Istio Ambient で ztunnel が実際にどんなサービス情報を XDS 経由で受け取っているか を確認したいとき、ありますよね。
ワンライナー
CTX=kind-cluster1; NS=istio-system; POD="$(kubectl --context "$CTX" -n "$NS" get pod -o name | rg '^pod/ztunnel' | head -n1 | cut -d/ -f2)"; istioctl --context "$CTX" ztunnel-config services "$POD.$NS" -o json
実際の出力例
実行すると、こんな JSON が返ってきます:
[
{
"name": "kubernetes",
"namespace": "default",
"hostname": "kubernetes.default.svc.cluster.local",
"vips": [
"network2/10.96.0.1"
],
"ports": {
"443": 6443
},
"endpoints": {
"cluster2/discovery.k8s.io/EndpointSlice/default/kubernetes/172.18.0.3": {
"workloadUid": "cluster2/discovery.k8s.io/EndpointSlice/default/kubernetes/172.18.0.3",
"service": "",
"port": {
"443": 6443
}
}
},
"ipFamilies": "IPv4"
},
{
"name": "istio-eastwestgateway",
"namespace": "istio-system",
"hostname": "istio-eastwestgateway.istio-system.svc.cluster.local",
"vips": [
"network2/10.96.119.214"
],
"ports": {
"15008": 15008,
"15021": 15021
},
"loadBalancer": {
"mode": "Failover",
"routingPreferences": [
"Network",
"Region",
"Zone"
],
"healthPolicy": "OnlyHealthy"
},
"endpoints": {
"cluster2//Pod/istio-system/istio-eastwestgateway-6b7785d5c8-jjw62": {
"workloadUid": "cluster2//Pod/istio-system/istio-eastwestgateway-6b7785d5c8-jjw62",
"service": "",
"port": {
"15008": 15008,
"15021": 15021
}
}
},
"ipFamilies": "IPv4"
},
{
"name": "istiod",
"namespace": "istio-system",
"hostname": "istiod.istio-system.svc.cluster.local",
"vips": [
"network2/10.96.107.246"
],
"ports": {
"15010": 15010,
"15012": 15012,
"15014": 15014,
"443": 15017
},
"endpoints": {
"cluster2//Pod/istio-system/istiod-775d8fc4cd-7z8bx": {
"workloadUid": "cluster2//Pod/istio-system/istiod-775d8fc4cd-7z8bx",
"service": "",
"port": {
"15010": 15010,
"15012": 15012,
"15014": 15014,
"443": 15017
}
}
},
"ipFamilies": "IPv4"
},
{
"name": "kube-dns",
"namespace": "kube-system",
"hostname": "kube-dns.kube-system.svc.cluster.local",
"vips": [
"network2/10.96.0.10"
],
"ports": {
"53": 53,
"9153": 9153
},
"endpoints": {
"cluster2//Pod/kube-system/coredns-7d764666f9-mt25r": {
"workloadUid": "cluster2//Pod/kube-system/coredns-7d764666f9-mt25r",
"service": "",
"port": {
"53": 53,
"9153": 9153
}
},
"cluster2//Pod/kube-system/coredns-7d764666f9-mwdgm": {
"workloadUid": "cluster2//Pod/kube-system/coredns-7d764666f9-mwdgm",
"service": "",
"port": {
"53": 53,
"9153": 9153
}
}
},
"ipFamilies": "IPv4"
},
{
"name": "curl",
"namespace": "sample",
"hostname": "curl.sample.svc.cluster.local",
"vips": [
"network2/10.96.188.26"
],
"ports": {
"80": 80
},
"endpoints": {
"cluster2//Pod/sample/curl-7ff8c849cb-d5jr2": {
"workloadUid": "cluster2//Pod/sample/curl-7ff8c849cb-d5jr2",
"service": "",
"port": {
"80": 80
}
}
},
"ipFamilies": "IPv4"
},
{
"name": "helloworld",
"namespace": "sample",
"hostname": "helloworld.sample.svc.cluster.local",
"vips": [
"network1/10.96.60.17",
"network2/10.96.72.30"
],
"ports": {
"5000": 5000
},
"endpoints": {
"cluster2//Pod/sample/helloworld-v2-59fc9f4558-vlchp": {
"workloadUid": "cluster2//Pod/sample/helloworld-v2-59fc9f4558-vlchp",
"service": "",
"port": {
"5000": 5000
}
},
"network1/SplitHorizonWorkload/istio-system/istio-eastwestgateway/172.18.0.9/sample/helloworld.sample.svc.cluster.local": {
"workloadUid": "network1/SplitHorizonWorkload/istio-system/istio-eastwestgateway/172.18.0.9/sample/helloworld.sample.svc.cluster.local",
"service": "",
"port": {
"5000": 5000
}
}
},
"subjectAltNames": [
"spiffe://cluster.local/ns/sample/sa/default"
],
"ipFamilies": "IPv4"
},
{
"name": "helloworld-cluster1",
"namespace": "sample",
"hostname": "helloworld-cluster1.sample.svc.cluster.local",
"vips": [
"network1/10.96.60.136"
],
"ports": {
"5000": 5000
},
"endpoints": {
"network1/SplitHorizonWorkload/istio-system/istio-eastwestgateway/172.18.0.9/sample/helloworld-cluster1.sample.svc.cluster.local": {
"workloadUid": "network1/SplitHorizonWorkload/istio-system/istio-eastwestgateway/172.18.0.9/sample/helloworld-cluster1.sample.svc.cluster.local",
"service": "",
"port": {
"5000": 5000
}
}
},
"subjectAltNames": [
"spiffe://cluster.local/ns/sample/sa/default"
],
"ipFamilies": "IPv4"
}
]