From dc61bfc5c543b6cfc32b2c9717b6ee1aaf12e20e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=BE=84=E6=BD=AD?= <zty98751@alibaba-inc.com>
Date: Tue, 24 Sep 2024 17:26:25 +0800
Subject: [PATCH] add istio workload sds (#1332)

---
 helm/core/templates/_pod.tpl | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/helm/core/templates/_pod.tpl b/helm/core/templates/_pod.tpl
index 657a4f29d4..432f9d3d4e 100644
--- a/helm/core/templates/_pod.tpl
+++ b/helm/core/templates/_pod.tpl
@@ -167,6 +167,12 @@ template:
           {{- toYaml .Values.gateway.resources | nindent 10 }}
         {{- end }}
         volumeMounts:
+        - mountPath: /var/run/secrets/workload-spiffe-uds
+          name: workload-socket
+        - mountPath: /var/run/secrets/credential-uds
+          name: credential-socket
+        - mountPath: /var/run/secrets/workload-spiffe-credentials
+          name: workload-certs
         {{- if eq (include "controller.jwtPolicy" .) "third-party-jwt" }}
         - name: istio-token
           mountPath: /var/run/secrets/tokens
@@ -245,6 +251,12 @@ template:
       {{- toYaml . | nindent 6 }}
     {{- end }}
     volumes:
+    - emptyDir: {}
+      name: workload-socket
+    - emptyDir: {}
+      name: credential-socket
+    - emptyDir: {}
+      name: workload-certs
     {{- if eq (include "controller.jwtPolicy" .) "third-party-jwt" }}
     - name: istio-token
       projected: