The API server certificate of a Container Service for Kubernetes (ACK) cluster contains the Subject Alternative Name (SAN) field. By default, this field contains the domain name and IP address of the cluster. The elastic IP addresses (EIPs) and internal IP addresses of the Server Load Balancer (SLB) instances that are associated with the cluster are also included in this field. You can customize the SAN if you want to access the ACK cluster by using a proxy or through a different domain name. This topic describes how to add a SAN to the API server certificate when you create an ACK cluster. This topic also describes how to update the SAN of the API server certificate for an ACK cluster.

Prerequisites

A managed Kubernetes cluster is created. You can customize the SAN of the API server certificate for only managed Kubernetes clusters. Managed Kubernetes clusters include standard managed Kubernetes clusters and professional managed Kubernetes clusters. This section lists the methods that you can use to create three types of managed Kubernetes clusters. You need only to create one cluster in this example.

Background information

SAN is an extension of X.509. SAN allows you to associate various values with an SSL certificate by adding the values to the subjectAltName field. The values can be IP addresses, domain names, URIs, and email addresses.

Add a SAN to the API server certificate when you create an ACK cluster

This example describes how to add a SAN to the API server certificate when you create a managed Kubernetes cluster.

On the Cluster Configurations wizard page, click Show Advanced Options. In the Custom Certificate SANs field, enter the SAN that you want to add to the API server certificate. For more information, see Create a managed Kubernetes cluster.

Note You can enter multiple values in the Custom Certificate SANs field. The values can be IP addresses, domain names, and URIs that comply with the conventions. Separate multiple values with commas (,).
an2

In the preceding figure, two domain names and an IP address are entered in the Custom Certificate SANs field.

Update the SAN of the API server certificate for an ACK cluster

Notice After you update the SAN of the API server certificate for an ACK cluster, the API server is restarted. Perform this operation during off-peak hours.
  1. Log on to the ACK console.
  2. In the left-side navigation pane, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. On the details page of the cluster, click the Basic Information tab and click Update on the right side of Custom Certificate SANs.
  5. In the Update Custom SAN dialog box, set the Custom Certificate SANs parameter.
  6. Click OK.