Serverless Kubernetes (ASK) supports Knative services. To enable this feature, configure
a gateway by using Server Load Balancer (SLB). ASK allows you to send HTTP and HTTPS
requests to access Knative services through a gateway. By default, Knative generates
a self-signed certificate for HTTPS connections. This certificate can secure all domains.
Therefore, you can use the certificate to test application services. Before you use
Knative to deploy application services, configure an SSL certificate and specify the
certificate ID in Kubernetes annotations. This topic describes how to view, create,
and use an SSL certificate.
View the default certificate
- Log on to the Server Load Balancer console.
- In the left-side navigation pane, click Certificates.
- On the Certificates page, find knative-default-gateway-cert. This certificate is automatically generated
by Knative. You can use this certificate to test application services.
Use a certificate that you create
- Log on to the Server Load Balancer console.
- In the left-side navigation pane, click Certificates.
- On the Certificates page, find the certificate that you want to use, move the pointer over the certificate
ID, and click the
icon in the Certificate Name/ID column. The certificate ID is copied.
- Before you use Knative, configure a gateway. In the following code block, set
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id
to the certificate ID that you obtain in 3. Then, you can use the certificate for HTTPS connections.apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-protocol-port: "https:443"
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id: "${YOUR_CERT_ID}"
name: nginx
spec:
ports:
- port: 443
protocol: TCP
targetPort: 80
selector:
run: nginx
type: LoadBalancer
Configure multi-domain SSL certificates
SLB enables multi-domain SSL certificates. This allows you to secure multiple domains
by using a single certificate. You can configure multiple certificates for an SLB
instance.
- Log on to the Server Load Balancer console.
- Select the region of the target SLB instance.
- Find the target SLB instance and click the instance ID.
- On the Listener tab, find the HTTPS listener you create, and choose in the Actions column.
Note On the Listener tab, Frontend Protocol/Port of an HTTPS listener starts with HTTPS.
- In the Manage Additional Certificate panel, click Add Additional Certificate, and specify Additional Certificate and Select Server Certificate.
A domain can contain only letters, digits, hyphens (-), and periods (.), and must
start with a letter or a digit. To check whether the domain is valid, use the domain detection tool.
- Click OK.