The API server certificate of a Alibaba Cloud Container Compute Service (ACS) cluster contains the Subject Alternative Name (SAN) field. By default, this field contains the domain name of the cluster, private IP address of the Server Load Balancer (SLB) instance associated with the API server of the cluster, and the private IP address and elastic IP address (EIP) of the API server. If you require proxy-based access or cross-domain access, you can customize the SANs for an existing cluster in the ACS console.
Prerequisites
An ACS cluster is created. For more information, see Create an ACS cluster.
You cannot customize the SANs for an ACS cluster when you create the cluster. You can only update the SANs for an existing ACS cluster.
SAN overview
SAN is an extension to X.509. SAN allows you to associate various values with an SSL certificate by adding the values to the subjectAltName
field. The values can be IP addresses, domain names, URIs, or email addresses.
Customize the SANs of the API server certificate of a cluster
After you update or modify the custom SANs of the API server certificate for an existing cluster, the API server will restart. Perform this operation during off-peak hours.
Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the ID of the cluster that you want to manage or click Details in the Actions column of the cluster.
On the cluster details page, click the Basic Information tab and click Update on the right side of Custom Certificate SANs.
In the Update Custom SAN dialog box, configure the Custom Certificate SANs parameter and click OK.