An EKS app running on fargate worker nodes is failing to connect to an elasticache redis cluster within the same subnet

0
votes

I have an app running on a EKS (kubernetes) cluster. The cluster was created with the eksctl tool. I'm running fargate only. The app needs to connect to an elasticache redis cluster, which I spun up within the same subnet as the fargate worker. The connection errors out with:

{ Error: Redis connection to my-redis.kptb5s.ng.0001.use1.cache.amazonaws.com:6379 failed - connect ETIMEDOUT 192.168.116.58:6379                               │
│     at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1107:14)                                                                                                               │
│   errno: 'ETIMEDOUT',                                                                                                                                                             │
│   code: 'ETIMEDOUT',                                                                                                                                                              │
│   syscall: 'connect',                                                                                                                                                             │
│   address: '192.168.116.58',                                                                                                                                                      │
│   port: 6379 }

How can I troubleshoot this? I need to get this connection to redis working. What are the most likely issues?

1
network-programmingamazon-vpcamazon-elasticacheaws-fargateamazon-eks
Were you able to resolve this @Johnny5?Sharjeel

1 Answers

0
votes

The most likely reason (based on the above) is that the Security Groups setup do not allow traffic to flow from the pod to the redis instance on port 6379. Assuming the EKS cluster SG associated to the pod has all outbound flow allowed, I would focus on the SG assigned to the Redis cluster endpoint (which needs to allow traffic from the EKS cluster security group).