How to Expose a Non-Default Application Port in Tanzu Application Service
search cancel

How to Expose a Non-Default Application Port in Tanzu Application Service

book

Article ID: 441596

calendar_today

Updated On:

Products

VMware Tanzu Platform Core

Issue/Introduction

By default, applications deployed to Tanzu Application Service for VMs are expected to receive routed traffic on application port 8080.

Some applications need to listen on additional or alternative ports. For example:

8080 -> main application or REST API
8090 -> secondary HTTP endpoint, management endpoint, protocol endpoint, or internal-only service

In this situation, configuring the application process to listen on the additional port is not sufficient. The port must also be configured in TAS so that it knows the application is able to receive traffic on that port.

This article explains how to make a non-default application port reachable in TAS.

Environment

Tanzu Application Service for VMs
Tanzu Platform for Cloud Foundry
TAS applications using custom application ports
HTTP, TCP, or internal apps.internal communication

Cause

TAS applications receive requests on port 8080 by default. Custom app ports allow workloads to receive requests on ports other than 8080.

There are two separate configuration layers:

  • Application layer: The application process must listen on the desired port.

  • Platform layer: TAS must be configured so the app can receive traffic on that port.

 

For example, a Spring Boot application may be configured to listen on both 8080 and 8090. However, if the TAS app metadata only lists 8080 as an app port, traffic to 8090 may fail even though the application process is listening on that port.

Resolution

1. Confirm that the application listens on the custom port

First, configure the application to listen on the required port.

For example, a Spring application may listen on 8080 and 8090.

The exact configuration depends on the application framework. This article assumes the application process is already listening on the required custom port.

2. Check the ports currently configured for the app

Get the application GUID:

APP_GUID=$(cf app APP-NAME --guid)
 

Check the ports currently configured in TAS:

cf curl /v2/apps/$APP_GUID | jq '.entity.ports'
 

Example output:

[
  8080
]
 

This means TAS currently knows only about application port 8080.

3. Add the custom port to the app ports list

Update the app so that both the default port and the custom port are listed:

cf curl /v2/apps/$APP_GUID -X PUT -d '{"ports":[8080,8090]}'
 

Verify the change:

cf curl /v2/apps/$APP_GUID | jq '.entity.ports'
 

Expected output:

[
  8080,
  8090
]
 

Depending on TAS/ERT version and deployment behavior, changing the app port list may cause the application process to be recreated. If the new port does not become reachable after the update, restart the application:

cf restart APP-NAME
 

4. Allow internal app-to-app access, if using apps.internal

If another application needs to call this port through the internal domain, map an internal route:

cf map-route APP-NAME apps.internal --hostname APP-NAME
 

This creates an internal address such as:

APP-NAME.apps.internal
 

Then allow container-to-container traffic from the source app to the destination app on the custom port:

cf add-network-policy SOURCE-APP APP-NAME --protocol tcp --port 8090
 

For example:

cf add-network-policy caller-app target-app --protocol tcp --port 8090
 

The calling app can then use:

http://target-app.apps.internal:8090
 

5. Configure route destinations, if exposing the custom port through a route

If external HTTP or TCP route traffic must be forwarded to the custom app port, configure the route destination to point to that port.

TAS documents the route destination flow as:

Client route port -> Gorouter/backend port -> application container port
 

For HTTP routing, the external route port is normally 80 or 443, but the destination app port can be a custom port such as 8090.

For route-destination-based routing, retrieve the route GUID and update the route destination using the Cloud Controller API. The documented procedure uses the /v3/routes/ROUTE-GUID/destinations endpoint to specify the app GUID, process type, destination port, and protocol.

Example structure:

 
cf curl -X PATCH /v3/routes/ROUTE-GUID/destinations -d '{
  "destinations": [
    {
      "app": {
        "guid": "APP-GUID",
        "process": {
          "type": "web"
        }
      },
      "port": 8090,
      "protocol": "http1"
    }
  ]
}'
 

Important: this replaces the destinations for the route with the destinations provided in the request. Review the existing route destinations before applying changes.

Validation

To confirm the configuration, check the app ports:

cf curl /v2/apps/$APP_GUID | jq '.entity.ports'
 

For internal access, SSH into the source app:

cf ssh SOURCE-APP
 

Then test DNS resolution:

getent hosts APP-NAME.apps.internal
 

Test the custom port:

curl -v http://APP-NAME.apps.internal:8090/
 
Powered by Wolken Software