启用私有访问后,无法访问 VPC 内的 EKS api 服务器端点 [英] Can't access EKS api server endpoint within VPC when private access is enabled
问题描述
我设置了启用私有访问"的 EKS 集群,并在同一 VPC 中设置了一个实例以与 EKS 通信.问题是如果我启用公共访问",我可以访问 api 端点.但是如果我禁用公共访问并启用私有访问,我将无法访问 api 端点.
I have set up EKS cluser with "private access" enabled and set up one instance in the same VPC to communicate with EKS. The issue is if I enable to the "public access", I can access the api endpoint. But if I disable the public access and enable the private access, I can't access api endpoints.
启用私人访问时:
kubectl get svc
Unable to connect to the server: dial tcp: lookup randomstring.region.eks.amazonaws.com on 127.0.0.53:53: no such host
当启用公共访问时:
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 57m
推荐答案
我必须为我的 VPC 启用 enableDnsHostnames
和 enableDnsSupport
.
I had to enable enableDnsHostnames
and enableDnsSupport
for my VPC.
在启用集群的私有访问时,EKS 会创建一个私有托管区域并与同一个 VPC 关联.它由 AWS 自己管理,您无法在您的 aws 账户中查看它.因此,此私有托管区域要正常工作,您的 VPC 必须将 enableDnsHostnames
和 enableDnsSupport
设置为 true
.
When enabling the private access of a cluster, EKS creates a private hosted zone and associates with the same VPC. It is managed by AWS itself and you can't view it in your aws account. So, this private hosted zone to work properly, your VPC must have enableDnsHostnames
and enableDnsSupport
set to true
.
注意:请稍等片刻以反映更改(约 5 分钟).
Note: Wait for a while for changes to be reflected(about 5 minutes).
这篇关于启用私有访问后,无法访问 VPC 内的 EKS api 服务器端点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!