Can a process running inside a Cloud Foundry app container be enabled to create a TCP connection to a port opened by a process running on the Diego Cell hosting the container? If so, are there differences between build pack based and Docker image based app containers?
Our use case is passing traces to an agent deployed on the Diego Cell.
I tried by using the CF_INSTANCE_IP address and various alternatives in combination with suitable security groups, but can't get this to work. Frankly, I am not even sure how to address the Diego Cell host best. Inside the containers, I can see metrics scraping requests that the agent runs against the container, they are reported to come from IP 169.254.0.1 (which to my understanding is the address of the virtual router that Cloud Foundry puts into each container). Logs from the agent for the same requests report that the agent is contacting the container using the CF_INSTANCE_INTERNAL_IP.
What really surprises me is that the apps can open TCP connections to the port in question on all other Diego Cells in the cluster when using the IP address reported by CF_INSTANCE_IP in containers running on these other cells. The one connection that does NOT work is the one to the agent port on its own Diego Cell.
Any pointers/help appreciated. We are running our own CF installation based on the Open Source version.
It turned out that this is possible using the following steps:
allow_host_access: true* Configure silk-daemon jobs on the Diego cells withhost_tcp_access: [10.0.0.0/16:<targetPort>]