Container Service for Kubernetes:Enable public access to GitOps

Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Multi-cluster Applications.

On the Multi-cluster GitOps page, click the icon next to the fleet name in the upper-left corner and select the destination fleet from the drop-down list.

GitOps is enabled by default for a new fleet. If GitOps is not enabled for your fleet, click Enable GitOps. In the dialog box that appears, click OK.

If GitOps is enabled for the fleet, the GitOps Console button appears on the Multi-cluster GitOps page.

On the Multi-cluster GitOps page, click Enable next to Public Access. In the Enable Public Access dialog box that appears, enter the IP addresses or CIDR blocks that you want to add to the whitelist and click OK.

After the fleet is updated, you can click GitOps Console in the upper-right corner of the page to access the GitOps console over the Internet.

Execute the following command to obtain the basic information about the cluster and record the cluster ID.

aliyun adcp DescribeHubClusters

Execute the following command to obtain the public IP address of your computer.

For security reasons, do not grant public access permissions for ArgoCD to all users. Grant permissions only to specific public CIDR blocks.

You can execute the following command to obtain the local IP address or ask the network administrator for the required public CIDR block.

curl ifconfig.me

Execute the following command to enable public access to GitOps and configure access control.

For example, if the CIDR block of your computer is 10.100.XX.XX/24, you can execute the following command to enable public access to the ArgoCD UI for this CIDR block.

aliyun adcp UpdateHubClusterFeature --RegionId regionId --ClusterId **** --PublicAccessEnabled true --AccessControlList "[\"10.100.XX.XX/24\"]" --ArgoCDEnabled true