--- apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.65/23"],"mac_address":"0a:58:0a:80:00:41","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/14","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.65/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.65" ], "mac": "0a:58:0a:80:00:41", "default": true, "dns": {} }] target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: "2025-10-14T13:11:18Z" labels: app: guard managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:k8s.ovn.org/pod-networks: {} manager: master-1 operation: Update subresource: status time: "2025-10-14T13:11:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2025-10-14T13:11:19Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:target.workload.openshift.io/management: {} f:labels: .: {} f:app: {} f:spec: f:containers: k:{"name":"guard"}: .: {} f:args: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:host: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostname: {} f:nodeName: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} manager: cluster-kube-apiserver-operator operation: Update time: "2025-10-14T13:11:23Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: .: {} k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.65"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2025-10-14T13:33:03Z" name: kube-apiserver-guard-master-1 namespace: openshift-kube-apiserver resourceVersion: "34596" uid: 0967dd4e-97b5-4caa-a9ae-3dd2ef05ed56 spec: containers: - args: - -c - | # properly handle TERM and exit as soon as it is signaled set -euo pipefail trap 'jobs -p | xargs -r kill; exit 0' TERM sleep infinity & wait command: - /bin/bash image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd52817806c4f947413297672397b0f17784eec91347b8d6f3a21f4b9921eb2e imagePullPolicy: IfNotPresent name: guard readinessProbe: failureThreshold: 3 httpGet: host: 192.168.34.11 path: readyz port: 6443 scheme: HTTPS periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 10m memory: 5Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fhz7w readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: guard-f1d8facf00531860b6cbd951c4b787ab1982edd3-end nodeName: master-1 preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 3 tolerations: - operator: Exists volumes: - name: kube-api-access-fhz7w projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2025-10-14T13:11:20Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2025-10-14T13:11:18Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2025-10-14T13:33:03Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2025-10-14T13:33:03Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2025-10-14T13:11:18Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://c7ae531a8f27ec7b4c4fef9dcf28294638126ef0e1ecbba3c0009cb985efe4bd image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd52817806c4f947413297672397b0f17784eec91347b8d6f3a21f4b9921eb2e imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd52817806c4f947413297672397b0f17784eec91347b8d6f3a21f4b9921eb2e lastState: {} name: guard ready: true restartCount: 0 started: true state: running: startedAt: "2025-10-14T13:11:19Z" volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fhz7w readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.34.11 hostIPs: - ip: 192.168.34.11 phase: Running podIP: 10.128.0.65 podIPs: - ip: 10.128.0.65 qosClass: Burstable startTime: "2025-10-14T13:11:18Z"