In this experiment, Alibaba Cloud Container Service for Kubernetes (ACK), the container service provided by Alibaba Cloud, is used. This experiment introduces the components of access control in Kubernetes clusters and how to grant permissions. Access control in Kubernetes clusters is divided into two parts: Resource Access Management (RAM) and Role-Based Access Control (RBAC). RAM controls access to the management API of Kubernetes clusters. If you need to modify the visibility of, scale in or out, or add nodes to Kubernetes clusters, you must have RAM permissions. RBAC controls access to resources in Kubernetes clusters through the API server based on roles.