ASK Knative uses Server Load Balancer (SLB) instances as gateways. Knative gateways support both HTTP and HTTPS. By default, Knative generates a self-signed certificate for HTTPS connections. This certificate can secure all domain names. Therefore, you can use the certificate to test applications. Before you use Knative to deploy applications, configure an SSL certificate and specify the certificate ID in Kubernetes annotations. This topic describes how to view, create, and use an SSL certificate.

For more information about Knative gateways, see Knative Gateway.

View the default certificate

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose CLB (Formerly Known as SLB) > Certificates.
  3. On the Certificates page, find knative-default-gateway-cert. The knative-default-gateway-cert certificate is the default certificate of Knative. The default certificate is automatically generated by Knative. You can use this certificate to test applications.

Create a certificate

You can use a certificate issued by Alibaba Cloud or upload a third-party certificate. For more information, see Use a certificate from Alibaba Cloud SSL Certificates Service and Upload a third-party certificate.

Use a certificate that you create

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose CLB (Formerly Known as SLB) > Certificates.
  3. On the Certificates page, find the certificate that you want to use, move the pointer over the certificate ID, and then click the Copy the certificate ID icon in the Certificate Name/ID column. The certificate ID is copied.
  4. Before you use Knative, configure a gateway. In the following code block, set service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id to the certificate ID that you obtain in step 3. Then, you can use the certificate for HTTPS connections. 
    apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-protocol-port: "https:443"
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id: "${YOUR_CERT_ID}"
  name: nginx
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: LoadBalancer

Manage multi-domain certificates

SLB supports multi-domain SSL certificates. This allows you to secure multiple domains by using a single certificate. You can configure multiple certificates for an SLB instance.
Note For more information about how to manage domains, see Add an additional certificate.
  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose Instances > Instances.
  3. On the Instances page, find the SLB instance to which you want to add an additional certificate and click its instance ID.
  4. On the Listener tab, find the HTTPS listener that you create, and choose More > Manage Additional Certificate in the Actions column.
    Note On the Listener tab, HTTPS is displayed in the Frontend Protocol/Port column. This indicates that an HTTPS listener is configured.
  5. In the Manage Additional Certificate panel, click Add Additional Certificate, and specify Additional Certificate and Select Server Certificate.

    A domain can contain only letters, digits, hyphens (-), and periods (.),and must start with a letter or a digit. To check whether the domain is valid, use the domain detection tool.

  6. Click OK.