Should apps bind to 0.0.0.0 or 127.0.0.1 or pod_ip?
3,564 views
Skip to first unread message
Dietrich Schultz
Dec 15, 2017, 7:42:20 PM12/15/17
to Kubernetes user discussion and Q&A
Just started exploring kubernetes, and ran into this. Haven't found any docs or clear statements of best practice. The only thing I found was this note in the container.v1 spec describing the port field:
Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network.
While interesting, it doesn't quite answer my question. I've found that if my app binds to pod_ip then I can't use kubectl port-forward. If I bind to 127.0.0.1 then port-forward works, but I can't connect from other pods. Only binding to 0.0.0.0 seems to work for both cases. Is this intentional? Is binding to 0.0.0.0 considered a best practice or is kubectl deficient? Is this requirement/best practice documented somewhere?
Tim Hockin
Dec 15, 2017, 7:47:21 PM12/15/17
to Kubernetes user discussion and Q&A
What are you doing with port-forward inside your pod?
Binding to 0 is the "normal" way to do things unless you have reason to dO
otherwise.
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-use...@googlegroups.com.
> To post to this group, send email to kubernet...@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
Binding to 0 is the "normal" way to do things unless you have reason to dO
otherwise.
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-use...@googlegroups.com.
> To post to this group, send email to kubernet...@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
dietrich...@lightbend.com
Dec 15, 2017, 7:56:04 PM12/15/17
to Kubernetes user discussion and Q&A
Thanks for your reply.
Not port-forwarding from inside. Just from host (using minikube). I happened to write an app that binds to 127.0.0.1 and stumbled on this behavior (inconsistency?) Is there somewhere you could point me to that talks about 0 being the normal way to go? Just trying to learn more about this...
Tim Hockin
Dec 15, 2017, 8:02:40 PM12/15/17
to Kubernetes user discussion and Q&A
Well, binding to 127 addresses means nobody else can access you.
Binding to a specific IP is just not the "normal" thing to do in
network programming, in my experience. Unless you know something
specific, 0 is the best option. E.g. you might have more than one
network interface, and 0 is the only way to catch them all without
enumerating them.
On Fri, Dec 15, 2017 at 4:56 PM, <dietrich...@lightbend.com> wrote:
> Thanks for your reply.
>
> Not port-forwarding from inside. Just from host (using minikube). I happened to write an app that binds to 127.0.0.1 and stumbled on this behavior (inconsistency?) Is there somewhere you could point me to that talks about 0 being the normal way to go? Just trying to learn more about this...
>
Binding to a specific IP is just not the "normal" thing to do in
network programming, in my experience. Unless you know something
specific, 0 is the best option. E.g. you might have more than one
network interface, and 0 is the only way to catch them all without
enumerating them.
On Fri, Dec 15, 2017 at 4:56 PM, <dietrich...@lightbend.com> wrote:
> Thanks for your reply.
>
> Not port-forwarding from inside. Just from host (using minikube). I happened to write an app that binds to 127.0.0.1 and stumbled on this behavior (inconsistency?) Is there somewhere you could point me to that talks about 0 being the normal way to go? Just trying to learn more about this...
>
dietrich...@lightbend.com
Dec 15, 2017, 8:12:56 PM12/15/17
to Kubernetes user discussion and Q&A
Makes sense. Thanks.
Reply all
Reply to author
Forward
0 new messages