Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!
2 services across different clusters not able to communicate but can communicate on same cluster
I have 2 clusters of ec2 launch type and both ec2 instances have same security group nginx and test in same namespace (nginx_main) nginx cluster has only one service called nginx the task definition for nginx has one container with following specification network mode bridge port mappings 80 -> 80, 443 -> 443 service connect is on and service type is client only
test cluster has one service called black_ink_website_backend the task definition for black_ink_website_backend has one container with following specification network mode bridge port mappings 1339->1337 service connect is on and service type is client server
nginx serivce is the internet facing service and I am getting 504 upstream timeout error in nginx but if I start the service in same cluster I am not getting 504 and system is working
I would also like to point out that I am not using ALB, it is a single ec2 instance per cluster
1339 port is available in inbound rules
upstream blackInkWebsiteBackend {
server black_ink_website_backend-3000-tcp.nginx_main:1339; # <-- service connect endpoint
}
server {
client_max_body_size 2048M;
listen 80;
listen [::]:80;
server_name : api.blackink.in;
location / {
proxy_pass http://blackInkWebsiteBackend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
client_max_body_size 7M;
listen 443 ssl;
listen [::]:443 ssl;
server_name api.blackink.in;
ssl_certificate /etc/letsencrypt/live/api.blackink.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.blackink.in/privkey.pem;
# Other SSL settings can be added here
location / {
proxy_pass http://blackInkWebsiteBackend;
# Other proxy settings can be added here
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
here is my nginx config, and both services are running properly which I have verified in logs
also there is one more thing that if I run both of them on same cluster it works properly
- Newest
- Most votes
- Most comments
As pointed out by @Riku_Kobayashi I had a problem with security group I was not able to figure out the main problem but I allowed all traffic from same security group and it started working
Hello.
I believe Cloud Map has been configured, but are records registered in the Route53 private hosted zone?
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/interconnecting-services.html
By the way, what kind of error are you getting when you try to connect?
Relevant content
- asked 7 months ago
- AWS OFFICIALUpdated 3 years ago
I am getting 504 error, I have updated the question with more details
What are the security group's inbound rules configured? Are all necessary communications allowed?
I think security group is not the problem I have attached screenshots in the question