diff --git a/ztunnel-1.29.yaml b/ztunnel-1.29.yaml
new file mode 100644
index 00000000000..07795d1263f
--- /dev/null
+++ b/ztunnel-1.29.yaml
@@ -0,0 +1,95 @@
+package:
+  name: ztunnel-1.29
+  version: "1.29.0"
+  epoch: 0
+  description: The `ztunnel` component of istio ambient mesh.
+  copyright:
+    - license: Apache-2.0
+  dependencies:
+    provides:
+      - ztunnel=${{package.full-version}}
+    runtime:
+      - ca-certificates-bundle
+      - iptables-nft
+      - libmnl
+      - libnetfilter_conntrack
+      - libnfnetlink
+
+environment:
+  contents:
+    packages:
+      - build-base
+      - busybox
+      - ca-certificates-bundle
+      - cargo-auditable
+      - clang
+      - cmake
+      - protoc
+      - rust
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://github.com/istio/ztunnel
+      tag: ${{package.version}}
+      expected-commit: 4225e92aa753b1bdba800fe975f03e131f8cc257
+
+  - uses: rust/cargobump
+
+  # mitigate GHSA-2gh3-rmm4-6rq5
+  # created upstream PR to address pprof issue https://github.com/tikv/pprof-rs/pull/264
+  # this needs to be removed once upstream fixes or merges PR
+  - runs: |
+      sed -i 's|pprof = { version = "0.14", features = \["protobuf", "protobuf-codec", "criterion"\] }|pprof = { git = "https://github.com/kbsteere/pprof-rs.git", branch = "bump-protobuf-version-3.x", version = "0.14.0", features = ["protobuf", "protobuf-codec", "criterion"] }|' Cargo.toml
+
+  - runs: |
+      export ZTUNNEL_BUILD_buildStatus=clean
+      export ZTUNNEL_BUILD_buildGitRevision=$(git rev-parse HEAD)
+      export ZTUNNEL_BUILD_buildVersion=$(git describe --tags --abbrev=0)
+      cargo auditable build --release
+      mkdir -p ${{targets.destdir}}/usr/bin
+      cp out/rust/release/ztunnel ${{targets.destdir}}/usr/bin/ztunnel
+
+  - uses: strip
+
+subpackages:
+  - name: ${{package.name}}-compat
+    description: Compat package for ztunnel
+    pipeline:
+      - runs: |
+          mkdir -p "${{targets.contextdir}}"/usr/local/bin
+          ln -sf /usr/bin/ztunnel "${{targets.contextdir}}"/usr/local/bin/ztunnel
+    dependencies:
+      provides:
+        - ztunnel-compat=${{package.full-version}}
+    test:
+      pipeline:
+        - uses: test/virtualpackage
+          with:
+            virtual-pkg-name: ztunnel-compat
+            real-pkg-name: ${{subpkg.name}}
+
+update:
+  enabled: true
+  ignore-regex-patterns:
+    - '-rc'
+    - '-beta'
+  github:
+    identifier: istio/ztunnel
+    tag-filter-prefix: 1.29.
+    use-tag: true
+
+test:
+  pipeline:
+    - name: Version information tests
+      runs: |
+        VERSION_OUTPUT=$(ztunnel version)
+        echo "$VERSION_OUTPUT" | grep "Version"
+        echo "$VERSION_OUTPUT" | grep "BuildStatus"
+        echo "$VERSION_OUTPUT" | grep ${{package.version}}
+    - name: Command structure tests
+      runs: |
+        set -e
+        ztunnel help | grep "Commands:"
+        ztunnel help proxy | grep "Start the ztunnel proxy"
+        ztunnel help version | grep "Print the version"
diff --git a/ztunnel-1.29/cargobump-deps.yaml b/ztunnel-1.29/cargobump-deps.yaml
new file mode 100644
index 00000000000..25a6a408301
--- /dev/null
+++ b/ztunnel-1.29/cargobump-deps.yaml
@@ -0,0 +1,17 @@
+packages:
+  - name: hickory-proto
+    version: 0.24.3
+  - name: url
+    version: 2.5.4
+  - name: hashbrown@0.15.0
+    version: 0.15.2
+  - name: ring
+    version: 0.17.13
+  - name: tokio
+    version: 1.43.1
+  - name: crossbeam-channel
+    version: 0.5.15
+  - name: tracing-subscriber
+    version: 0.3.20
+  - name: lru
+    version: 0.16.3