apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "2" creationTimestamp: "2025-12-03T22:25:37Z" generation: 2 labels: component: barbican-api service: barbican name: barbican-api namespace: openstack ownerReferences: - apiVersion: barbican.openstack.org/v1beta1 blockOwnerDeletion: true controller: true kind: BarbicanAPI name: barbican-api uid: 9286530f-4eec-4efb-9a4f-7da20d0233b0 resourceVersion: "33924" uid: 8338a3d7-6bb1-4f8c-bea0-a37280b5c71a spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: component: barbican-api service: barbican strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: k8s.v1.cni.cncf.io/networks: '[]' creationTimestamp: null labels: component: barbican-api service: barbican spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: component operator: In values: - barbican-api topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - --single-child - -- - /usr/bin/tail - -n+1 - -F - /var/log/barbican/barbican-api.log command: - /usr/bin/dumb-init env: - name: CONFIG_HASH value: n6fh54fh688h5b8h59chcbh58fh58h5bch654h567h59h7hfh556hffh5c5h7h5f4h7dh65dh56dh67dh669hbfh78hd4h55ch94h5d9hd9h576q - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-barbican-api@sha256:82006b9c64d4c5f80483cda262d960ce6be4813665158ef1a53ea7734bbe431f imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 9311 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 3 successThreshold: 1 timeoutSeconds: 5 name: barbican-api-log readinessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 9311 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: capabilities: drop: - MKNOD runAsGroup: 42403 runAsUser: 42403 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/log/barbican name: logs - args: - -c - /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n6fh54fh688h5b8h59chcbh58fh58h5bch654h567h59h7hfh556hffh5c5h7h5f4h7dh65dh56dh67dh669hbfh78hd4h55ch94h5d9hd9h576q - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-barbican-api@sha256:82006b9c64d4c5f80483cda262d960ce6be4813665158ef1a53ea7734bbe431f imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 9311 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 3 successThreshold: 1 timeoutSeconds: 5 name: barbican-api readinessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 9311 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: capabilities: drop: - MKNOD runAsGroup: 42403 runAsUser: 42403 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/lib/config-data/default name: config-data readOnly: true - mountPath: /etc/my.cnf name: config-data readOnly: true subPath: my.cnf - mountPath: /etc/barbican/barbican.conf.d name: config-data-custom readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config-data readOnly: true subPath: barbican-api-config.json - mountPath: /var/log/barbican name: logs - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - mountPath: /var/lib/config-data/tls/certs/internal.crt name: internal-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/internal.key name: internal-tls-certs readOnly: true subPath: tls.key - mountPath: /var/lib/config-data/tls/certs/public.crt name: public-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/public.key name: public-tls-certs readOnly: true subPath: tls.key dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: barbican-barbican serviceAccountName: barbican-barbican terminationGracePeriodSeconds: 30 volumes: - name: config-data secret: defaultMode: 420 secretName: barbican-config-data - name: config-data-custom secret: defaultMode: 420 secretName: barbican-api-config-data - emptyDir: {} name: logs - name: combined-ca-bundle secret: defaultMode: 292 secretName: combined-ca-bundle - name: internal-tls-certs secret: defaultMode: 256 secretName: cert-barbican-internal-svc - name: public-tls-certs secret: defaultMode: 256 secretName: cert-barbican-public-svc status: availableReplicas: 1 conditions: - lastTransitionTime: "2025-12-03T22:25:50Z" lastUpdateTime: "2025-12-03T22:25:50Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available - lastTransitionTime: "2025-12-03T22:25:38Z" lastUpdateTime: "2025-12-03T22:26:04Z" message: ReplicaSet "barbican-api-56565586f6" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 2 readyReplicas: 1 replicas: 1 updatedReplicas: 1