How do I connect to a private Amazon EKS cluster endpoint from outside the Amazon VPC?
I want to connect to a private Amazon Elastic Kubernetes Service (Amazon EKS) cluster endpoint from outside the Amazon Virtual Private Cloud (Amazon VPC). For example, I want to connect a peered VPC to AWS Direct Connect.
Resolution
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
You can use a peered VPC to automatically resolve to the private Amazon EKS cluster endpoint.
Run the following command to check the connectivity between your local machine and the EKS endpoint:
curl -iv EKS API SERVER ENDPOINT
Note: Make sure that your cluster API server endpoint is an HTTPS URL.
If you activate only private endpoint access, then Amazon EKS automatically advertises the endpoints' private IP addresses through the API server's public DNS name. If you configure your client through aws eks update-kubeconfig or eksctl, then the client uses the public DNS name to resolve and connect to private endpoints. The client automatically performs these actions through the peered VPC. For an example of this type of client, see Command line tool (kubectl) on the Kubernetes website.
For more information, see Accessing a private only API server.
Relevant content
- Accepted Answerasked 2 years ago
- asked 2 years ago
- asked a year ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 7 months ago
