"--sync-interval-cap=30s",
                  "--probe-interval=5s",
                  "--keepalive-time=60s",
                  "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token",
                  "--agent-identifiers=ipv4=$(HOST_IP)"
                  ]
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:

	if err != nil {
		if xnet.IsNetworkOrHostDown(err, false) {
			return false, errNotConnected
		}
		return false, err
	}
	tokens := strings.Fields(target.args.AuthToken)
	switch len(tokens) {
	case 2:
		req.Header.Set("Authorization", target.args.AuthToken)
	case 1:
		req.Header.Set("Authorization", "Bearer "+target.args.AuthToken)
	}

	Aud []string `json:"aud"`

	// Exp is not currently used - we don't use the token for authn, just to determine k8s settings
	Exp int `json:"exp"`

	// Issuer - configured by K8S admin for projected tokens. Will be used to verify all tokens.
	Iss string `json:"iss"`

	Sub string `json:"sub"`
}

func (j JwtAuthenticator) AuthenticatorType() string {
	return IDTokenAuthenticatorType

            {{ if .sts }}
              "sts_service": {
                "token_exchange_service_uri": "http://localhost:{{ .sts_port }}/token",
                "subject_token_path": "./var/run/secrets/tokens/istio-token",
                "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
                "scope": "https://www.googleapis.com/auth/cloud-platform"
              }
            {{ else }}

        }
        if (!rangeValue.closed) {
            return isLeft ? -1 : 1;
        }
        return 0;
    }

    private static void addZeroTokens(List<String> tokens, int max) {
        while (tokens.size() < max) {
            tokens.add("0");
        }
    }

    private static boolean isRange(String value) {
        return value.startsWith("[") || value.startsWith("(");
    }

        }
        if (!rangeValue.closed) {
            return isLeft ? -1 : 1;
        }
        return 0;
    }

    private static void addZeroTokens(List<String> tokens, int max) {
        while (tokens.size() < max) {
            tokens.add("0");
        }
    }

    private static boolean isRange(String value) {
        return value.startsWith("[") || value.startsWith("(");
    }

	for _, override := range c.EtcdServersOverrides {
		tokens := strings.Split(override, "#")
		apiresource := strings.Split(tokens[0], "/")

		group := apiresource[0]
		resource := apiresource[1]
		groupResource := schema.GroupResource{Group: group, Resource: resource}

		servers := strings.Split(tokens[1], ";")
		storageFactory.SetEtcdLocation(groupResource, servers)
	}

	if err = json.Unmarshal(data, &listAud); err == nil {
		return listAud, nil
	}

	return nil, err
}

type jwtPayload struct {
	// Aud is JWT token audience - used to identify 3p tokens.
	// It is empty for the default K8S tokens.
	Aud []string `json:"aud"`
}

// ExtractJwtAud extracts the audiences from a JWT token. If aud cannot be parse, the bool will be set
// to false. This distinguishes aud=[] from not parsed.

import org.jetbrains.kotlin.analysis.api.platform.KaEngineService

/**
 * [KaLifetimeTracker] is an *engine service* which tracks the current [KtLifetimeToken].
 *
 * It can be used in the implementation of custom lifetime tokens to check that the accessed token is in scope.
 */
public interface KaLifetimeTracker : KaEngineService {
    /**
     * Returns the [KtLifetimeToken] for the currently active analysis, or `null` if no analysis is in progress.

	}

	// Verify if the authToken already contains
	// <Key> <Token> like format, if this is
	// already present we can blindly use the
	// authToken as is instead of adding 'Bearer'
	tokens := strings.Fields(target.args.AuthToken)
	switch len(tokens) {
	case 2:
		req.Header.Set("Authorization", target.args.AuthToken)
	case 1:
		req.Header.Set("Authorization", "Bearer "+target.args.AuthToken)
	}