--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: capability.openshift.io/name: Ingress config.openshift.io/inject-proxy: ingress-operator deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "1" deployment.kubernetes.io/revision: "1" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" creationTimestamp: "2025-10-11T10:25:48Z" generation: 1 labels: name: ingress-operator pod-template-hash: 766ddf4575 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:config.openshift.io/inject-proxy: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:labels: .: {} f:name: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"a92ca3b9-9d66-4819-822b-a2cdd20c85a0"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:name: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"ingress-operator"}: .: {} f:command: {} f:env: .: {} k:{"name":"CANARY_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9393,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:25:48Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:37:47Z" name: ingress-operator-766ddf4575 namespace: openshift-ingress-operator ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: ingress-operator uid: a92ca3b9-9d66-4819-822b-a2cdd20c85a0 resourceVersion: "17972" uid: 5c09db1c-af65-4292-a12b-8c4275d0cadd spec: replicas: 1 selector: matchLabels: name: ingress-operator pod-template-hash: 766ddf4575 template: metadata: annotations: openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: name: ingress-operator pod-template-hash: 766ddf4575 spec: containers: - command: - ingress-operator - start - --namespace - $(WATCH_NAMESPACE) - --image - $(IMAGE) - --canary-image - $(CANARY_IMAGE) - --release-version - $(RELEASE_VERSION) env: - name: RELEASE_VERSION value: 4.18.25 - name: WATCH_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:776b1203d0e4c0522ff38ffceeddfbad096e187b4d4c927f3ad89bac5f40d5c8 - name: CANARY_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:805f1bf09553ecf2e9d735c881539c011947eee7bf4c977b074e2d0396b9d99a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:805f1bf09553ecf2e9d735c881539c011947eee7bf4c977b074e2d0396b9d99a imagePullPolicy: IfNotPresent name: ingress-operator resources: requests: cpu: 10m memory: 56Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true - args: - --logtostderr - --secure-listen-address=:9393 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - --upstream=http://127.0.0.1:60000/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9393 name: metrics protocol: TCP resources: requests: cpu: 10m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: metrics-tls readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccount: ingress-operator serviceAccountName: ingress-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - name: metrics-tls secret: defaultMode: 420 secretName: metrics-tls - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: trusted-ca name: trusted-ca - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 kind: ReplicaSetList metadata: resourceVersion: "64413"