Connecting from a Private Cluster to Another Public Cluster with AWS Mesh and CloudMap

Question

I need help connecting a private cluster (from now On Cluster 1) of EKS through AWS Mesh and CloudMap to another public/private cluster (from now on Cluster 2).

I have managed to get Cluster 2 to connect to Cluster 1 through a virtual mesh, making a 'curl a core.app.svc.cluster.local:8080'; but I can't do it the other way around.

I clarify that if I do 'curl a core.app.svc.cluster.local:9000' it gives me a connection error because there is nothing on that port.

I have created an Endpoints for Mesh on the private networks of cluster 1, and the security group of Cluster 1 has access through port 8080 of CLuster 2.

I have also created router and virtual service for the CLuster 2.

In short, I've created the same thing for both clusters.

The fact is that if I do from inside the pod of Cluster 1 'curl front.app.svc.cluster.local:8080', it does not make any connection, I have checked the file /etc/resolv.conf and it has the DNS inside but the result is:

curl: (6) Could not resolve host: front.app.svc.cluster.local:8080

If I make a 'traceroute front.app.svc.cluster.local:8080' it responds with:

traceroute: bad address 'front.app.svc.cluster.local:8080'

I leave my settings:

CLUSTER 1 (private)

apiVersion: appmesh.k8s.aws/v1beta2
kind: Mesh
metadata:
  name: app
spec:
  namespaceSelector:
    matchLabels:
      mesh: app
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
  name: core
  namespace: app
spec:
  podSelector:
    matchLabels:
      app: core
      version: v1
  listeners:
    - portMapping:
        port: 8080
        protocol: http
  serviceDiscovery:
    awsCloudMap:
      namespaceName: app.pvt.aws.local
      serviceName: core
  backends:
    - virtualService:
        virtualServiceARN: arn:aws:appmesh:eu-west-2:238523995933:mesh/app/virtualService/front.app.svc.cluster.local 
        

---

apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualService
metadata:
  name: core
  namespace: app
spec:
  awsName: core.app.svc.cluster.local
  provider:
    virtualRouter:
      virtualRouterRef:
        name: core-router
        
---

apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualRouter
metadata:
  namespace: app
  name: core-router
spec:
  listeners:
    - portMapping:
        port: 8080
        protocol: http
  routes:
    - name: core-route
      httpRoute:
        match:
          prefix: /
        action:
          weightedTargets:
            - virtualNodeRef:
                name: core
              weight: 1

CLUSTER 2 (public/private)

apiVersion: appmesh.k8s.aws/v1beta2
kind: Mesh
metadata:
  name: app
spec:
  namespaceSelector:
    matchLabels:
      mesh: app
---

apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualService
metadata:
  name: front
  namespace: app
spec:
  awsName: front.app.svc.cluster.local
  provider:
    virtualRouter:
      virtualRouterRef:
        name: front-router
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualRouter
metadata:
  namespace: app
  name: front-router
spec:
  listeners:
    - portMapping:
        port: 8080
        protocol: http
  routes:
    - name: front-route
      httpRoute:
        match:
          prefix: /
        action:
          weightedTargets:
            - virtualNodeRef:
                name:front
              weight: 1

---

apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
  name: front
  namespace: app
spec:
  podSelector:
    matchLabels:
      app: front
  listeners:
    - portMapping:
        port: 8080
        protocol: http
  serviceDiscovery:
    awsCloudMap:
      namespaceName: app.pvt.aws.local
      serviceName: front
  backends:
    - virtualService:
        virtualServiceARN: arn:aws:appmesh:eu-west-2:238523995933:mesh/app/virtualService/core.app.svc.cluster.local

Could you help me understand why it works for one side and not for the other?

Thanks in advance.