// the ack only has temporal correlation (i.e. it is the first and only ack msg after the message was sent)
// All this to say, that we want to make sure that message to ztunnel are sent from a single goroutine
// so we don't mix messages and acks.
// nolint: unparam
func (z *ztunnelServer) handleConn(ctx context.Context, conn *ZtunnelConnection) error {
	defer conn.Close()

	context.AfterFunc(ctx, func() {

  // flag will result in errors when validating the Pod. All of a Pod's containers must
  // have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
  // containers and non-HostProcess containers).  In addition, if HostProcess is true
  // then HostNetwork must also be set to true.
  // +optional
  optional bool hostProcess = 4;

spec:
  profile: /usr/home/bob/go/src/github.com/ostromart/istio-installer/data/profiles/default.yaml
  installPackagePath: /usr/home/bob/go/src/github.com/ostromart/istio-installer/data/charts/
```

You can mix and match these approaches. For example, you can use a compiled-in configuration profile with charts in your
local file system.

#### Check diffs of manifests

## Authentication

The agent supports two forms of authentication with the CA/discovery servers: mTLS and JWT. Varying deployment
topologies mix and match these two.

For a standard Kubernetes deployment, both CA and discovery will use JWT authentication, with a token automatically

			args:      []string{"--filename", validFilenameJSON, "--filename", tempDirJSON, "--filename", validTempDirJSON},
			wantError: true, // Since the directory has invalid files
		},
		{
			name:      "validate mix of yaml and json directories with valid files",
			args:      []string{"--filename", validTempDirYAML, "--filename", validTempDirJSON},
			wantError: false,
		},
		{