Created
September 3, 2020 21:48
-
-
Save howardjohn/b9c031de3fb32eeff4076c6ef139e769 to your computer and use it in GitHub Desktop.
grpcurl for direct XDS calls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Fetch a token. Only needed for JWT auth. Replace SA or namespace if needed | |
token=$(echo '{"kind":"TokenRequest","apiVersion":"authentication.k8s.io/v1","spec":{"audiences":["istio-ca"], "expirationSeconds":2592000}}' | kubectl create --raw /api/v1/namespaces/default/serviceaccounts/default/token -f - | jq -j '.status.token') | |
# Fetch request | |
request=$(cat request.json ) | |
# JWT authentication | |
echo "${request}" | grpcurl -d @ -insecure -rpc-header "authorization: Bearer $token" localhost:15012 envoy.service.discovery.v3.AggregatedDiscoveryService/StreamAggregatedResources | |
# Plaintext Authentication | |
# echo "${request}" | grpcurl -v -d @ -plaintext localhost:15010 envoy.service.discovery.v3.AggregatedDiscoveryService/StreamAggregatedResources | |
#Example request: | |
{ | |
"node": { | |
"id": "router~10.244.0.36~foo.istio-system~istio-system.svc.cluster.local", | |
"metadata": { | |
"CONFIG_NAMESPACE": "istio-system" | |
} | |
}, | |
"resourceNames": [ | |
"kubernetes://sds-credential-alt" | |
], | |
"typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment