Connecting to EKS through Lens with Zscaler SSL Inspection

If your organization uses Zscaler with SSL inspection enabled, you may encounter connection issues when trying to connect to EKS clusters through Lens. This happens because SSL inspection intercepts and re-encrypts traffic, which can interfere with Kubernetes authentication. Solution Options Option 1: Bypass SSL Inspection (Recommended) The most reliable solution is to configure Zscaler to bypass SSL inspection for EKS endpoints. Contact your IT team to add EKS API server endpoints to the SSL inspection bypass list. This allows direct, uninterrupted communication between Lens and your EKS clusters. Option 2: Configure Custom CA Certificate If bypassing SSL inspection is not possible, you can try configuring Lens to work with your Zscaler custom CA certificate: Obtain the Zscaler custom CA certificate from your IT team Add the certificate directly to your kubeconfig under the EKS cluster configuration as certificate-authority-data (use the base64 encoded value, not a file path) Remove any existing certificate-authority: file references from the kubeconfig Configure Lens to trust the Zscaler CA by setting the Node.js CA trust environment variable NODE_EXTRA_CA_CERTS to point to the Zscaler CA file Restart Lens after setting the CA trust Remove the EKS cluster from Lens and re-add it using the updated kubeconfig Verify the cluster connection Note: The custom CA certificate method may not always work reliably due to the complexity of SSL inspection with Kubernetes authentication. Bypassing SSL inspection for EKS endpoints is the preferred solution. If you continue to experience issues after trying these steps, contact your IT team to discuss the best approach for your organization's security requirements.