grpcurl for direct XDS calls

request.sh

# Fetch a token. Only needed for JWT auth. Replace SA or namespace if needed
token=$(echo '{"kind":"TokenRequest","apiVersion":"authentication.k8s.io/v1","spec":{"audiences":["istio-ca"], "expirationSeconds":2592000}}' | kubectl create --raw /api/v1/namespaces/default/serviceaccounts/default/token -f - | jq -j '.status.token')
# Fetch request
request=$(cat request.json )

# JWT authentication
echo "${request}" | grpcurl -d @ -insecure -rpc-header "authorization: Bearer $token" localhost:15012 envoy.service.discovery.v3.AggregatedDiscoveryService/StreamAggregatedResources

# Plaintext Authentication
# echo "${request}" | grpcurl -v -d @ -plaintext localhost:15010 envoy.service.discovery.v3.AggregatedDiscoveryService/StreamAggregatedResources


#Example request:
{
    "node": {
        "id": "router~10.244.0.36~foo.istio-system~istio-system.svc.cluster.local", 
        "metadata": {
            "CONFIG_NAMESPACE": "istio-system"
        }
    }, 
    "resourceNames": [
        "kubernetes://sds-credential-alt"
    ], 
    "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment"
}