Updated on 2025-08-15 GMT+08:00

Enabling Public Network Access

Function

Public network access is supported only when Security Mode and HTTPS Access are enabled for a cluster. When Public IP Address is enabled, a public IP address is automatically assigned, which will enable access to the security cluster from the public network. Additionally, you can configure access control from the public network by IP addresses or IP address ranges.

To enable public network access for Elasticsearch or OpenSearch clusters, a shared load balancer is typically used for load balancing. If your workloads require quicker access, you are advised to use a dedicated load balancer to connect to your clusters. For details about its configuration, see section "Configuring a Dedicated Load Balancer for an Elasticsearch Cluster."

Calling Method

For details, see Calling APIs.

URI

POST /v1.0/{project_id}/clusters/{cluster_id}/public/open

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition:

Project ID. For details about how to obtain the project ID and name, see Obtaining the Project ID and Name.

Constraints:

N/A

Value range:

Project ID of the account.

Default value:

N/A

cluster_id

Yes

String

Definition:

ID of the cluster whose public network access you want to enable. For details about how to obtain the cluster ID, see Obtaining the Cluster ID.

Constraints:

N/A

Value range:

Cluster ID.

Default value:

N/A

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

eip

Yes

BindPublicReqEip object

Definition:

EIP for public network access.

Constraints:

N/A

Value range:

N/A

Default value:

N/A

white_list

No

String

Definition:

Public network access control whitelist.

Constraints:

Separate the whitelisted CIDR blocks or IP addresses with commas (,), and make sure each of them is unique.

Value range:

N/A

Default value:

N/A

is_auto_pay

No

Integer

Definition:

Whether to enable automatic payment from your Huawei Cloud account.

Constraints:

This parameter takes effect only for yearly/monthly clusters.

Value range:

  • 1: Yes. (Discounts and coupons are automatically selected. The fee will be automatically deducted from your Huawei Cloud account.) If the automatic payment fails, an unpaid order will be generated, and you need to manually complete the payment. (During manual payment, you can still modify the discounts and coupons that were automatically selected.)

  • 0: No. (The customer needs to manually pay for the bill. Discounts and coupons can be used.)

Default value:

0

Table 3 BindPublicReqEip

Parameter

Mandatory

Type

Description

band_width

Yes

BindPublicReqEipBandWidth object

Definition:

Public network bandwidth.

Constraints:

N/A

Value range:

N/A

Default value:

N/A

Table 4 BindPublicReqEipBandWidth

Parameter

Mandatory

Type

Description

size

Yes

Integer

Definition:

Public network bandwidth, in Mbit/s.

Constraints:

N/A

Value range:

N/A

Default value:

N/A

Response Parameters

Status code: 200

Table 5 Response body parameters

Parameter

Type

Description

action

String

Definition:

A setting required to enable public network access.

Value range:

The fixed value is bindZone, indicating that the binding is successful.

Example Requests

Enable public network access.

POST https://{Endpoint}/v1.0/{project_id}/clusters/4f3deec3-efa8-4598-bf91-560aad1377a3/public/open

{
  "eip" : {
    "band_width" : {
      "size" : 5
    }
  },
  "white_list" : "127.0.0.1",
  "is_auto_pay" : 1
}

Example Responses

Status code: 200

Request succeeded.

{
  "action" : "bindZone"
}

SDK Sample Code

The SDK sample code is as follows.

Java

Enable public network access.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.css.v1.region.CssRegion;
import com.huaweicloud.sdk.css.v1.*;
import com.huaweicloud.sdk.css.v1.model.*;


public class CreateBindPublicSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CssClient client = CssClient.newBuilder()
                .withCredential(auth)
                .withRegion(CssRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateBindPublicRequest request = new CreateBindPublicRequest();
        request.withClusterId("{cluster_id}");
        BindPublicReq body = new BindPublicReq();
        body.withIsAutoPay(1);
        body.withEip("{\"band_width\":{\"size\":5}}");
        request.withBody(body);
        try {
            CreateBindPublicResponse response = client.createBindPublic(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Python

Enable public network access.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcss.v1.region.css_region import CssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcss.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateBindPublicRequest()
        request.cluster_id = "{cluster_id}"
        request.body = BindPublicReq(
            is_auto_pay=1,
            eip="{\"band_width\":{\"size\":5}}"
        )
        response = client.create_bind_public(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Go

Enable public network access.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    css "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/css/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/css/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/css/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := css.NewCssClient(
        css.CssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateBindPublicRequest{}
	request.ClusterId = "{cluster_id}"
	isAutoPayBindPublicReq:= int32(1)
	var eipEip interface{} = "{\"band_width\":{\"size\":5}}"
	request.Body = &model.BindPublicReq{
		IsAutoPay: &isAutoPayBindPublicReq,
		Eip: &eipEip,
	}
	response, err := client.CreateBindPublic(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

More

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Request succeeded.

400

Invalid request.

Modify the request before retry.

409

The request could not be completed due to a conflict with the current state of the resource.

The resource that the client attempts to create already exists, or the update request fails to be processed because of a conflict.

412

The server did not meet one of the preconditions contained in the request.

Error Codes

See Error Codes.