--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: capability.openshift.io/name: CloudCredential config.openshift.io/inject-proxy: cloud-credential-operator deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "1" deployment.kubernetes.io/revision: "1" exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" creationTimestamp: "2025-10-11T10:26:50Z" generation: 1 labels: app: cloud-credential-operator control-plane: controller-manager controller-tools.k8s.io: "1.0" pod-template-hash: 5cf49b6487 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:config.openshift.io/inject-proxy: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:exclude.release.openshift.io/internal-openshift-hosted: {} f:include.release.openshift.io/self-managed-high-availability: {} f:labels: .: {} f:app: {} f:control-plane: {} f:controller-tools.k8s.io: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"6d46ccef-ba17-46bd-9fb5-5cc29ca926fb"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app: {} f:control-plane: {} f:controller-tools.k8s.io: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"cloud-credential-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"AWS_POD_IDENTITY_WEBHOOK_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"AZURE_POD_IDENTITY_WEBHOOK_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"GCP_POD_IDENTITY_WEBHOOK_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/run/configmaps/trusted-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cco-trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"cloud-credential-operator-serving-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:26:50Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:37:47Z" name: cloud-credential-operator-5cf49b6487 namespace: openshift-cloud-credential-operator ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: cloud-credential-operator uid: 6d46ccef-ba17-46bd-9fb5-5cc29ca926fb resourceVersion: "17950" uid: 8b7eed17-f1f6-4027-b603-ac3c9d755e93 spec: replicas: 1 selector: matchLabels: control-plane: controller-manager controller-tools.k8s.io: "1.0" pod-template-hash: 5cf49b6487 template: metadata: annotations: openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app: cloud-credential-operator control-plane: controller-manager controller-tools.k8s.io: "1.0" pod-template-hash: 5cf49b6487 spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:2112/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --logtostderr=true image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: metrics protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: cloud-credential-operator-serving-cert - args: - | if [ -s /var/run/configmaps/trusted-ca-bundle/tls-ca-bundle.pem ]; then echo "Copying system trust bundle" cp -f /var/run/configmaps/trusted-ca-bundle/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem fi exec /usr/bin/cloud-credential-operator operator command: - /bin/bash - -ec env: - name: RELEASE_VERSION value: 4.18.25 - name: AZURE_POD_IDENTITY_WEBHOOK_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3a11d2551fe38026be36606c06f70b619c32bfdf24cf8ab22fd070e4f07cc8cc - name: AWS_POD_IDENTITY_WEBHOOK_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e3c6f580c36223f610d047013327cec44e3f43cf11ef4ea2a385e92a3d7c3906 - name: GCP_POD_IDENTITY_WEBHOOK_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:da3e0a21b6330970a5d1789ff829fbcf1f4b32efb315da5e9a6637d4d9f23c0d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6458d944052d69ffeffc62813d3a5cc3344ce7091b6df0ebf54d73c861355b01 imagePullPolicy: IfNotPresent name: cloud-credential-operator resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/configmaps/trusted-ca-bundle name: cco-trusted-ca dnsPolicy: ClusterFirst nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccount: cloud-credential-operator serviceAccountName: cloud-credential-operator terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cco-trusted-ca optional: true name: cco-trusted-ca - name: cloud-credential-operator-serving-cert secret: defaultMode: 420 secretName: cloud-credential-operator-serving-cert status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 kind: ReplicaSetList metadata: resourceVersion: "64322"