[Feature] Support the alternative OIDC EKS endpoint

[asjarre]

What feature/behavior/change do you want?

I propose that the eksctl tool be enhanced to support the eks.<region>.api.aws OIDC endpoint.

Why do you want this feature?

This is required because when eksctl associates the OIDC provider from within a VPC that has the EKS VPC endpoint enabled, it can't reach the default OIDC endpoint oidc.eks.<region>.amazonaws.com due to DNS resolution failing:

nslookup oidc.eks.us-east-1.amazonaws.com
Server:         192.168.0.2
Address:        192.168.0.2#53

** server can't find oidc.eks.us-east-1.amazonaws.com: NXDOMAIN

As a workaround, the endpoint eks.<region>.api.aws was created in this container roadmap issue but eksctl doesn't support this endpoint at present.

2025-06-09 22:54:10 [:heavy_multiplication_x:]  connecting to issuer OIDC: Get "https://oidc.eks.us-east-1.amazonaws.com:443/id/XXXXXXXXXXXXXXXXXXXXXXXX": dial tcp: lookup oidc.eks.us-east-1.amazonaws.com on 192.168.0.2:53: no such host

The above behaviour leads to failures when associating the OIDC provider using eksctl from within a VPC with an EKS VPC endpoint enabled.

[github-actions]

Hello asjarre 👋 Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website