Access a workflow cluster through a domain name - Container Service for Kubernetes

To access the workflow cluster console through a custom domain name, you need to create a CNAME record to map the custom domain name to the default domain name of the workflow cluster and configure an SSL certificate. Then, you can use a CloudSSO account to access the console through https://${your-domain}:2746.

Prerequisites

Procedure

Log on to the Alibaba Cloud DNS console and create a CNAME record to map the custom domain name to the default domain name of the workflow cluster.
The default domain name of a workflow cluster is argo.${your-workflow-cluster-id}.${region}.alicontainer.com.
- ${your-workflow-cluster-id}: Replace it with the ID of your workflow cluster.
- ${region}: Replace it with the region of the workflow cluster.
Install the SSL certificate in the workflow cluster to allow your browser to trust the domain name.
After the certificate is downloaded, perform the following steps.
1. Run the following command to create a Secret named argo-server-tls in the workflow cluster.
  Replace ${your-workflow-cluster-id} with the ID of your workflow cluster.
```
kubectl create -n ${your-workflow-cluster-id} secret tls argo-server-tls \
  --cert=/path/to/cert.pem \
  --key=/path/to/key.pem
```
2. Add the Secret to the argo-server file of the workflow cluster.
  1. Run the following command to modify the argo-server file.
    Replace ${your-workflow-cluster-id} with the ID of your workflow cluster.
  2. ```
  kubectl -n ${your-workflow-cluster-id} edit deploy argo-server  
```
3. Add the following configuration to the argo-server file:
```
  --tls-certificate-secret-name=argo-server-tls
```
Add the custom domain name to the callback URL of the OAuth application in Resource Access Management (RAM).
1. Log on to the RAM console with your Alibaba Cloud account.
2. In the left-side navigation pane, choose Integrations > OAuth Preview.
3. On the Enterprise Applications tab, click the ackone-argo-${your-workflow-cluster-id}@app.${your-uid}.onaliyun.com application. ${your-workflow-cluster-id} indicates the ID of your workflow cluster and ${your-uid} indicates the ID of your Alibaba Cloud account.
4. In the Basic Information section, click Edit Basic Information. Set Callback URL to https://${your-domain}:2746/oauth2/callback. Replace ${your-domain} with your domain name.
Enter https://${your-domain}:2746 into the address bar of your browser and use a CloudSSO account to access the workflow cluster console. Replace ${your-domain} with your domain name.

References

For more information about how to use an Alibaba Cloud domain name, see Register a domain name on Alibaba Cloud.
For more information about how to create a workflow, see Create a workflow.
For more information about how to use Managed Service for Prometheus to monitor a workflow cluster in real time, see Enable Managed Service for Prometheus.