The API server certificate of a Container Service for Kubernetes (ACK) cluster contains the Subject Alternative Name (SAN) field. By default, this field contains the domain name and IP address of the cluster. The elastic IP addresses (EIPs) and internal IP addresses of the Server Load Balancer (SLB) instances that are associated with the cluster are also included in this field. You can customize the SAN if you want to access the ACK cluster by using a proxy or through a different domain name. This topic describes how to add a SAN to the API server certificate when you create an ACK cluster. This topic also describes how to update the SAN of the API server certificate for an ACK cluster.
SAN is an extension of X.509. SAN allows you to associate various values with an SSL
certificate by adding the values to the
subjectAltName field. The values can be IP addresses, domain names, URIs, and email addresses.
Add a SAN to the API server certificate when you create an ACK cluster
This example describes how to add a SAN to the API server certificate when you create a managed Kubernetes cluster.
On the Cluster Configurations wizard page, click Show Advanced Options. In the Custom Certificate SANs field, enter the SAN that you want to add to the API server certificate. For more information, see Create a managed Kubernetes cluster.
In the preceding figure, two domain names and an IP address are entered in the Custom Certificate SANs field.
Update the SAN of the API server certificate for an ACK cluster
- Log on to the ACK console.
- In the left-side navigation pane, click Clusters.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
- On the details page of the cluster, click the Basic Information tab and click Update on the right side of Custom Certificate SANs.
- In the Update Custom SAN dialog box, set the Custom Certificate SANs parameter.
- Click OK.