Container Service for Kubernetes:[Product Changes] Errors occur when you call the DescribeKubernetesVersionMetadata operation

Impact

If you log on to the ACK console with a RAM user or RAM role that meets one of the following conditions:

• A cluster is specified in the resource field in the RAM policy that is attached to the RAM user or RAM role. This indicates that you can use the RAM user or RAM role to call the API operations that are specified in the cs field in the RAM policy only in the specified cluster.
• The setting of the cs field in the attached RAM policy grants the RAM user or RAM role the permissions to call all the API operations of ACK to manage the clusters in the specified resource group. The resource group manages only specific clusters that belong to the Alibaba Cloud account.

The ACK console prompts the following RAM policy Forbidden error when you create a cluster or go to the Node Pools page in the ACK console. This is because the RAM user or RAM role does not have the permissions to call the DescribeKubernetesVersionMetadata operation specified in the cs field in all the clusters that belong to the Alibaba Cloud account.

RAM policy Forbidden for action cs:DescribeKubernetesVersionMetadata

Modify the RAM policy

To resolve the preceding issue, contact the permission administrator to modify the RAM policy that is attached to the RAM user or RAM role based on the following content: For more information, see Modify the document and description of a custom policy.

{
    "Statement": [
        {
            "Action": [
                "cs:DescribeKubernetesVersionMetadata"
            ],
            "Effect": "Allow",
            "Resource": [
                "*"
            ]
        }
    ],
    "Version": "1"
}