DNS Resolution for EKS Clusters Using Private Endpoints
You can now automatically resolve to the private Amazon EKS cluster endpoint when using a peered VPC. This allows you to easily access a cluster using AWS Direct Connect from on-premises to an EKS cluster that is only accessible within a VPC.
Previously, if you only enabled the private endpoint for your EKS cluster, there was no automatic way to dynamically get the IP address of the private endpoint within the VPC. This made it difficult to connect to the private cluster endpoint from outside of the VPC, such as with a peered VPC and AWS Direct Connect.
Now, when only the private endpoint is enabled, Amazon EKS automatically advertises the private IP addresses of the private endpoint from the public endpoint. Clients (such as the kubectl CLI tool) use the public endpoint as a DNS resolver to connect to the private endpoint through a peered VPC automatically. Since these are always private IPs, clients without access to the private VPC, may receive the IP, but are unable to connect to the cluster.
Private endpoint DNS resolution is available for all newly created Amazon EKS clusters today. Over the coming month, EKS will update all existing clusters to have automatic private endpoint DNS resolution without requiring any action.
Learn more in the Amazon EKS documentation.