lookup oidc.eks.us-east-1.amazonaws.com on 10.1.1.2:53: no such host #3258
Comments
|
duplicate of #3237 |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
When running Terraform on a network with an EKS VPC Endpoint, the process fails to get data from the tls_certificate resource
The error occurs because the domain oidc.eks.us-east-1.amazonaws.com becomes inaccessible once the EKS VPC Endpoint is created. This behavior is documented by AWS:
If you enabled the EKS VPC endpoint, the EKS OIDC service endpoint couldn’t be accessed from inside that VPC. Consequently, operations such as creating an OIDC provider with eksctl within the VPC will not work.Suggestion:
Use the dualstack_oidc_issuer_url to access the tls_certificate data, the dualstack url uses another domain and is not overridden by DNS
Place to fix the code:
terraform-aws-eks/main.tf
Line 415 in a713f6f
Suggested code to be used:
Versions
Module version [Required]: v20.31.6
Terraform version: 1.9.8
Provider version(s):
Reproduction Code [Required]
Plain tf code.
Steps to reproduce the behavior:
Expected behavior
Actual behavior
Terminal Output
| with module.eks.module.eks.data.tls_certificate.this[0],
│ on .terraform/modules/eks.eks/main.tf line 344, in data "tls_certificate" "this":
│ 344: data "tls_certificate" "this" {
│
│ failed to fetch certificates from URL 'https': Get "https://oidc.eks.us-east-1.amazonaws.com:443/id/???????": dial tcp: lookup
│ oidc.eks.us-east-1.amazonaws.com on 10.1.1.2:53: no such host
The text was updated successfully, but these errors were encountered: