How can I expose a cluster application that listens to the localhost to other pods in the cluster? - Alibaba Cloud Service Mesh

When an application in a cluster listens to the localhost, other pods in the cluster cannot access the application. This topic describes the cause of this issue and provides solutions.

Problem description

When an application in a cluster listens to the localhost, the application cannot be accessed from other pods in the cluster even though the port of the application is exposed by using a service.

The following examples show how applications that are developed in different languages listen to the localhost:

Golang: net.Listen("tcp", "localhost:8080")
Node.js: http.createServer().listen(8080, "localhost")
Python: socket.socket().bind(("localhost", 8083))

Cause

When an application in a cluster listens to the localhost, other pods in the cluster cannot access the application because the localhost is specified in the address of the application.

Solutions

You can use one of the following methods to expose the application:

Method 1: Change the IP address to which the application listens
Modify the application code to make the application listen to 0.0.0.0 instead of the localhost address.

Method 2: Create sidecars in the ASM console

Create sidecars in the ASM console. Perform the following steps:

Log on to the ASM console.
In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
On the details page of the ASM instance, choose Traffic Management Center > Sidecar in the left-side navigation pane. On the Sidecar page, click Create from YAML.

On the Create page, select a namespace and a template, configure a YAML file, and then click Create.

The following YAML file provides a configuration example. The table describes how to replace the variables in the sample YAML file.


Variable	Description
`{namespace}`	Replace this variable with the namespace where the application is deployed.
`{container_port}`	Replace this variable with the container port over which the application listens to the localhost.
`{port}`	Replace this variable with the service port of the application.
`{key} : {value}`	Replace this variable with the label of the pods to which you want to expose the application.

apiVersion: networking.istio.io/v1beta1
kind: Sidecar
metadata:
  name: localhost-access
  namespace: {namespace}
spec:
  ingress:
    - defaultEndpoint: '127.0.0.1:{container_port}'
      port:
        name: tcp
        number: {port}
        protocol: TCP
  workloadSelector:
    labels:
      {key}: {value}