All Products
Search
Document Center

Cloud Config:Public endpoint is not configured for the ACK cluster

Last Updated:Jun 16, 2026

An ACK cluster is considered "compliant" if no public endpoint is configured.

Scenarios

Configuring a public endpoint for an ACK cluster exposes resource objects such as pods, services, and ReplicaControllers to attacks from the public network. To reduce this risk, do not configure a public endpoint.

Risk level

Default risk level: High.

You can change the risk level as needed.

Detection logic

  • An ACK cluster is considered "compliant" if no public endpoint is configured.

  • An ACK cluster is considered "non-compliant" if it has a public endpoint configured. For more information about how to fix this issue, see Remediation.

Rule details

Parameter

Description

Rule name

Public endpoint is not configured for the ACK cluster

Rule identifier

ack-cluster-public-endpoint-check

Tag

ACK

Automatic remediation

Not supported

Rule trigger mechanism

Scheduled execution

Trigger frequency

24 hours

Supported rule types

ACK cluster

Input parameters

None

Remediation

Detach the Elastic IP Address (EIP) from the ACK cluster. For more information, see Access the API server over the internet.