EKS Kubernetes API private vs public access

If kubernetes API service on EKS is private not exposed over internet, could I then create ingress which is exposed over the internet?

Solution

While it is technically possible to create an ingress for the Kubernetes API service, you will inevitably get certificate mismatch errors. If you're trying to restrict access to the public API endpoint you can create a whitelist of CIDRs, see Amazon EKS cluster endpoint access control. If your question is about using ingress when the API endpoint is private, the answer is "yes" unless your VPC doesn't have an IGW.

Stop kubectl from printing "pod curl deleted" at end
Delete Kubernetes namespace with delay
How to remove claim from a persistent volume when it was released?
how to list all the pods who request special resource in k8s like gpu
How to configure kubectl with cluster information from a .conf file?
How to generate YAML template with kubectl command?
Kubernetes pod gets recreated when deleted
Rancher helm chart, cannot find secret bootstrap-secret
Airflow Helm Chart Worker Node Error - CrashLoopBackOff
Kubectl error: memcache.go:265] couldn’t get current server API group list: Get
Restrict login access to the container
kubectl Please enter Username: error: EOF
Trying to create a namespace in an AWS EKS cluster with kubectl - Getting: Error from server (Forbidden): namespaces is forbidden
Tailing few lines from huge logs of kubectl logs -f
Kubernetes - display current pods vs. capacity with kubectl
kubectl not working on my windows 10 machine
Execute bash command in pod with kubectl?
How do I get the External IP of a Kubernetes service as a raw value?
Allocated Resources percentage in "kubectl top node"
kubectl port-forward multiple services
How to add custom host entries to kubernetes Pods?
How can I find the list of field selectors supported by kubectl for a given resource type?
oh-my-zsh fast dry-run=client -o yaml for kubectl
Listing all resources in a namespace
Cannot install kubernetes helm chart Error: cannot re-use a name that is still in use
How to check what port a pod is listening on with kubectl and not looking at the dockerFile?
kubectl how to list all contexts
kubectl unable to connect to server: x509: certificate signed by unknown authority
Define size for /dev/shm on container engine
Kubernetes - delete all jobs in bulk