apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" creationTimestamp: "2026-04-06T12:14:03Z" generation: 1 labels: app: metallb app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.0.0 component: controller helm.sh/chart: metallb-0.0.0 name: controller namespace: metallb-system ownerReferences: - apiVersion: metallb.io/v1beta1 blockOwnerDeletion: true controller: true kind: MetalLB name: metallb uid: 4cdd3a81-ce00-4649-bbac-92ab1bab4377 resourceVersion: "37842" uid: 534361ef-b177-4b14-a1b4-d2ce21d3aa4b spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: metallb component: controller strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: metallb component: controller spec: containers: - args: - --port=29150 - --log-level=debug - --webhook-mode=disabled - --tls-min-version=VersionTLS12 command: - /controller env: - name: METALLB_ML_SECRET_NAME value: metallb-memberlist - name: METALLB_DEPLOYMENT value: controller - name: METALLB_BGP_TYPE value: frr-k8s image: registry.redhat.io/openshift4/metallb-rhel9@sha256:d4b55965af5982c936d8796001d4c79f7469480ef4bd33baa888de96fc3aed9e imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /metrics port: monitoring scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: controller ports: - containerPort: 29150 name: monitoring protocol: TCP - containerPort: 9443 name: webhook-server protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /metrics port: monitoring scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - args: - --logtostderr - --secure-listen-address=:9120 - --upstream=http://127.0.0.1:29150/ - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - --tls-private-key-file=/etc/metrics/tls.key - --tls-cert-file=/etc/metrics/tls.crt image: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9@sha256:4fdd6da66aba2523d2c21cef306b7650659926bbadb96dedd000d2b8c0229078 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9120 name: metricshttps protocol: TCP resources: requests: cpu: 10m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/metrics name: metrics-certs readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true serviceAccount: controller serviceAccountName: controller terminationGracePeriodSeconds: 0 volumes: - name: cert secret: defaultMode: 420 secretName: metallb-webhook-cert - name: metrics-certs secret: defaultMode: 420 secretName: controller-certs-secret status: availableReplicas: 1 conditions: - lastTransitionTime: "2026-04-06T12:14:14Z" lastUpdateTime: "2026-04-06T12:14:14Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available - lastTransitionTime: "2026-04-06T12:14:03Z" lastUpdateTime: "2026-04-06T12:14:14Z" message: ReplicaSet "controller-5bb64cd5d7" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 1 readyReplicas: 1 replicas: 1 updatedReplicas: 1