The API server certificate of a Container Service for Kubernetes (ACK) cluster contains the Subject Alternative Name (SAN) field. By default, this field contains the domain name and IP address of the cluster. This field also contains the elastic IP address (EIP) and private IP address of the Server Load Balancer (SLB) instance that is associated with the API server of the cluster. You can customize the SAN if you want to access the ACK cluster by using a proxy or through a different domain name. This topic describes how to customize the SAN of the API server certificate when you create an ACK cluster. This topic also describes how to update the SAN of the API server certificate for an existing ACK cluster.
SAN is an extension to X.509. SAN allows you to associate various values with an SSL certificate by adding the values to the
subjectAltName field. The values can be IP addresses, domain names, URIs, or email addresses.
- You cannot customize the SAN of the API server certificate when you create an ASK cluster.
- You can update the SAN of the API server certificate for an existing ASK cluster.
Customize the SAN of the API server certificate when you create an ACK cluster
This example describes how to customize the SAN of the API server certificate when you create a managed Kubernetes cluster.
On the Cluster Configurations wizard page, click Show Advanced Options. In the Custom Certificate SANs field, enter the SAN that you want to add to the API server certificate. For more information, see Create a managed Kubernetes cluster.
In the preceding figure, two domain names and an IP address are entered in the Custom Certificate SANs field.
Update the SAN of the API server certificate for an existing ACK cluster
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, click Clusters.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
- On the details page of the cluster, click the Basic Information tab and click Update on the right side of Custom Certificate SANs.
- In the Update Custom SAN dialog box, set the Custom Certificate SANs parameter.
- Click OK.