$ kubectl apply -f manifest.yaml && kubectl -n istio-vt-t24 wait --for=condition=Ready pod/client --timeout=90s pod/client configured deployment.apps/echo unchanged service/echo unchanged pod/client condition met $ sleep 5 $ istioctl proxy-config listener client.istio-vt-t24 -o json | jq -r '.[].name' | grep '^0.0.0.0_80' 0.0.0.0_80 0.0.0.0_8080 0.0.0.0_8000 $ kubectl -n kube-system get svc kube-dns -o jsonpath='{.spec.clusterIP}' ; echo Error from server (NotFound): services "kube-dns" not found # ^ retry note: no svc named literally 'kube-dns' in kube-system on this cluster; actual DNS Service name is 'coredns' (label k8s-app=kube-dns). Using corrected name below. $ KUBEDNS_IP=$(kubectl -n kube-system get svc coredns -o jsonpath='{.spec.clusterIP}'); echo KUBEDNS_IP=$KUBEDNS_IP KUBEDNS_IP=10.250.0.3 $ istioctl proxy-config listener client.istio-vt-t24 -o json | jq -r '.[].name' | grep "$KUBEDNS_IP" 10.250.0.3_53 10.250.0.3_9153 --- extra check: confirm 0.0.0.0_80 is a genuine wildcard-bound listener (bind address), and kube-dns dedicated listener is bound to its own IP, not 0.0.0.0 --- { "name": "0.0.0.0_80", "address": { "address": "0.0.0.0", "portValue": 80 } } { "name": "10.250.0.3_53", "address": { "address": "10.250.0.3", "portValue": 53 } }