Home ACKS Kubernetes Accessing Your Kubernetes Cluster via Public IP

Accessing Your Kubernetes Cluster via Public IP

Last updated on Jul 25, 2025

When deploying a Kubernetes cluster on American Cloud, it’s important to understand the differences between the API Load Balancer IP, Source NAT IP, and your Ingress Service IP.

Common Issue

Error Message:
403 | ATTEMPT TO READ PROPERTY "NETWORK" ON NULL

Cause:
This usually occurs when attempting to port forward the cluster’s API Load Balancer IP, which is reserved for Kubernetes API access only. It is not intended for use with services deployed inside the cluster.

Understanding Public IPs in Your Deployment

API Load Balancer IP

0.0.0.0

– Used only for Kubernetes API access. Shown in the cluster card in the dashboard

Source NAT IP

0.0.0.0

-Used for outbound traffic from the cluster. Found in the network card > Public IP Addresses

Ingress IP

0.0.0.1

– For routing public traffic to your services (via nginx, istio, etc.) Retrieved via kubectl only

⚠️ Note: The Ingress IP is not shown in the dashboard. You must use Kubernetes commands to retrieve it.

Retrieving the Correct Ingress IP

Depending on the ingress controller you are using, run one of the following commands:

If using NGINX:

bash

kubectl get svc -n ingress-nginx

If using Istio:

bash

kubectl get svc istio-ingressgateway -n istio-system

Look for the value under the EXTERNAL-IP column — this is the IP you should use to expose your services externally.

Best Practices

  • Do not attempt to port forward the API Load Balancer or Source NAT IP.

  • Retrieve your Ingress IP using kubectl, since this IP is not currently displayed in the dashboard.

  • Ensure your ingress service is of type LoadBalancer.

  • Avoid manually adjusting firewall/network rules in the dashboard — these should be controlled via Kubernetes.

  • Consider using DNS to point to your ingress IP for stable access.

Example

From the dashboard:

  • Cluster Name: my-k8s-cluster

  • API Load Balancer IP: 0.0.0.0

  • Source NAT IP: 0.0.0.0

  • Allocated IPs:

    • 0.0.0.0 — Source NAT

    • 0.0.0.1 — Likely ingress service IP (with FW rules defined)

From kubectl:

bash

kubectl get svc istio-ingressgateway -n istio-system

Example output:

pgsql

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) istio-ingressgateway LoadBalancer 10.96.0.1 0.0.0.1 80:31380/TCP

✅ Use 0.0.0.1 to access your workloads via the ingress controller.