Bypassing envoy when calling localhost inside a pod


I’m trying to deploy a rather non container friendly application server (AS). One of the steps into getting it running is using a CLI to configure the AS that tries to connect to it on TCP localhost:1202 using SSL (it’s java based and is using a predefined set of keystores - .jks - for credentials).

Now, if I run the deployment without istio injection, it works like a charm. When I add the istio proxy sidecar to the pod, it starts giving me a connectivity error.

I’m looking at the logs from istio-proxy, and I see it is capturing the traffic on localhost and connecting back to it self via the pod IP.

Is there a way to avoid traffic aimed at “localhost” to be captured by the envoy proxy?

Has anyone come across this type of scenario?


You can exclude port 1202 from being captured by the Envoy Proxy. In your Deployment add

      annotations: 1202

See for a list of annotations supported by Envoy.