When an application in a cluster listens to the localhost, other pods in the cluster cannot access the application. This topic describes the cause of this issue and provides solutions.
Problem description
When an application in a cluster listens to the localhost, the application cannot be accessed from other pods in the cluster even though the port of the application is exposed by using a service.
The following examples show how applications that are developed in different languages listen to the localhost:
Golang: net.Listen("tcp", "localhost:8080")
Node.js: http.createServer().listen(8080, "localhost")
Python: socket.socket().bind(("localhost", 8083))
Cause
When an application in a cluster listens to the localhost, other pods in the cluster cannot access the application because the localhost is specified in the address of the application.
Solutions
You can use one of the following methods to expose the application:
Method 1: Change the IP address to which the application listens
Modify the application code to make the application listen to 0.0.0.0 instead of the localhost address.
Method 2: Create sidecars in the ASM console
Create sidecars in the ASM console. Perform the following steps:
Log on to the ASM console. In the left-side navigation pane, choose .
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose . On the page that appears, click Create from YAML.
On the Create page, select a namespace and a template, configure a YAML file, and then click Create.
The following YAML file provides a configuration example. The table describes how to replace the variables in the sample YAML file.
Variable
Description
{namespace}
Replace this variable with the namespace where the application is deployed.
{container_port}
Replace this variable with the container port over which the application listens to the localhost.
{port}
Replace this variable with the service port of the application.
{key} : {value}
Replace this variable with the label of the pods to which you want to expose the application.
apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: name: localhost-access namespace: {namespace} spec: ingress: - defaultEndpoint: '127.0.0.1:{container_port}' port: name: tcp number: {port} protocol: TCP workloadSelector: labels: {key}: {value}