apiVersion: apps/v1 kind: DaemonSet metadata: annotations: deprecated.daemonset.template.generation: "1" creationTimestamp: "2026-04-16T16:49:14Z" generation: 1 labels: app.kubernetes.io/component: proxy app.kubernetes.io/managed-by: envoy-gateway app.kubernetes.io/name: envoy gateway.envoyproxy.io/owning-gateway-name: atmosphere gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway-system name: envoy-envoy-gateway-system-atmosphere-e7b904d3 namespace: envoy-gateway-system ownerReferences: - apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass name: atmosphere uid: 66f8fbfd-e126-4a07-bd8b-1d8afbba70c4 resourceVersion: "1719" uid: 7f44bdd3-e6eb-43f7-8aa9-0515333c9fa5 spec: revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: proxy app.kubernetes.io/managed-by: envoy-gateway app.kubernetes.io/name: envoy gateway.envoyproxy.io/owning-gateway-name: atmosphere gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway-system template: metadata: annotations: prometheus.io/path: /stats/prometheus prometheus.io/port: "19001" prometheus.io/scrape: "true" creationTimestamp: null labels: app.kubernetes.io/component: proxy app.kubernetes.io/managed-by: envoy-gateway app.kubernetes.io/name: envoy gateway.envoyproxy.io/owning-gateway-name: atmosphere gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway-system spec: automountServiceAccountToken: false containers: - args: - --service-cluster - envoy-gateway-system/atmosphere - --service-node - $(ENVOY_POD_NAME) - --config-yaml - | admin: access_log: - name: envoy.access_loggers.file typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog path: /dev/null address: socket_address: address: 127.0.0.1 port_value: 19000 cluster_manager: local_cluster_name: envoy-gateway-system/atmosphere node: locality: zone: $(ENVOY_SERVICE_ZONE) stats_config: use_all_default_tags: true stats_tags: - regex: \.zone(\.(([^\.]+)\.)) tag_name: from_zone - regex: \.zone\.[^\.]+\.(([^\.]+)\.) tag_name: to_zone - regex: "^cluster(\\..+\\.(.+))\\.total_match_count$" tag_name: socket_match_name - regex: "circuit_breakers\\.((.+?)\\.).+" tag_name: priority layered_runtime: layers: - name: global_config static_layer: envoy.restart_features.use_eds_cache_for_ads: true re2.max_program_size.error_level: 4294967295 re2.max_program_size.warn_level: 1000 dynamic_resources: ads_config: api_type: DELTA_GRPC transport_api_version: V3 grpc_services: - envoy_grpc: cluster_name: xds_cluster set_node_on_first_message_only: true lds_config: ads: {} initial_fetch_timeout: 0s resource_api_version: V3 cds_config: ads: {} initial_fetch_timeout: 0s resource_api_version: V3 static_resources: listeners: - name: envoy-gateway-proxy-stats-0.0.0.0-19001 address: socket_address: address: '0.0.0.0' port_value: 19001 protocol: TCP bypass_overload_manager: true filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: eg-stats-http normalize_path: true route_config: name: local_route virtual_hosts: - name: prometheus_stats domains: - "*" routes: - match: path: /stats/prometheus headers: - name: ":method" string_match: exact: GET route: cluster: prometheus_stats http_filters: - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - name: prometheus_stats connect_timeout: 0.250s type: STATIC lb_policy: ROUND_ROBIN load_assignment: cluster_name: prometheus_stats endpoints: - lb_endpoints: - endpoint: address: socket_address: address: 127.0.0.1 port_value: 19000 - connect_timeout: 10s eds_cluster_config: eds_config: ads: {} resource_api_version: 'V3' service_name: envoy-gateway-system/atmosphere load_balancing_policy: policies: - typed_extension_config: name: 'envoy.load_balancing_policies.least_request' typed_config: '@type': 'type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest' locality_lb_config: zone_aware_lb_config: min_cluster_size: '1' name: envoy-gateway-system/atmosphere type: EDS - connect_timeout: 10s load_assignment: cluster_name: xds_cluster endpoints: - load_balancing_weight: 1 lb_endpoints: - load_balancing_weight: 1 endpoint: address: socket_address: address: envoy-gateway.envoy-gateway-system.svc.cluster.local. port_value: 18000 typed_extension_protocol_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" explicit_http_config: http2_protocol_options: connection_keepalive: interval: 30s timeout: 5s name: xds_cluster type: STRICT_DNS transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext common_tls_context: tls_params: tls_maximum_protocol_version: TLSv1_3 tls_certificate_sds_secret_configs: - name: xds_certificate sds_config: path_config_source: path: /sds/xds-certificate.json resource_api_version: V3 validation_context_sds_secret_config: name: xds_trusted_ca sds_config: path_config_source: path: /sds/xds-trusted-ca.json resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: - name: "envoy.resource_monitors.global_downstream_max_connections" typed_config: "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig max_active_downstream_connections: 50000 - --log-level - warn - --cpuset-threads - --drain-strategy - immediate - --component-log-level - misc:error - --drain-time-s - "60" command: - envoy env: - name: ENVOY_POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: ENVOY_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: ENVOY_SERVICE_ZONE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.annotations['topology.kubernetes.io/zone'] image: harbor.atmosphere.dev/docker.io/envoyproxy/envoy:distroless-v1.37.0 imagePullPolicy: IfNotPresent lifecycle: preStop: httpGet: path: /shutdown/ready port: 19002 scheme: HTTP livenessProbe: failureThreshold: 3 httpGet: path: /ready port: 19003 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: envoy ports: - containerPort: 19001 name: metrics protocol: TCP - containerPort: 19003 name: readiness protocol: TCP readinessProbe: failureThreshold: 1 httpGet: path: /ready port: 19003 scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 100m memory: 512Mi securityContext: allowPrivilegeEscalation: true runAsUser: 0 startupProbe: failureThreshold: 30 httpGet: path: /ready port: 19003 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /certs name: certs readOnly: true - mountPath: /sds name: sds - args: - envoy - shutdown-manager - --ready-timeout=70s command: - envoy-gateway env: - name: ENVOY_POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: ENVOY_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: ENVOY_SERVICE_ZONE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.annotations['topology.kubernetes.io/zone'] image: harbor.atmosphere.dev/docker.io/envoyproxy/gateway:v1.7.0 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - envoy-gateway - envoy - shutdown - --drain-timeout=60s livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 19002 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: shutdown-manager readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 19002 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 10m memory: 32Mi securityContext: allowPrivilegeEscalation: true runAsUser: 0 startupProbe: failureThreshold: 30 httpGet: path: /healthz port: 19002 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirstWithHostNet hostNetwork: true nodeSelector: openstack-control-plane: enabled restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: envoy-envoy-gateway-system-atmosphere-e7b904d3 serviceAccountName: envoy-envoy-gateway-system-atmosphere-e7b904d3 terminationGracePeriodSeconds: 360 volumes: - name: certs secret: defaultMode: 420 secretName: envoy - configMap: defaultMode: 420 items: - key: xds-trusted-ca.json path: xds-trusted-ca.json - key: xds-certificate.json path: xds-certificate.json name: envoy-envoy-gateway-system-atmosphere-e7b904d3 optional: false name: sds updateStrategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate status: currentNumberScheduled: 1 desiredNumberScheduled: 1 numberAvailable: 1 numberMisscheduled: 0 numberReady: 1 observedGeneration: 1 updatedNumberScheduled: 1