By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EKS Cluster Nodeport access connection refused.

0

Hello,

I created an EKS cluster with a self-managed node group of two ec2 nodes. And deployed AWX operator with an awx instance. everything went OK until the step of accessing the nodeport through one of the nodes private IP, I got connection refused. the SG is the same for the cluster and both nodes, with a rule to allow inbound traffic to service port.

Note: the flow is open to the worker node's private IP (through VPN) I can access it using SSH.

from inside the node I am able to do curl:

curl -Is  http://localhost:svc_port
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2022 18:31:54 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1054
Connection: keep-alive
Vary: Accept-Language, Origin, Cookie
Content-Language: en
X-API-Total-Time: 0.032s
X-API-Request-Id: 6ba658763873asdfasdf36574367
Access-Control-Expose-Headers: X-API-Request-Id
Strict-Transport-Security: max-age=15768000
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache

Thanks,

Gasoul

Topics
ComputeContainers
Tags
Amazon EC2Amazon Elastic Kubernetes Service
Language
English
rePost-User-8446994
asked 2 years ago2456 views
1 Answer
1

The Security Group will not return a "connection refused" error. Security Groups act like firewalls. If the rules in the Security Group don't allow the traffic, then no response is returned, the packets will be dropped, and requests usually time out. "Connection Refused" generally means that you reached the host, on a particular network port, but the service you attempted to reach on that port is not listening on that port. For example, if you were trying to access HTTP on port 80, but the service was actually listening on port 8080, and nothing else was listening on port 80, then the attempt to request on port 80 would be refused by the host.

Additional troubleshooting should include trying to access the host:port from another host, preferably in the same network segment and affected by the same Security Groups. This troubleshooting document might help as well.

profile pictureAWS
jimmyray
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content