Why can't I connect to my Amazon EKS cluster?
Last updated: 2020-01-20
I created an Amazon Elastic Kubernetes Service (Amazon EKS) cluster, but I can't connect to my cluster.
After you create your Amazon EKS cluster, you must then configure your kubeconfig file with the AWS Command Line Interface (AWS CLI). This configuration allows you to connect to your cluster using the kubectl command line.
The following resolution shows you how to create a kubeconfig file for your cluster with the AWS CLI update-kubeconfig command. To manually update your kubeconfig file without using the AWS CLI, see Create a kubeconfig for Amazon EKS.
1. To confirm that AWS CLI version 1.16.308 or greater is installed on your system, run the following command:
$ aws --version
Important: You must have Python version 2.7.9 or greater installed on your system. Otherwise, you receive an error. For more information, see the What are "hostname doesn't match" errors? section in Frequently Asked Questions.
Tip: Package managers such yum, apt-get, or homebrew for macOS are often used to install the AWS CLI. To verify that you have the latest version of the AWS CLI, see Installing the AWS CLI.
2. To create or update the kubeconfig file for your cluster, run the following command:
aws eks --region region update-kubeconfig --name cluster_name
Note: Replace region with your AWS Region. Replace cluster_name with your cluster name.
By default, the configuration file is created at the kubeconfig path ($HOME/.kube/config) in your home directory or merged with an existing kubeconfig at that location. For Windows, the file is at %USERPROFILE%\.kube\config.
You can also specify another path by setting the KUBECONFIG environment variable, or with the following --kubeconfig option:
$ kubectl get pods --kubeconfig ./.kube/config
Note: For authentication when you run kubectl commands, you can specify an AWS Identity and Access Management (IAM) role Amazon Resource Name (ARN) with the --role-arn option. Otherwise, the IAM entity in your default AWS CLI or SDK credential chain is used. To view your default AWS CLI or SDK identity, run the aws sts get-caller-identity command.
For more information, see update-kubeconfig.
3. To test your configuration, run the following command:
$ kubectl get svc
The output should be similar to the following:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE svc/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 1m
Note: If you receive other authorization or resource type errors, see Unauthorized or Access Denied (kubectl).