apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" creationTimestamp: "2026-04-02T14:00:32Z" generation: 1 labels: owner: keystone pod-template-hash: d4c8876f7 service: keystone name: keystone-d4c8876f7 namespace: openstack ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: keystone uid: 7508f22d-a317-431d-9e97-ffe19372afec resourceVersion: "45817" uid: 2c6227f5-9706-497b-b4e4-b79571c3c740 spec: replicas: 1 selector: matchLabels: owner: keystone pod-template-hash: d4c8876f7 service: keystone template: metadata: annotations: k8s.v1.cni.cncf.io/networks: '[]' creationTimestamp: null labels: owner: keystone pod-template-hash: d4c8876f7 service: keystone spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: service operator: In values: - keystone topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - -c - /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n549h594hf7h85h5b6hcch9fh568hf8h56fh59h5c6hffh54dh96h575h5b8h595hbdh659hbfh7bh585h594hb9hcbh54chd5h677h5h79h86q - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-keystone:current-podified imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /v3 port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 30 name: keystone-api readinessProbe: failureThreshold: 3 httpGet: path: /v3 port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 30 resources: {} securityContext: capabilities: drop: - MKNOD runAsGroup: 42425 runAsUser: 42425 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config-data - mountPath: /var/lib/kolla/config_files/config.json name: config-data readOnly: true subPath: keystone-api-config.json - mountPath: /etc/keystone/fernet-keys name: fernet-keys readOnly: true - mountPath: /etc/keystone/credential-keys name: credential-keys readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - mountPath: /var/lib/config-data/tls/certs/internal.crt name: internal-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/internal.key name: internal-tls-certs readOnly: true subPath: tls.key - mountPath: /var/lib/config-data/tls/certs/public.crt name: public-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/public.key name: public-tls-certs readOnly: true subPath: tls.key dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: keystone-keystone serviceAccountName: keystone-keystone terminationGracePeriodSeconds: 30 volumes: - name: scripts secret: defaultMode: 493 secretName: keystone-scripts - name: config-data secret: defaultMode: 420 secretName: keystone-config-data - name: fernet-keys secret: defaultMode: 420 items: - key: FernetKeys0 path: "0" - key: FernetKeys1 path: "1" - key: FernetKeys2 path: "2" - key: FernetKeys3 path: "3" - key: FernetKeys4 path: "4" secretName: keystone - name: credential-keys secret: defaultMode: 420 items: - key: CredentialKeys0 path: "0" - key: CredentialKeys1 path: "1" secretName: keystone - name: combined-ca-bundle secret: defaultMode: 292 secretName: combined-ca-bundle - name: internal-tls-certs secret: defaultMode: 256 secretName: cert-keystone-internal-svc - name: public-tls-certs secret: defaultMode: 256 secretName: cert-keystone-public-svc status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1