启用私有访问后，无法访问VPC中的EKS API服务器终结点 [英] Can't access EKS api server endpoint within VPC when private access is enabled

问题描述

我已经设置了启用私有访问"的EKS cluser，并在同一VPC中设置了一个实例以与EKS通信.问题是，如果启用公共访问"，则可以访问api端点.但是，如果我禁用了公共访问权限并启用了私有访问权限，则无法访问api端点.

I have set up EKS cluser with "private access" enabled and set up one instance in the same VPC to communicate with EKS. The issue is if I enable to the "public access", I can access the api endpoint. But if I disable the public access and enable the private access, I can't access api endpoints.

启用私人访问后:

kubectl get svc
Unable to connect to the server: dial tcp: lookup randomstring.region.eks.amazonaws.com on 127.0.0.53:53: no such host

启用公共访问权限后:

kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   172.20.0.1   <none>        443/TCP   57m

推荐答案

我必须为我的VPC启用enableDnsHostnames和enableDnsSupport.

I had to enable enableDnsHostnames and enableDnsSupport for my VPC.

启用集群的私有访问后，EKS会创建一个私有托管区域并与同一VPC关联.它由AWS本身管理，您无法在AWS账户中查看它.因此，此私有托管区域要正常工作，您的VPC必须将enableDnsHostnames和enableDnsSupport设置为true.

When enabling the private access of a cluster, EKS creates a private hosted zone and associates with the same VPC. It is managed by AWS itself and you can't view it in your aws account. So, this private hosted zone to work properly, your VPC must have enableDnsHostnames and enableDnsSupport set to true.

注意:请稍等片刻，以反映更改(大约5分钟).

Note: Wait for a while for changes to be reflected(about 5 minutes).

这篇关于启用私有访问后，无法访问VPC中的EKS API服务器终结点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！