AWS EKS Windows Pod unable to resolve DNS

Question

I have an EKS cluster. Version is 1.21.
I started with  Self Managed windows nodes
I added self managed linux node group.
I deployed an application on Linux node group.
I am running MSSQL on Linux.
I have a windows container running in Windows node group.
Windows container is trying to access mssql service. 
It is not able to find this service.
DNS resolution is working fine on Linux nodes but not working on Windows nodes.

Let me know if you have any suggestions.

Answer

I would like to elaborate further on AWS-User-3414175's answer. Make sure that your windows nodegroup IAM role mapping in the aws-auth ConfigMap has an additional RBAC permission group `eks:kube-proxy-windows` specified. Please find the sample aws-auth ConfigMap below.

Refer to https://docs.aws.amazon.com/eks/latest/userguide/launch-windows-workers.html#aws-management-console for more info.

```
apiVersion: v1
kind: ConfigMap
metadata:
  name: aws-auth
  namespace: kube-system
data:
  mapRoles: |
    - rolearn: ARN of instance role (not instance profile) of **Linux** node
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes
    - rolearn: ARN of instance role (not instance profile) of **Windows** node
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes
        - eks:kube-proxy-windows
```

Answer

A possible cause for this is the incorrectly configured aws-auth configmap. 
Please check the aws-auth config map for any duplicate entries. Also, ensure that you have separate IAM roles for the Windows and Linux nodes.

AWS EKS Windows Pod unable to resolve DNS

関連するコンテンツ