Istio resources not created when running pilot-load CLI locally (EKS + port-forwarded istiod) #26
Description
Description:
Hi John,
I’m running into an issue when using the pilot-load tool via the CLI on my local machine. I'm targeting an EKS cluster, and I have port-forwarded istiod as shown below:
kubectl port-forward -n istio-system svc/istiod 15010 &
Despite this, when running pilot-load locally (outside the cluster), it fails to create Istio resources such as VirtualService and PeerAuthentication. Here's a sample error I get:
`2025-05-12T12:42:37.493789Z info starting namespace pilot-load (1 of 1)
panic: Unknown type *v1beta1.PeerAuthentication
goroutine 119 [running]:
istio.io/istio/pkg/config/schema/kubeclient.GetWriteClient[...]({0x10601e0a0?, 0x140006953e0?}, {0x14000dae150?, 0xa?})
/Users/mkumar26/go/pkg/mod/istio.io/[email protected]/pkg/config/schema/kubeclient/resources.gen.go:125 +0x1478
github.com/howardjohn/pilot-load/pkg/kube.internalApply[...](0x140006953e0, 0x140014ee000, 0x0)
/Users/mkumar26/pilot-load/pkg/kube/kube.go:267 +0x88
github.com/howardjohn/pilot-load/pkg/kube.Apply...
/Users/mkumar26/pilot-load/pkg/kube/kube.go:96
github.com/howardjohn/pilot-load/pkg/simulation/config.(*PeerAuthentication).Run(_, {{0x10600eba8, 0x14000a9b590}, {{0x16db5794b, 0x19}, {0x0, 0x0}, 0x140006953e0, 0x14000fa5b00, {0x0, ...}, ...}, ...})
/Users/mkumar26/pilot-load/pkg/simulation/config/peerauthentication.go:36 +0x258
github.com/howardjohn/pilot-load/pkg/simulation/model.AggregateSimulation.RunParallel.func1()
/Users/mkumar26/pilot-load/pkg/simulation/model/model.go:287 +0x64
golang.org/x/sync/errgroup.(*Group).Go.func1()
/Users/mkumar26/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:78 +0x54
created by golang.org/x/sync/errgroup.(*Group).Go in goroutine 1
/Users/mkumar26/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:75 +0x94
panic: Unknown type *v1alpha3.VirtualService
`
However, when I run pilot-load as a Kubernetes Deployment or Pod inside the cluster, everything works fine — all Istio resources are created as expected.
Observations:
Running pilot-load locally with kubeconfig set correctly.
Works inside the cluster (via pod/deployment), but not outside.
Regular Kubernetes resources like Namespaces, Deployments, etc., are created fine.
Only Istio-specific CRDs fail (e.g., VirtualService, PeerAuthentication).
Questions/Requests:
Is there any additional configuration or flag needed to make CLI-based runs work for Istio CRDs?
Could this be due to schema registration or API discovery limitations when running locally?
Would it make sense to add guidance or a fix to support out-of-cluster execution for Istio resource creation?