You cannot create a RAM role manually. However, when cluster Worker nodes are created, a Worker RAM role is automatically created for the Kubernetes cluster. You can then add policies to the Worker RAM role to grant the role the required permissions.
  1. Log on to the Container Service console.
  2. In the left-side navigation pane under Container Service-Kubernetes, choose Clusters > Clusters.
  3. Click the target cluster name.

  4. In the Cluster Resources area, click Worker RAM Role.

  5. On the RAM Roles page, click the policy name on the Permission tab page to view the policy details.

  6. On the Policy Document tab page, click Modify Policy Document.

  7. On the displayed page, add the target policies to the Policy Document area, and then click OK.

    In this example, the policies containing the permissions of scaling and deleting clusters are added to the policy document. For more information about permissions supported by a Kubernetes cluster, see Table 1.

    {
                "Action": [
                  "cs:ScaleCluster",
                  "cs:DeleteCluster"
                ],
                "Resource": "*",
                "Effect": "Allow"
             }