The API server certificate of an Alibaba Cloud Container Compute Service (ACS) cluster includes a Subject Alternative Name (SAN) field. By default, this field contains the following values:
The cluster's domain name
The private IP address of the API server's Server Load Balancer (SLB) instance
The local IP address of the API server service
The public Elastic IP Address (EIP)
If you have special requirements for proxy or cross-domain access, you can customize the SAN field for an existing cluster in the ACS console.
SAN overview
SAN is an extension to the X.509 standard. It allows you to associate multiple values with an SSL certificate by using the subjectAltName field. These values can include:
IP addresses
Domain names
URIs
Email addresses
Prerequisites
An ACS cluster is created. For more information, see Create an ACS cluster.
You cannot customize the SANs for an ACS cluster when you create the cluster. You can only update the SANs for an existing ACS cluster.
Customize the SANs of the API server certificate
Updating or modifying the custom SANs triggers a brief restart of the cluster's API server. Perform this operation during off-peak hours.
Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its ID or click Details in the Actions column of the cluster.
On the cluster details page, click the Basic Information tab, and then click Edit to the right of Custom Certificate SANs.
In the Update Custom SAN dialog box, configure the Custom Certificate SANs field and click OK.