apiVersion: apps/v1
kind: ReplicaSet
metadata:
  annotations:
    deployment.kubernetes.io/desired-replicas: "1"
    deployment.kubernetes.io/max-replicas: "2"
    deployment.kubernetes.io/revision: "1"
  creationTimestamp: "2026-04-02T13:55:56Z"
  generation: 1
  labels:
    component: frr-k8s-webhook-server
    pod-template-hash: bcc4b6f68
  name: frr-k8s-webhook-server-bcc4b6f68
  namespace: metallb-system
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: Deployment
    name: frr-k8s-webhook-server
    uid: 7a83f39e-8621-4992-8e45-a94cb3be82a3
  resourceVersion: "36370"
  uid: be1b68a7-3649-400c-b614-47247a5ddd8e
spec:
  replicas: 1
  selector:
    matchLabels:
      component: frr-k8s-webhook-server
      pod-template-hash: bcc4b6f68
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/default-container: frr-k8s-webhook-server
      creationTimestamp: null
      labels:
        component: frr-k8s-webhook-server
        pod-template-hash: bcc4b6f68
    spec:
      containers:
      - args:
        - --log-level=debug
        - --webhook-mode=onlywebhook
        - --disable-cert-rotation=true
        - --namespace=$(NAMESPACE)
        - --metrics-bind-address=:7572
        command:
        - /frr-k8s
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: registry.redhat.io/openshift4/frr-rhel9@sha256:2157d8b664937a8c3871c12e9a4ee90e7da1a3db2b240bdd320b5dc619b9b8d4
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /metrics
            port: monitoring
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: frr-k8s-webhook-server
        ports:
        - containerPort: 7572
          name: monitoring
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /metrics
            port: monitoring
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /tmp/k8s-webhook-server/serving-certs
          name: cert
          readOnly: true
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        runAsNonRoot: true
      serviceAccount: frr-k8s-daemon
      serviceAccountName: frr-k8s-daemon
      terminationGracePeriodSeconds: 10
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
        operator: Exists
      - effect: NoSchedule
        key: node-role.kubernetes.io/control-plane
        operator: Exists
      volumes:
      - name: cert
        secret:
          defaultMode: 420
          secretName: frr-k8s-webhook-server-cert
status:
  availableReplicas: 1
  fullyLabeledReplicas: 1
  observedGeneration: 1
  readyReplicas: 1
  replicas: 1