Docs Home
Alibaba Cloud v3.85.0 published on Tuesday, Sep 9, 2025 by Pulumi
alicloud.cs.KubernetesPermission
Explore with Pulumi AI
This resource will help you implement RBAC authorization for the kubernetes cluster, see What is kubernetes permissions.
NOTE: Please make sure that the target RAM user has been granted a RAM policy with at least read-only permission of the target cluster in the RAM console. Otherwise, the
ErrorRamPolicyConfigerror will be returned. For more information about how to authorize a RAM user by attaching RAM policies, see Create a custom RAM policy.
NOTE: If you call this operation as a RAM user, make sure that this RAM user has the permissions to grant other RAM users the permissions to manage ACK clusters. Otherwise, the
StatusForbiddenorForbiddenGrantPermissionserrors will be returned. For more information, see Use a RAM user to grant RBAC permissions to other RAM users.
NOTE: This operation overwrites the permissions that have been granted to the specified RAM user. When you call this operation, make sure that the required permissions are included.
NOTE: Available since v1.122.0.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
import * as random from "@pulumi/random";
import * as std from "@pulumi/std";
const defaultInteger = new random.index.Integer("default", {
max: 99999,
min: 10000,
});
const config = new pulumi.Config();
const name = config.get("name") || "terraform-example";
// The cidr block used to launch a new vpc when 'vpc_id' is not specified.
const vpcCidr = config.get("vpcCidr") || "10.0.0.0/8";
// List of cidr blocks used to create several new vswitches when 'vswitch_ids' is not specified.
const vswitchCidrs = config.getObject<Array<string>>("vswitchCidrs") || [
"10.1.0.0/16",
"10.2.0.0/16",
];
// The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or service's and cannot be in them.
const podCidr = config.get("podCidr") || "172.16.0.0/16";
// The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or pod's and cannot be in them.
const serviceCidr = config.get("serviceCidr") || "192.168.0.0/16";
const enhanced = alicloud.vpc.getEnhancedNatAvailableZones({});
const _default = alicloud.cs.getKubernetesVersion({
clusterType: "ManagedKubernetes",
});
const vpc = new alicloud.vpc.Network("vpc", {cidrBlock: vpcCidr});
// According to the vswitch cidr blocks to launch several vswitches
const defaultSwitch: alicloud.vpc.Switch[] = [];
for (const range = {value: 0}; range.value < vswitchCidrs.length; range.value++) {
defaultSwitch.push(new alicloud.vpc.Switch(`default-${range.value}`, {
vpcId: vpc.id,
cidrBlock: vswitchCidrs[range.value],
zoneId: enhanced.then(enhanced => enhanced.zones[range.value].zoneId),
}));
}
// Create a new RAM cluster.
const defaultManagedKubernetes = new alicloud.cs.ManagedKubernetes("default", {
name: `${name}-${defaultInteger.result}`,
clusterSpec: "ack.pro.small",
version: _default.then(_default => _default.metadatas?.[0]?.version),
workerVswitchIds: std.joinOutput({
separator: ",",
input: defaultSwitch.map(__item => __item.id),
}).apply(invoke => std.splitOutput({
separator: ",",
text: invoke.result,
})).apply(invoke => invoke.result),
newNatGateway: false,
podCidr: podCidr,
serviceCidr: serviceCidr,
slbInternetEnabled: false,
});
// Create a new RAM user.
const user = new alicloud.ram.User("user", {name: `${name}-${defaultInteger.result}`});
// Create a cluster permission for user.
const defaultKubernetesPermission = new alicloud.cs.KubernetesPermission("default", {
uid: user.id,
permissions: [{
cluster: defaultManagedKubernetes.id,
roleType: "cluster",
roleName: "admin",
namespace: "",
isCustom: false,
isRamRole: false,
}],
});
const attach = new alicloud.cs.KubernetesPermission("attach", {
uid: user.id,
permissions: [{
cluster: defaultManagedKubernetes.id,
roleType: "namespace",
roleName: "cs:dev",
namespace: "default",
isCustom: true,
isRamRole: false,
}],
});
import pulumi
import pulumi_alicloud as alicloud
import pulumi_random as random
import pulumi_std as std
default_integer = random.index.Integer("default",
max=99999,
min=10000)
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "terraform-example"
# The cidr block used to launch a new vpc when 'vpc_id' is not specified.
vpc_cidr = config.get("vpcCidr")
if vpc_cidr is None:
vpc_cidr = "10.0.0.0/8"
# List of cidr blocks used to create several new vswitches when 'vswitch_ids' is not specified.
vswitch_cidrs = config.get_object("vswitchCidrs")
if vswitch_cidrs is None:
vswitch_cidrs = [
"10.1.0.0/16",
"10.2.0.0/16",
]
# The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or service's and cannot be in them.
pod_cidr = config.get("podCidr")
if pod_cidr is None:
pod_cidr = "172.16.0.0/16"
# The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or pod's and cannot be in them.
service_cidr = config.get("serviceCidr")
if service_cidr is None:
service_cidr = "192.168.0.0/16"
enhanced = alicloud.vpc.get_enhanced_nat_available_zones()
default = alicloud.cs.get_kubernetes_version(cluster_type="ManagedKubernetes")
vpc = alicloud.vpc.Network("vpc", cidr_block=vpc_cidr)
# According to the vswitch cidr blocks to launch several vswitches
default_switch = []
for range in [{"value": i} for i in range(0, len(vswitch_cidrs))]:
default_switch.append(alicloud.vpc.Switch(f"default-{range['value']}",
vpc_id=vpc.id,
cidr_block=vswitch_cidrs[range["value"]],
zone_id=enhanced.zones[range["value"]].zone_id))
# Create a new RAM cluster.
default_managed_kubernetes = alicloud.cs.ManagedKubernetes("default",
name=f"{name}-{default_integer['result']}",
cluster_spec="ack.pro.small",
version=default.metadatas[0].version,
worker_vswitch_ids=std.join_output(separator=",",
input=[__item.id for __item in default_switch]).apply(lambda invoke: std.split_output(separator=",",
text=invoke.result)).apply(lambda invoke: invoke.result),
new_nat_gateway=False,
pod_cidr=pod_cidr,
service_cidr=service_cidr,
slb_internet_enabled=False)
# Create a new RAM user.
user = alicloud.ram.User("user", name=f"{name}-{default_integer['result']}")
# Create a cluster permission for user.
default_kubernetes_permission = alicloud.cs.KubernetesPermission("default",
uid=user.id,
permissions=[{
"cluster": default_managed_kubernetes.id,
"role_type": "cluster",
"role_name": "admin",
"namespace": "",
"is_custom": False,
"is_ram_role": False,
}])
attach = alicloud.cs.KubernetesPermission("attach",
uid=user.id,
permissions=[{
"cluster": default_managed_kubernetes.id,
"role_type": "namespace",
"role_name": "cs:dev",
"namespace": "default",
"is_custom": True,
"is_ram_role": False,
}])
Example coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
using Random = Pulumi.Random;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var defaultInteger = new Random.Index.Integer("default", new()
{
Max = 99999,
Min = 10000,
});
var config = new Config();
var name = config.Get("name") ?? "terraform-example";
// The cidr block used to launch a new vpc when 'vpc_id' is not specified.
var vpcCidr = config.Get("vpcCidr") ?? "10.0.0.0/8";
// List of cidr blocks used to create several new vswitches when 'vswitch_ids' is not specified.
var vswitchCidrs = config.GetObject<string[]>("vswitchCidrs") ?? new[]
{
"10.1.0.0/16",
"10.2.0.0/16",
};
// The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or service's and cannot be in them.
var podCidr = config.Get("podCidr") ?? "172.16.0.0/16";
// The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or pod's and cannot be in them.
var serviceCidr = config.Get("serviceCidr") ?? "192.168.0.0/16";
var enhanced = AliCloud.Vpc.GetEnhancedNatAvailableZones.Invoke();
var @default = AliCloud.CS.GetKubernetesVersion.Invoke(new()
{
ClusterType = "ManagedKubernetes",
});
var vpc = new AliCloud.Vpc.Network("vpc", new()
{
CidrBlock = vpcCidr,
});
// According to the vswitch cidr blocks to launch several vswitches
var defaultSwitch = new List<AliCloud.Vpc.Switch>();
for (var rangeIndex = 0; rangeIndex < vswitchCidrs.Length; rangeIndex++)
{
var range = new { Value = rangeIndex };
defaultSwitch.Add(new AliCloud.Vpc.Switch($"default-{range.Value}", new()
{
VpcId = vpc.Id,
CidrBlock = vswitchCidrs[range.Value],
ZoneId = enhanced.Apply(getEnhancedNatAvailableZonesResult => getEnhancedNatAvailableZonesResult.Zones)[range.Value].ZoneId,
}));
}
// Create a new RAM cluster.
var defaultManagedKubernetes = new AliCloud.CS.ManagedKubernetes("default", new()
{
Name = $"{name}-{defaultInteger.Result}",
ClusterSpec = "ack.pro.small",
Version = @default.Apply(@default => @default.Apply(getKubernetesVersionResult => getKubernetesVersionResult.Metadatas[0]?.Version)),
WorkerVswitchIds = Std.Join.Invoke(new()
{
Separator = ",",
Input = defaultSwitch.Select(__item => __item.Id).ToList(),
}).Apply(invoke => Std.Split.Invoke(new()
{
Separator = ",",
Text = invoke.Result,
})).Apply(invoke => invoke.Result),
NewNatGateway = false,
PodCidr = podCidr,
ServiceCidr = serviceCidr,
SlbInternetEnabled = false,
});
// Create a new RAM user.
var user = new AliCloud.Ram.User("user", new()
{
Name = $"{name}-{defaultInteger.Result}",
});
// Create a cluster permission for user.
var defaultKubernetesPermission = new AliCloud.CS.KubernetesPermission("default", new()
{
Uid = user.Id,
Permissions = new[]
{
new AliCloud.CS.Inputs.KubernetesPermissionPermissionArgs
{
Cluster = defaultManagedKubernetes.Id,
RoleType = "cluster",
RoleName = "admin",
Namespace = "",
IsCustom = false,
IsRamRole = false,
},
},
});
var attach = new AliCloud.CS.KubernetesPermission("attach", new()
{
Uid = user.Id,
Permissions = new[]
{
new AliCloud.CS.Inputs.KubernetesPermissionPermissionArgs
{
Cluster = defaultManagedKubernetes.Id,
RoleType = "namespace",
RoleName = "cs:dev",
Namespace = "default",
IsCustom = true,
IsRamRole = false,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.Integer;
import com.pulumi.random.IntegerArgs;
import com.pulumi.alicloud.vpc.VpcFunctions;
import com.pulumi.alicloud.vpc.inputs.GetEnhancedNatAvailableZonesArgs;
import com.pulumi.alicloud.cs.CsFunctions;
import com.pulumi.alicloud.cs.inputs.GetKubernetesVersionArgs;
import com.pulumi.alicloud.vpc.Network;
import com.pulumi.alicloud.vpc.NetworkArgs;
import com.pulumi.alicloud.vpc.Switch;
import com.pulumi.alicloud.vpc.SwitchArgs;
import com.pulumi.alicloud.cs.ManagedKubernetes;
import com.pulumi.alicloud.cs.ManagedKubernetesArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.JoinArgs;
import com.pulumi.std.inputs.SplitArgs;
import com.pulumi.alicloud.ram.User;
import com.pulumi.alicloud.ram.UserArgs;
import com.pulumi.alicloud.cs.KubernetesPermission;
import com.pulumi.alicloud.cs.KubernetesPermissionArgs;
import com.pulumi.alicloud.cs.inputs.KubernetesPermissionPermissionArgs;
import com.pulumi.codegen.internal.KeyedValue;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
var defaultInteger = new Integer("defaultInteger", IntegerArgs.builder()
.max(99999)
.min(10000)
.build());
final var name = config.get("name").orElse("terraform-example");
final var vpcCidr = config.get("vpcCidr").orElse("10.0.0.0/8");
final var vswitchCidrs = config.get("vswitchCidrs").orElse(List.of(
"10.1.0.0/16",
"10.2.0.0/16"));
final var podCidr = config.get("podCidr").orElse("172.16.0.0/16");
final var serviceCidr = config.get("serviceCidr").orElse("192.168.0.0/16");
final var enhanced = VpcFunctions.getEnhancedNatAvailableZones(GetEnhancedNatAvailableZonesArgs.builder()
.build());
final var default = CsFunctions.getKubernetesVersion(GetKubernetesVersionArgs.builder()
.clusterType("ManagedKubernetes")
.build());
var vpc = new Network("vpc", NetworkArgs.builder()
.cidrBlock(vpcCidr)
.build());
// According to the vswitch cidr blocks to launch several vswitches
for (var i = 0; i < vswitchCidrs.length(); i++) {
new Switch("defaultSwitch-" + i, SwitchArgs.builder()
.vpcId(vpc.id())
.cidrBlock(vswitchCidrs[range.value()])
.zoneId(enhanced.zones()[range.value()].zoneId())
.build());
}
// Create a new RAM cluster.
var defaultManagedKubernetes = new ManagedKubernetes("defaultManagedKubernetes", ManagedKubernetesArgs.builder()
.name(String.format("%s-%s", name,defaultInteger.result()))
.clusterSpec("ack.pro.small")
.version(default_.metadatas()[0].version())
.workerVswitchIds(StdFunctions.join(JoinArgs.builder()
.separator(",")
.input(defaultSwitch.stream().map(element -> element.id()).collect(toList()))
.build()).applyValue(_invoke -> StdFunctions.split(SplitArgs.builder()
.separator(",")
.text(_invoke.result())
.build())).applyValue(_invoke -> _invoke.result()))
.newNatGateway(false)
.podCidr(podCidr)
.serviceCidr(serviceCidr)
.slbInternetEnabled(false)
.build());
// Create a new RAM user.
var user = new User("user", UserArgs.builder()
.name(String.format("%s-%s", name,defaultInteger.result()))
.build());
// Create a cluster permission for user.
var defaultKubernetesPermission = new KubernetesPermission("defaultKubernetesPermission", KubernetesPermissionArgs.builder()
.uid(user.id())
.permissions(KubernetesPermissionPermissionArgs.builder()
.cluster(defaultManagedKubernetes.id())
.roleType("cluster")
.roleName("admin")
.namespace("")
.isCustom(false)
.isRamRole(false)
.build())
.build());
var attach = new KubernetesPermission("attach", KubernetesPermissionArgs.builder()
.uid(user.id())
.permissions(KubernetesPermissionPermissionArgs.builder()
.cluster(defaultManagedKubernetes.id())
.roleType("namespace")
.roleName("cs:dev")
.namespace("default")
.isCustom(true)
.isRamRole(false)
.build())
.build());
}
}
Example coming soon!
Create KubernetesPermission Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KubernetesPermission(name: string, args: KubernetesPermissionArgs, opts?: CustomResourceOptions);@overload
def KubernetesPermission(resource_name: str,
args: KubernetesPermissionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KubernetesPermission(resource_name: str,
opts: Optional[ResourceOptions] = None,
uid: Optional[str] = None,
permissions: Optional[Sequence[KubernetesPermissionPermissionArgs]] = None)func NewKubernetesPermission(ctx *Context, name string, args KubernetesPermissionArgs, opts ...ResourceOption) (*KubernetesPermission, error)public KubernetesPermission(string name, KubernetesPermissionArgs args, CustomResourceOptions? opts = null)
public KubernetesPermission(String name, KubernetesPermissionArgs args)
public KubernetesPermission(String name, KubernetesPermissionArgs args, CustomResourceOptions options)
type: alicloud:cs:KubernetesPermission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KubernetesPermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KubernetesPermissionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KubernetesPermissionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KubernetesPermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KubernetesPermissionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kubernetesPermissionResource = new AliCloud.CS.KubernetesPermission("kubernetesPermissionResource", new()
{
Uid = "string",
Permissions = new[]
{
new AliCloud.CS.Inputs.KubernetesPermissionPermissionArgs
{
Cluster = "string",
RoleName = "string",
RoleType = "string",
IsCustom = false,
IsRamRole = false,
Namespace = "string",
},
},
});
example, err := cs.NewKubernetesPermission(ctx, "kubernetesPermissionResource", &cs.KubernetesPermissionArgs{
Uid: pulumi.String("string"),
Permissions: cs.KubernetesPermissionPermissionArray{
&cs.KubernetesPermissionPermissionArgs{
Cluster: pulumi.String("string"),
RoleName: pulumi.String("string"),
RoleType: pulumi.String("string"),
IsCustom: pulumi.Bool(false),
IsRamRole: pulumi.Bool(false),
Namespace: pulumi.String("string"),
},
},
})
var kubernetesPermissionResource = new KubernetesPermission("kubernetesPermissionResource", KubernetesPermissionArgs.builder()
.uid("string")
.permissions(KubernetesPermissionPermissionArgs.builder()
.cluster("string")
.roleName("string")
.roleType("string")
.isCustom(false)
.isRamRole(false)
.namespace("string")
.build())
.build());
kubernetes_permission_resource = alicloud.cs.KubernetesPermission("kubernetesPermissionResource",
uid="string",
permissions=[{
"cluster": "string",
"role_name": "string",
"role_type": "string",
"is_custom": False,
"is_ram_role": False,
"namespace": "string",
}])
const kubernetesPermissionResource = new alicloud.cs.KubernetesPermission("kubernetesPermissionResource", {
uid: "string",
permissions: [{
cluster: "string",
roleName: "string",
roleType: "string",
isCustom: false,
isRamRole: false,
namespace: "string",
}],
});
type: alicloud:cs:KubernetesPermission
properties:
permissions:
- cluster: string
isCustom: false
isRamRole: false
namespace: string
roleName: string
roleType: string
uid: string
KubernetesPermission Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KubernetesPermission resource accepts the following input properties:
- Uid string
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization. - Permissions
List<Pulumi.
Ali Cloud. CS. Inputs. Kubernetes Permission Permission> - A list of user permission. See
permissionsbelow.
- Uid string
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization. - Permissions
[]Kubernetes
Permission Permission Args - A list of user permission. See
permissionsbelow.
- uid String
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization. - permissions
List<Kubernetes
Permission Permission> - A list of user permission. See
permissionsbelow.
- uid string
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization. - permissions
Kubernetes
Permission Permission[] - A list of user permission. See
permissionsbelow.
- uid str
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization. - permissions
Sequence[Kubernetes
Permission Permission Args] - A list of user permission. See
permissionsbelow.
- uid String
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization. - permissions List<Property Map>
- A list of user permission. See
permissionsbelow.
Outputs
All input properties are implicitly available as output properties. Additionally, the KubernetesPermission resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing KubernetesPermission Resource
Get an existing KubernetesPermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KubernetesPermissionState, opts?: CustomResourceOptions): KubernetesPermission@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
permissions: Optional[Sequence[KubernetesPermissionPermissionArgs]] = None,
uid: Optional[str] = None) -> KubernetesPermissionfunc GetKubernetesPermission(ctx *Context, name string, id IDInput, state *KubernetesPermissionState, opts ...ResourceOption) (*KubernetesPermission, error)public static KubernetesPermission Get(string name, Input<string> id, KubernetesPermissionState? state, CustomResourceOptions? opts = null)public static KubernetesPermission get(String name, Output<String> id, KubernetesPermissionState state, CustomResourceOptions options)resources: _: type: alicloud:cs:KubernetesPermission get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Permissions
List<Pulumi.
Ali Cloud. CS. Inputs. Kubernetes Permission Permission> - A list of user permission. See
permissionsbelow. - Uid string
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization.
- Permissions
[]Kubernetes
Permission Permission Args - A list of user permission. See
permissionsbelow. - Uid string
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization.
- permissions
List<Kubernetes
Permission Permission> - A list of user permission. See
permissionsbelow. - uid String
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization.
- permissions
Kubernetes
Permission Permission[] - A list of user permission. See
permissionsbelow. - uid string
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization.
- permissions
Sequence[Kubernetes
Permission Permission Args] - A list of user permission. See
permissionsbelow. - uid str
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization.
- permissions List<Property Map>
- A list of user permission. See
permissionsbelow. - uid String
- The ID of the Ram user, and it can also be the id of the Ram Role. If you use Ram Role id, you need to set
is_ram_roletotrueduring authorization.
Supporting Types
KubernetesPermissionPermission, KubernetesPermissionPermissionArgs
- Cluster string
- The ID of the cluster that you want to manage, When
role_typevalue isall-clusters, the value ofclustermust be"". - Role
Name string - Specifies the predefined role that you want to assign. Valid values
admin,ops,dev,restrictedand the custom cluster roles. - Role
Type string - The authorization type. Valid values
cluster,namespaceandall-clusters. - Is
Custom bool - Specifies whether to perform a custom authorization. To perform a custom authorization, the value of
is_custommust betrue, and setrole_nameto a custom cluster role. - Is
Ram boolRole - Specifies whether the permissions are granted to a RAM role. When
uidis ram role id, the value ofis_ram_rolemust betrue. - Namespace string
- The namespace to which the permissions are scoped. This parameter is required only if you set role_type to namespace.
- Cluster string
- The ID of the cluster that you want to manage, When
role_typevalue isall-clusters, the value ofclustermust be"". - Role
Name string - Specifies the predefined role that you want to assign. Valid values
admin,ops,dev,restrictedand the custom cluster roles. - Role
Type string - The authorization type. Valid values
cluster,namespaceandall-clusters. - Is
Custom bool - Specifies whether to perform a custom authorization. To perform a custom authorization, the value of
is_custommust betrue, and setrole_nameto a custom cluster role. - Is
Ram boolRole - Specifies whether the permissions are granted to a RAM role. When
uidis ram role id, the value ofis_ram_rolemust betrue. - Namespace string
- The namespace to which the permissions are scoped. This parameter is required only if you set role_type to namespace.
- cluster String
- The ID of the cluster that you want to manage, When
role_typevalue isall-clusters, the value ofclustermust be"". - role
Name String - Specifies the predefined role that you want to assign. Valid values
admin,ops,dev,restrictedand the custom cluster roles. - role
Type String - The authorization type. Valid values
cluster,namespaceandall-clusters. - is
Custom Boolean - Specifies whether to perform a custom authorization. To perform a custom authorization, the value of
is_custommust betrue, and setrole_nameto a custom cluster role. - is
Ram BooleanRole - Specifies whether the permissions are granted to a RAM role. When
uidis ram role id, the value ofis_ram_rolemust betrue. - namespace String
- The namespace to which the permissions are scoped. This parameter is required only if you set role_type to namespace.
- cluster string
- The ID of the cluster that you want to manage, When
role_typevalue isall-clusters, the value ofclustermust be"". - role
Name string - Specifies the predefined role that you want to assign. Valid values
admin,ops,dev,restrictedand the custom cluster roles. - role
Type string - The authorization type. Valid values
cluster,namespaceandall-clusters. - is
Custom boolean - Specifies whether to perform a custom authorization. To perform a custom authorization, the value of
is_custommust betrue, and setrole_nameto a custom cluster role. - is
Ram booleanRole - Specifies whether the permissions are granted to a RAM role. When
uidis ram role id, the value ofis_ram_rolemust betrue. - namespace string
- The namespace to which the permissions are scoped. This parameter is required only if you set role_type to namespace.
- cluster str
- The ID of the cluster that you want to manage, When
role_typevalue isall-clusters, the value ofclustermust be"". - role_
name str - Specifies the predefined role that you want to assign. Valid values
admin,ops,dev,restrictedand the custom cluster roles. - role_
type str - The authorization type. Valid values
cluster,namespaceandall-clusters. - is_
custom bool - Specifies whether to perform a custom authorization. To perform a custom authorization, the value of
is_custommust betrue, and setrole_nameto a custom cluster role. - is_
ram_ boolrole - Specifies whether the permissions are granted to a RAM role. When
uidis ram role id, the value ofis_ram_rolemust betrue. - namespace str
- The namespace to which the permissions are scoped. This parameter is required only if you set role_type to namespace.
- cluster String
- The ID of the cluster that you want to manage, When
role_typevalue isall-clusters, the value ofclustermust be"". - role
Name String - Specifies the predefined role that you want to assign. Valid values
admin,ops,dev,restrictedand the custom cluster roles. - role
Type String - The authorization type. Valid values
cluster,namespaceandall-clusters. - is
Custom Boolean - Specifies whether to perform a custom authorization. To perform a custom authorization, the value of
is_custommust betrue, and setrole_nameto a custom cluster role. - is
Ram BooleanRole - Specifies whether the permissions are granted to a RAM role. When
uidis ram role id, the value ofis_ram_rolemust betrue. - namespace String
- The namespace to which the permissions are scoped. This parameter is required only if you set role_type to namespace.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.