis/apps/v1/namespaces/{namespace}/deployments

CCI:namespaceSubResource:Delete

表4 StatefulSet

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建StatefulSet

POST /apis/apps/v1/namespaces/{namespace}/statefulsets

  • CCI:namespaceSubResource:Create
  • elb:loadbalancers:create

查询StatefulSet

GET /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}

CCI:namespaceSubResource:Get

查询指定Namespace下所有StatefulSet

GET /apis/apps/v1/namespaces/{namespace}/statefulsets

CCI:namespaceSubResource:List

查询StatefulSet状态

GET /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/status

CCI:namespaceSubResource:Get

列出用户所有的Statefulset

GET /apis/apps/v1/statefulsets

CCI:namespaceSubResource:List

替换StatefulSet

PUT /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}

CCI:namespaceSubResource:Update

更新StatefulSet

PATCH /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}

CCI:namespaceSubResource:Update

删除StatefulSet

DELETE /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}

CCI:namespaceSubResource:Delete

删除所有StatefulSet

DELETE /apis/apps/v1/namespaces/{namespace}/statefulsets

CCI:namespaceSubResource:Delete

表5 Job

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建Job

POST /apis/batch/v1/namespaces/{namespace}/jobs

  • CCI:namespaceSubResource:Create
  • elb:loadbalancers:create

查询Job

GET /apis/batch/v1/namespaces/{namespace}/jobs/{name}

CCI:namespaceSubResource:Get

查询指定Namespace下所有Job

GET /apis/batch/v1/namespaces/{namespace}/jobs

CCI:namespaceSubResource:List

查询Job状态

GET /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status

CCI:namespaceSubResource:Get

列出用户所有Job

GET /apis/batch/v1/jobs

CCI:namespaceSubResource:List

替换Job

PUT /apis/batch/v1/namespaces/{namespace}/jobs/{name}

CCI:namespaceSubResource:Update

更新Job

PATCH /apis/batch/v1/namespaces/{namespace}/jobs/{name}

CCI:namespaceSubResource:Update

删除Job

DELETE /apis/batch/v1/namespaces/{namespace}/jobs/{name}

CCI:namespaceSubResource:Delete

删除所有Job

DELETE /apis/batch/v1/namespaces/{namespace}/jobs

CCI:namespaceSubResource:Delete

表6 Service

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建Service

POST /api/v1/namespaces/{namespace}/services

  • CCI:namespaceSubResource:Create
  • elb:loadbalancers:create

查询Service

GET /api/v1/namespaces/{namespace}/services/{name}

CCI:namespaceSubResource:Get

查询所有Service

GET /api/v1/namespaces/{namespace}/services

CCI:namespaceSubResource:List

查询Service状态

GET /api/v1/namespaces/{namespace}/services/{name}/status

CCI:namespaceSubResource:Get

删除Service

DELETE /api/v1/namespaces/{namespace}/services/{name}

CCI:namespaceSubResource:Delete

表7 Ingress

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建Ingress

POST /apis/extensions/v1beta1/namespaces/{namespace}/ingresses

  • CCI:namespaceSubResource:Create
  • elb:loadbalancers:create

查询Ingress

GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}

CCI:namespaceSubResource:Get

查询所有Ingress

GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses

CCI:namespaceSubResource:List

查询Ingress状态

GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}/status

CCI:namespaceSubResource:Get

替换Ingress

PUT /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}

CCI:namespaceSubResource:Update

更新Ingress

PATCH /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}

CCI:namespaceSubResource:Update

删除Ingress

DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}

CCI:namespaceSubResource:Delete

删除所有Ingress

DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses

CCI:namespaceSubResource:Delete

表8 Network

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建Network

POST /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks

  • CCI:network:Create
  • vpc:vpcs:create
  • vpc:ports:create
  • vpc:vpcs:get
  • vpc:subnets:get
  • vpc:publicIps:get
  • vpc:bandwidths:get
  • vpc:ports:get
  • vpc:peerings:get
  • vpc:quotas:list
  • vpc:privateIps:get
  • vpc:securityGroups:get
  • vpc:securityGroupRules:get
  • vpc:networks:get
  • vpc:routers:get
  • vpc:floatingIps:get
  • vpc:firewallRules:get

查询Network

GET /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks/{name}

CCI:network:Get

查询所有Network

GET /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks

CCI:network:List

查询Network状态

GET /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks/{name}/status

CCI:network:Get

删除Network

DELETE /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks/{name}

  • CCI:network:Delete
  • vpc:vpcs:delete
  • vpc:ports:delete

删除所有Network对象

DELETE /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks

  • CCI:network:Delete
  • vpc:vpcs:delete
  • vpc:ports:delete

表9 PersistentVolumeClaim

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建PersistentVolumeClaim

POST /api/v1/namespaces/{namespace}/persistentvolumeclaims

  • CCI:namespaceSubResource:Create
    • 云硬盘存储卷

      evs:volumes:create

      evs:volumes:get

      evs:types:get

    • 文件存储卷

      sfs:shares:createShare

      sfs:shares:getOSQuotaSets

      sfs:shares:ShareAction

查询PersistentVolumeClaim

GET /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}

  • CCI:namespaceSubResource:Get
    • 云硬盘存储卷

      evs:volumes:get

    • 文件存储卷

      sfs:shares:getAllSharesDetail

查询所有PersistentVolumeClaim

GET /api/v1/namespaces/{namespace}/persistentvolumeclaims

  • CCI:namespaceSubResource:List
  • 云硬盘存储卷

    evs:volumes:list

  • 文件存储卷

    sfs:shares:getAllSharesDetail

    sfs:shares:ShareAction

  • 对象存储卷

    obs:bucket:ListAllMyBuckets

删除PersistentVolumeClaim

DELETE /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}

  • CCI:namespaceSubResource:Delete
  • 云硬盘存储卷

    evs:volumes:delete

    evs:volumes:get

  • 文件存储卷

    sfs:shares:deleteShare

表10 ConfigMap

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建ConfigMap

POST /api/v1/namespaces/{namespace}/configmaps

CCI:namespaceSubResource:Create

查询ConfigMap

GET /api/v1/namespaces/{namespace}/configmaps/{name}

CCI:namespaceSubResource:Get

查询所有ConfigMap

GET /api/v1/namespaces/{namespace}/configmaps

CCI:namespaceSubResource:List

替换ConfigMap

PUT /api/v1/namespaces/{namespace}/configmaps/{name}

CCI:namespaceSubResource:Update

更新ConfigMap

PATCH /api/v1/namespaces/{namespace}/configmaps/{name}

CCI:namespaceSubResource:Update

删除ConfigMap

DELETE /api/v1/namespaces/{namespace}/configmaps/{name}

CCI:namespaceSubResource:Delete

删除所有ConfigMap

DELETE /api/v1/namespaces/{namespace}/configmaps

CCI:namespaceSubResource:Delete

表11 Secret

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建Secret

POST /api/v1/namespaces/{namespace}/secrets

CCI:namespaceSubResource:Create

替换Secret

PUT /api/v1/namespaces/{namespace}/secrets/{name}

CCI:namespaceSubResource:Update

更新Secret

PATCH /api/v1/namespaces/{namespace}/secrets/{name}

CCI:namespaceSubResource:Update

删除Secret

DELETE /api/v1/namespaces/{namespace}/secrets/{name}

CCI:namespaceSubResource:Delete

删除所有Secret

DELETE /api/v1/namespaces/{namespace}/secrets

CCI:namespaceSubResource:Delete

表12 ClusterRole

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

获取指定的ClusterRole

GET /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}

CCI:rbac:Get

获取ClusterRole列表

GET /apis/rbac.authorization.k8s.io/v1/clusterroles

CCI:rbac:List

表13 RoleBinding

权限

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建RoleBinding

POST /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings

CCI:rbac:Create

更新指定的RoleBinding

PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}

CCI:rbac:Update

替换指定的RoleBinding

PUT /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}

CCI:rbac:Update

删除指定的RoleBinding

DELETE /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}

CCI:rbac:Delete

获取指定的RoleBinding

GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}

CCI:rbac:Get

获取指定namespace下RoleBinding列表

GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings

CCI:rbac:List

获取RoleBinding列表

GET /apis/rbac.authorization.k8s.io/v1/rolebindings

CCI:rbac:List