[Go] kubens can't switch namespace with private cluster endpoint on aws

[dstandish]

After switching my aws eks cluster endpoint from public to private, I confirmed I was still able to call get pods and get ns.

But when i try to switch namespaces with the go version of kubens i get this error:

error: failed to query if namespace exists (is cluster accessible?)
failed to query namespace "<namespace>" from k8s API
Get "https://<endpoint url>"
dial tcp: lookup <endpoint url> on <private ip>:53
read udp <private ip>:49776-><private ip>:53: i/o timeout

After reverting to homebrew version (bash), kubens works properly.

[ahmetb]

Can you please redact less, it's hard to understand what's happening? My initial guess is that somehow the Go process is not able to talk to the DNS server on your local network/router.

[dstandish]

Sure:

lookup Get "https://{cluster endpoint}/api/v1/namespaces/{namespace}" on 192.168.86.1:53
read udp 192.168.86.70:49776->192.168.86.1:53

Cluster endpoint is just the cluster endpoint i.e. what you would find in .kube/config.

Does Go perhaps use a different port or protocol than kubectl? I think kubectl only needs tcp / 443.

[ahmetb]

read udp 192.168.86.70:49776->192.168.86.1:53: i/o timeout

This reads: your IP 192.168.86.70 connecting to the local DNS server on your local network at 192.168.86.1:53 (to resolve {cluster endpoint} domain name) and it's timing out. If you're using something that prevents this, that's probably the culprit. A lot of people use both Go/bash implementations just fine, so I suspect this is a setup issue on your end.