--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: DaemonSet metadata: annotations: deprecated.daemonset.template.generation: "1" operator.openshift.io/spec-hash: 408ec0c98522d053a6e09ea526bd5b18a4a345cc76cbb40232f09866a89941b9 creationTimestamp: "2025-10-11T10:38:49Z" generation: 1 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deprecated.daemonset.template.generation: {} f:operator.openshift.io/spec-hash: {} f:spec: f:revisionHistoryLimit: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:name: {} f:spec: f:containers: k:{"name":"node-ca"}: .: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsGroup: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/docker/certs.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/tmp/serviceca"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:hostNetwork: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"host"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"serviceca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} f:updateStrategy: f:rollingUpdate: .: {} f:maxSurge: {} f:maxUnavailable: {} f:type: {} manager: cluster-image-registry-operator operation: Update time: "2025-10-11T10:38:49Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:currentNumberScheduled: {} f:desiredNumberScheduled: {} f:numberAvailable: {} f:numberReady: {} f:observedGeneration: {} f:updatedNumberScheduled: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:39:24Z" name: node-ca namespace: openshift-image-registry resourceVersion: "19746" uid: 33c1d38f-9233-4b06-9f11-9a4094c40094 spec: revisionHistoryLimit: 10 selector: matchLabels: name: node-ca template: metadata: annotations: openshift.io/required-scc: privileged target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: name: node-ca spec: containers: - command: - /bin/sh - -c - | trap 'jobs -p | xargs -r kill; echo shutting down node-ca; exit 0' TERM while [ true ]; do for f in $(ls /tmp/serviceca); do echo $f ca_file_path="/tmp/serviceca/${f}" f=$(echo $f | sed -r 's/(.*)\.\./\1:/') reg_dir_path="/etc/docker/certs.d/${f}" if [ -e "${reg_dir_path}" ]; then cp -u $ca_file_path $reg_dir_path/ca.crt else mkdir $reg_dir_path cp $ca_file_path $reg_dir_path/ca.crt fi done for d in $(ls /etc/docker/certs.d); do echo $d dp=$(echo $d | sed -r 's/(.*):/\1\.\./') reg_conf_path="/tmp/serviceca/${dp}" if [ ! -e "${reg_conf_path}" ]; then rm -rf /etc/docker/certs.d/$d fi done sleep 60 & wait ${!} done image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:033c253ddc49271d2affc9841208ba0a36a902d5cf00eae4873bae24715622d2 imagePullPolicy: IfNotPresent name: node-ca resources: requests: cpu: 10m memory: 10Mi securityContext: privileged: true runAsGroup: 0 runAsUser: 1001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp/serviceca name: serviceca - mountPath: /etc/docker/certs.d name: host dnsPolicy: ClusterFirst hostNetwork: true nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: node-ca serviceAccountName: node-ca terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /etc/docker/certs.d type: "" name: host - configMap: defaultMode: 420 name: image-registry-certificates name: serviceca updateStrategy: rollingUpdate: maxSurge: 0 maxUnavailable: 10% type: RollingUpdate status: currentNumberScheduled: 3 desiredNumberScheduled: 3 numberAvailable: 3 numberMisscheduled: 0 numberReady: 3 observedGeneration: 1 updatedNumberScheduled: 3 kind: DaemonSetList metadata: resourceVersion: "64411"