ACK lets you expose your cluster's API server over the internet by associating an elastic IP address (EIP) with it. This is useful when you need to run kubectl or other management tools from outside the cluster's VPC. You can associate an EIP at cluster creation time or on an existing cluster, and remove or replace it at any time.
Limitations
Not all cluster types support every operation. Check the table below before you begin.
| Operation | Supported cluster types |
|---|---|
| Associate an EIP at cluster creation | ACK managed cluster, ACK Serverless cluster, ACK Edge cluster |
| Associate an EIP after cluster creation | ACK managed Basic cluster, ACK managed Pro cluster, ACK Serverless cluster, ACK Edge cluster |
| Change or disassociate an EIP | ACK managed Basic cluster, ACK managed Pro cluster, ACK Serverless cluster |
Usage notes
-
Keep the EIP in the normal state after associating it. If the EIP is accidentally disassociated, the API server becomes unreachable over the internet.
-
The API server restarts when you associate an EIP. Avoid performing cluster operations during the restart.
Associate an EIP at cluster creation
When creating a cluster, select Expose API Server with EIP to enable public access to the API server.
For detailed cluster creation steps, see Create an ACK managed cluster, Create an ACK Serverless cluster, and Create an ACK Edge cluster.
Associate an EIP after cluster creation
-
Log on to the ACK console. In the left-side navigation pane, click Clusters.
-
On the Clusters page, find the cluster and click its name. In the left-side pane, click Cluster Information.
-
On the Cluster Information page, click the Basic Information tab. In the Cluster Information section, click Associate EIP.
-
In the Associate EIP dialog box, select an existing EIP and click OK. To create a new EIP, click Create EIP and follow the instructions.
After the EIP is associated, a public IP address appears next to the API Server Public Endpoint field.
The API server restarts during this process. Avoid performing cluster operations until the restart completes.
Disassociate or change an EIP
ACK allows you to disassociate an EIP from the API server or change the EIP. After you disassociate the EIP from the API server of a cluster, the API server cannot be accessed over the internet.
What's next
To restrict which IP addresses can reach the public endpoint, configure network ACLs as whitelists or blacklists for the API server. For more information, see Configure network ACLs for the API server of an ACK cluster.