apiVersion: v1 kind: Pod metadata: annotations: prometheus.io/path: /stats/prometheus prometheus.io/port: "19001" prometheus.io/scrape: "true" creationTimestamp: "2026-04-16T16:49:14Z" generateName: envoy-envoy-gateway-system-atmosphere-e7b904d3- labels: app.kubernetes.io/component: proxy app.kubernetes.io/managed-by: envoy-gateway app.kubernetes.io/name: envoy controller-revision-hash: 777f68f5b7 gateway.envoyproxy.io/owning-gateway-name: atmosphere gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway-system pod-template-generation: "1" name: envoy-envoy-gateway-system-atmosphere-e7b904d3-ps22d namespace: envoy-gateway-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: envoy-envoy-gateway-system-atmosphere-e7b904d3 uid: 7f44bdd3-e6eb-43f7-8aa9-0515333c9fa5 resourceVersion: "1716" uid: e0166bc8-20dc-4895-a448-e18865fa7c5a spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - instance automountServiceAccountToken: false containers: - args: - --service-cluster - envoy-gateway-system/atmosphere - --service-node - $(ENVOY_POD_NAME) - --config-yaml - | admin: access_log: - name: envoy.access_loggers.file typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog path: /dev/null address: socket_address: address: 127.0.0.1 port_value: 19000 cluster_manager: local_cluster_name: envoy-gateway-system/atmosphere node: locality: zone: $(ENVOY_SERVICE_ZONE) stats_config: use_all_default_tags: true stats_tags: - regex: \.zone(\.(([^\.]+)\.)) tag_name: from_zone - regex: \.zone\.[^\.]+\.(([^\.]+)\.) tag_name: to_zone - regex: "^cluster(\\..+\\.(.+))\\.total_match_count$" tag_name: socket_match_name - regex: "circuit_breakers\\.((.+?)\\.).+" tag_name: priority layered_runtime: layers: - name: global_config static_layer: envoy.restart_features.use_eds_cache_for_ads: true re2.max_program_size.error_level: 4294967295 re2.max_program_size.warn_level: 1000 dynamic_resources: ads_config: api_type: DELTA_GRPC transport_api_version: V3 grpc_services: - envoy_grpc: cluster_name: xds_cluster set_node_on_first_message_only: true lds_config: ads: {} initial_fetch_timeout: 0s resource_api_version: V3 cds_config: ads: {} initial_fetch_timeout: 0s resource_api_version: V3 static_resources: listeners: - name: envoy-gateway-proxy-stats-0.0.0.0-19001 address: socket_address: address: '0.0.0.0' port_value: 19001 protocol: TCP bypass_overload_manager: true filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: eg-stats-http normalize_path: true route_config: name: local_route virtual_hosts: - name: prometheus_stats domains: - "*" routes: - match: path: /stats/prometheus headers: - name: ":method" string_match: exact: GET route: cluster: prometheus_stats http_filters: - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - name: prometheus_stats connect_timeout: 0.250s type: STATIC lb_policy: ROUND_ROBIN load_assignment: cluster_name: prometheus_stats endpoints: - lb_endpoints: - endpoint: address: socket_address: address: 127.0.0.1 port_value: 19000 - connect_timeout: 10s eds_cluster_config: eds_config: ads: {} resource_api_version: 'V3' service_name: envoy-gateway-system/atmosphere load_balancing_policy: policies: - typed_extension_config: name: 'envoy.load_balancing_policies.least_request' typed_config: '@type': 'type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest' locality_lb_config: zone_aware_lb_config: min_cluster_size: '1' name: envoy-gateway-system/atmosphere type: EDS - connect_timeout: 10s load_assignment: cluster_name: xds_cluster endpoints: - load_balancing_weight: 1 lb_endpoints: - load_balancing_weight: 1 endpoint: address: socket_address: address: envoy-gateway.envoy-gateway-system.svc.cluster.local. port_value: 18000 typed_extension_protocol_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" explicit_http_config: http2_protocol_options: connection_keepalive: interval: 30s timeout: 5s name: xds_cluster type: STRICT_DNS transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext common_tls_context: tls_params: tls_maximum_protocol_version: TLSv1_3 tls_certificate_sds_secret_configs: - name: xds_certificate sds_config: path_config_source: path: /sds/xds-certificate.json resource_api_version: V3 validation_context_sds_secret_config: name: xds_trusted_ca sds_config: path_config_source: path: /sds/xds-trusted-ca.json resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: - name: "envoy.resource_monitors.global_downstream_max_connections" typed_config: "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig max_active_downstream_connections: 50000 - --log-level - warn - --cpuset-threads - --drain-strategy - immediate - --component-log-level - misc:error - --drain-time-s - "60" command: - envoy env: - name: ENVOY_POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: ENVOY_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: ENVOY_SERVICE_ZONE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.annotations['topology.kubernetes.io/zone'] image: harbor.atmosphere.dev/docker.io/envoyproxy/envoy:distroless-v1.37.0 imagePullPolicy: IfNotPresent lifecycle: preStop: httpGet: path: /shutdown/ready port: 19002 scheme: HTTP livenessProbe: failureThreshold: 3 httpGet: path: /ready port: 19003 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: envoy ports: - containerPort: 19001 hostPort: 19001 name: metrics protocol: TCP - containerPort: 19003 hostPort: 19003 name: readiness protocol: TCP readinessProbe: failureThreshold: 1 httpGet: path: /ready port: 19003 scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 100m memory: 512Mi securityContext: allowPrivilegeEscalation: true runAsUser: 0 startupProbe: failureThreshold: 30 httpGet: path: /ready port: 19003 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /certs name: certs readOnly: true - mountPath: /sds name: sds - args: - envoy - shutdown-manager - --ready-timeout=70s command: - envoy-gateway env: - name: ENVOY_POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: ENVOY_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: ENVOY_SERVICE_ZONE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.annotations['topology.kubernetes.io/zone'] image: harbor.atmosphere.dev/docker.io/envoyproxy/gateway:v1.7.0 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - envoy-gateway - envoy - shutdown - --drain-timeout=60s livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 19002 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: shutdown-manager readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 19002 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 10m memory: 32Mi securityContext: allowPrivilegeEscalation: true runAsUser: 0 startupProbe: failureThreshold: 30 httpGet: path: /healthz port: 19002 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true hostNetwork: true nodeName: instance nodeSelector: openstack-control-plane: enabled preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: envoy-envoy-gateway-system-atmosphere-e7b904d3 serviceAccountName: envoy-envoy-gateway-system-atmosphere-e7b904d3 terminationGracePeriodSeconds: 360 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists - effect: NoSchedule key: node.kubernetes.io/disk-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/pid-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/unschedulable operator: Exists - effect: NoSchedule key: node.kubernetes.io/network-unavailable operator: Exists volumes: - name: certs secret: defaultMode: 420 secretName: envoy - configMap: defaultMode: 420 items: - key: xds-trusted-ca.json path: xds-trusted-ca.json - key: xds-certificate.json path: xds-certificate.json name: envoy-envoy-gateway-system-atmosphere-e7b904d3 optional: false name: sds status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-16T16:49:14Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-16T16:49:24Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-16T16:49:24Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-16T16:49:14Z" status: "True" type: PodScheduled containerStatuses: - containerID: containerd://36288c3fef9a9eb5c688ac739e23cd5382e47883e88422e5387baf96501c917f image: harbor.atmosphere.dev/docker.io/envoyproxy/envoy:distroless-v1.37.0 imageID: harbor.atmosphere.dev/docker.io/envoyproxy/envoy@sha256:92fdb97b9fdb47da82fbe3651b83bd1419e544966d264632af4864004652685f lastState: {} name: envoy ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-16T16:49:18Z" - containerID: containerd://7585fb661b738ff9554a57bbb4d5849b5e8b6f089064852efcd14be0e93cb039 image: harbor.atmosphere.dev/docker.io/envoyproxy/gateway:v1.7.0 imageID: harbor.atmosphere.dev/docker.io/envoyproxy/gateway@sha256:66bfa45b557aeb086223064261d51dfb983fe962f35f821f8135e67e1b1a981f lastState: {} name: shutdown-manager ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-16T16:49:18Z" hostIP: 199.204.45.156 phase: Running podIP: 199.204.45.156 podIPs: - ip: 199.204.45.156 qosClass: Burstable startTime: "2026-04-16T16:49:14Z"