Container Service for Kubernetes:Control public access to the API server of a cluster

Usage notes

After you associate an EIP with the API server of a cluster, make sure that the EIP is in the normal state. If you disassociate the EIP, the API server cannot be accessed over the Internet.

Associate an EIP with the API server when you create a cluster

When you create a cluster, you can select Expose API Server with EIP to allow public access to the API server of the cluster. For more information about how to create a cluster, see Create an ACK managed cluster, Create an ACK Serverless cluster, and Create an ACK Edge cluster in the console.

Associate an EIP with the API server after a cluster is created

1. Log on to the ACK console. In the left-side navigation pane, click Cluster.

2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, click Cluster Information.

3. On the Cluster Information page, click the Basic Information tab. In the Cluster Information section, click Associate EIP.

4. In the Associate EIP dialog box, select an existing EIP and click OK. You can also click Create EIP to create an EIP by following the instructions.

   After the EIP is associated with the API server, a public IP address appears on the right side of the API Server Public Endpoint field.

   Important

   The API server restarts after you associate an EIP with the API server. We recommend that you do not perform operations on the cluster during the restart process.

Disassociate or change an EIP

ACK allows you to disassociate an EIP from the API server or change the EIP. After you disassociate the EIP from the API server of a cluster, the API server cannot be accessed over the Internet.

References

If you require fine-grained access control on the API server, you can configure network ACLs as whitelists or blacklists to limit access to the API server. For more information, see Configure network ACLs for the API server of an ACK cluster.