Help Center/ Cloud Container Instance/ FAQs/ Network Management FAQs/ What Do I Do If Error 504 Is Reported When I Access a Workload?

Updated on 2023-08-23 GMT+08:00

View PDF

What Do I Do If Error 504 Is Reported When I Access a Workload?

Generally, error 504 is reported when the security group is not configured to allow the traffic from the load balancer port to CCI workload pods. Check the security group used by the CCI workload pods and ensure that the security group rule allows the traffic from the port bound to the load balancer.

You can obtain the security group bound to a pod by calling the API for reading the network of the workload. In a response, network.alpha.kubernetes.io/default-security-group in metadata.annotations is the security group ID.

{
    "kind": "Network",
    "apiVersion": "networking.cci.io/v1beta1",
    "metadata": {
        "name": "namespace-test-dc1-default-network",
        "namespace": "namespace-test",
        "selfLink": "/apis/networking.cci.io/v1beta1/namespaces/namespace-test/networks/namespace-test-dc1-default-network",
        "uid": "6fb85414-af6b-11e8-b6ef-f898ef6c78b4",
        "resourceVersion": "5016899",
        "creationTimestamp": "2018-09-03T11:21:00Z",
        "annotations": {
            "network.alpha.kubernetes.io/project-id": "51bf52609f2a49c68bfda3398817b376",
            "network.alpha.kubernetes.io/default-security-group": "19c5d024-aed5-4856-b958-c0f65ce70855",
            "network.alpha.kubernetes.io/domain-id": "aadb43c0b14c4cafbccfff483d075987"
        },
        "enable": true
    },
    "spec": {
        "cidr": "192.168.244.0/23",
        "attachedVPC": "0d4080e5-546a-46c4-86fe-f3e26d685177",
        "networkType": "underlay_neutron",
        "physicalNetwork": "phy_net0",
        "networkID": "0022e356-f730-4226-802e-9cdaa6e7da17",
        "subnetID": "1ffd839d-e534-4fa8-a59d-42356335bf74",
        "availableZone": "cnnorth1a"
    },
    "status": {
        "state": "Active"
    }
}

Click to enlarge

Click the security group name, and add the rules shown in the following figure on the Inbound Rules tab page.

If you access the workload from the public network through UDP, an ICMP rule must be added, which will be used during health check.

Click to enlarge

Parent topic: Network Management FAQs

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot