启用私有访问后，无法访问 VPC 内的 EKS api 服务器端点 [英] Can't access EKS api server endpoint within VPC when private access is enabled

问题描述

我设置了启用私有访问"的 EKS 集群，并在同一 VPC 中设置了一个实例以与 EKS 通信.问题是如果我启用公共访问"，我可以访问 api 端点.但是如果我禁用公共访问并启用私有访问，我将无法访问 api 端点.

I have set up EKS cluser with "private access" enabled and set up one instance in the same VPC to communicate with EKS. The issue is if I enable to the "public access", I can access the api endpoint. But if I disable the public access and enable the private access, I can't access api endpoints.

启用私人访问时:

kubectl get svc
Unable to connect to the server: dial tcp: lookup randomstring.region.eks.amazonaws.com on 127.0.0.53:53: no such host

当启用公共访问时:

kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   172.20.0.1   <none>        443/TCP   57m

推荐答案

我必须为我的 VPC 启用 enableDnsHostnames 和 enableDnsSupport.

I had to enable enableDnsHostnames and enableDnsSupport for my VPC.

在启用集群的私有访问时，EKS 会创建一个私有托管区域并与同一个 VPC 关联.它由 AWS 自己管理，您无法在您的 aws 账户中查看它.因此，此私有托管区域要正常工作，您的 VPC 必须将 enableDnsHostnames 和 enableDnsSupport 设置为 true.

When enabling the private access of a cluster, EKS creates a private hosted zone and associates with the same VPC. It is managed by AWS itself and you can't view it in your aws account. So, this private hosted zone to work properly, your VPC must have enableDnsHostnames and enableDnsSupport set to true.

注意:请稍等片刻以反映更改(约 5 分钟).

Note: Wait for a while for changes to be reflected(about 5 minutes).

这篇关于启用私有访问后，无法访问 VPC 内的 EKS api 服务器端点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！