Kubveirt - dump VM pod NAT rules

virt-launcher-nat-rules.sh

# /bin/bash 

set -ex 

vm_name="myvmi"
vm_pod_name=$(kubectl get po -o custom-columns=:.metadata.name --no-headers | grep $vm_name | grep Running)
vm_node_name=$(kubectl get po $vm_pod_name -o custom-columns=:.spec.nodeName --no-headers)
vm_node_virt_handler_pod=$(kubectl get pod -n kubevirt -l kubevirt.io=virt-handler -o wide --no-headers | grep "$vm_node_name" | awk '{print $1}')
vm_pod_pid=$(kubectl exec -it $vm_node_virt_handler_pod -n kubevirt -c virt-handler -- bash -c "ps -ef | grep /usr/bin/virt-launcher.*--name.*$vm_name" | grep -Pv "grep|virt-launcher-monitor" | awk '{print $2}')

# dump NFT nat rules:
cmd="virt-chroot --mount /proc/$vm_pod_pid/ns/mnt exec -- /usr/sbin/nft list table nat"
kubectl exec -it $vm_node_virt_handler_pod -n kubevirt -- bash <<< "$cmd"

# in case Kubevirt version is older than v0.59.0, using iptables may also work:
cmd="virt-chroot --mount /proc/$vm_pod_pid/ns/mnt exec -- /usr/sbin/iptables -L -t nat"
kubectl exec -it $vm_node_virt_handler_pod -n kubevirt -- bash <<< "$cmd"