weizhouapache commented on issue #8265: URL: https://github.com/apache/cloudstack/issues/8265#issuecomment-1829794687
> i know cloudstack automatically generated it. cloudstack create a user with the name USER-kubeadmin and used its api-key and secret. this information in visible in K8s. i want change to my own. and i have another question that what is the power of this api url whis corresponding key and can i limit it? @weizhouapache @shwstppr @ahmadamirahmadi007 the secret is useful in two scenarios - LB auto-configuration. If you deploy a k8s service with type as LoadBalancer, ACS will acquire a public IP, and create LB rules automatically. - autoscaler, K8S will send request to ACS to create new vm or destroy a vm based on the metrics. This can be disabled per CKS cluster. The corresponding user in the secret must have the privilege to perform the APIs above. Therefore ACS creates the user under the same account as the owner of the kubernetes cluster or the caller (if k8s cluster is created for a project). The privilege depends on the type or role of the account (owner or caller). If you use the api key of a different user, the above actions might fail. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
