Serverless Kubernetes (ASK) supports Knative services. To enable this feature, configure a gateway by using Server Load Balancer (SLB). ASK allows you to send HTTP and HTTPS requests to access Knative services through a gateway. By default, Knative generates a self-signed certificate for HTTPS connections. This certificate can secure all domains. Therefore, you can use the certificate to test application services. Before you use Knative to deploy application services, configure an SSL certificate and specify the certificate ID in Kubernetes annotations. This topic describes how to view, create, and use an SSL certificate.

For more information about Knative gateways, see Knative Gateway.

View the default certificate

  1. Log on to the Server Load Balancer console.
  2. In the left-side navigation pane, click Certificates.
  3. On the Certificates page, find knative-default-gateway-cert. This certificate is automatically generated by Knative. You can use this certificate to test application services.

Create a certificate

You can use a certificate issued by Alibaba Cloud or upload a third-party certificate. For more information, see Select a certificate from Alibaba Cloud SSL Certificates Service and Upload a third-party certificate.

Use a certificate that you create

  1. Log on to the Server Load Balancer console.
  2. In the left-side navigation pane, click Certificates.
  3. On the Certificates page, find the certificate that you want to use, move the pointer over the certificate ID, and click the icon icon in the Certificate Name/ID column. The certificate ID is copied.
  4. Before you use Knative, configure a gateway. In the following code block, set service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id to the certificate ID that you obtain in 3. Then, you can use the certificate for HTTPS connections.
    apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-protocol-port: "https:443"
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id: "${YOUR_CERT_ID}"
  name: nginx
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: LoadBalancer

Configure multi-domain SSL certificates

SLB enables multi-domain SSL certificates. This allows you to secure multiple domains by using a single certificate. You can configure multiple certificates for an SLB instance.
Note For more information about how to manage domains, see Add a domain name extension.
  1. Log on to the Server Load Balancer console.
  2. Select the region of the target SLB instance.
  3. Find the target SLB instance and click the instance ID.
  4. On the Listener tab, find the HTTPS listener you create, and choose Listener > Manage Additional Certificate in the Actions column.
    Note On the Listener tab, Frontend Protocol/Port of an HTTPS listener starts with HTTPS.
  5. In the Manage Additional Certificate panel, click Add Additional Certificate, and specify Additional Certificate and Select Server Certificate.

    A domain can contain only letters, digits, hyphens (-), and periods (.), and must start with a letter or a digit. To check whether the domain is valid, use the domain detection tool.

  6. Click OK.