--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" creationTimestamp: "2025-10-11T10:25:47Z" generation: 1 labels: app: cluster-monitoring-operator app.kubernetes.io/name: cluster-monitoring-operator pod-template-hash: 5b5dd85dcc managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/name: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"09dacbe8-c779-4b46-8719-3e780e466f26"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/name: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"cluster-monitoring-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-monitoring-operator/telemetry"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cluster-monitoring-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemetry-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:25:47Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:37:47Z" name: cluster-monitoring-operator-5b5dd85dcc namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: cluster-monitoring-operator uid: 09dacbe8-c779-4b46-8719-3e780e466f26 resourceVersion: "17924" uid: 5619d34b-3a97-42b5-8bc0-96821808e758 spec: replicas: 1 selector: matchLabels: app: cluster-monitoring-operator pod-template-hash: 5b5dd85dcc template: metadata: annotations: openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app: cluster-monitoring-operator app.kubernetes.io/name: cluster-monitoring-operator pod-template-hash: 5b5dd85dcc spec: containers: - args: - -namespace=openshift-monitoring - -namespace-user-workload=openshift-user-workload-monitoring - -configmap=cluster-monitoring-config - -release-version=$(RELEASE_VERSION) - -v=2 - -cert-file=/etc/tls/private/tls.crt - -key-file=/etc/tls/private/tls.key - -images=prometheus-operator=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0a666f70f1223d9d2e6cfda2fb89ae1646dc73b9d2e78f0d31074c3e7f723aeb - -images=prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d26267190f13ef59cf0f8f5eee729694c7faccc36ab1294566192272625a58af - -images=prometheus-operator-admission-webhook=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d17032145778e4a4adaeb2bd2a4107c77dc2b0f600d7d704f50648b6198801a - -images=configmap-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3905aea84446913c964a8db65be6dfe3a075423b2ade85fa77716f4bad742a6a - -images=prometheus=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b7ea005d75360221e268ef4a671bd1a5eb15acc98b32c7c716176ad5b6cd73d - -images=alertmanager=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:755d2dc7bc83f2e1c10e6a0a70dd9acdd6bc282ad4ae973794d262a785e9f6d6 - -images=node-exporter=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:66366501aac86a6d898d235d0b96dbe7679a2e142e8c615524f0bdc3ddd68b21 - -images=kube-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aba459a30191b49c89c71863fd4ec15776092b818c6f5fa44e233824dea4c6cf - -images=openshift-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:982ec135c928d7c2904347f7727077c3d45b4c124557f6b3cb7dfca5ffa2e145 - -images=kube-rbac-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 - -images=telemeter-client=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce0ff00581505232eae7c6725b65f09e2a81f94b2af66aa60af7a1e101a1a705 - -images=prom-label-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:61f170d009db78c5df2e61a5de6cbd57283366bb46168eea3b0cca5f005bbf59 - -images=thanos=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d24c4db9f6f0e9fb8ffdf9dd2b08101c37316b989e6709d13783e7d6d3baef73 - -images=monitoring-plugin=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:84adcf9faa58ecd3baf5d7406e6ccc4f83a83c1b6d67dc4e188311d780221650 - -images=kube-metrics-server=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aa8586795f9801090b8f01a74743474c41b5987eefc3a9b2c58f937098a1704f env: - name: RELEASE_VERSION value: 4.18.25 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:732db322c7ea7d239293fdd893e493775fd05ed4370bfe908c6995d4beabc0a4 imagePullPolicy: IfNotPresent name: cluster-monitoring-operator ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 75Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: cluster-monitoring-operator-tls readOnly: true - mountPath: /etc/cluster-monitoring-operator/telemetry name: telemetry-config readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: cluster-monitoring-operator serviceAccountName: cluster-monitoring-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - configMap: defaultMode: 420 name: telemetry-config name: telemetry-config - name: cluster-monitoring-operator-tls secret: defaultMode: 420 secretName: cluster-monitoring-operator-tls status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" creationTimestamp: "2025-10-11T10:29:44Z" generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 2.13.0 pod-template-hash: 57fbd47578 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"cda70857-3b43-4f16-a533-061d1493ba7e"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-state-metrics"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"kube-state-metrics-custom-resource-state-configmap"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"kube-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"kube-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"volume-directive-shadow"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:29:44Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:37:46Z" name: kube-state-metrics-57fbd47578 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: kube-state-metrics uid: cda70857-3b43-4f16-a533-061d1493ba7e resourceVersion: "17774" uid: ff5f7ed9-adc3-420c-b7b8-2ac658b1c944 spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 57fbd47578 template: metadata: annotations: kubectl.kubernetes.io/default-container: kube-state-metrics openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 2.13.0 pod-template-hash: 57fbd47578 spec: automountServiceAccountToken: true containers: - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - | --metric-denylist= ^kube_secret_labels$, ^kube_.+_annotations$ ^kube_customresource_.+_annotations_info$, ^kube_customresource_.+_labels_info$, - --metric-labels-allowlist=pods=[*],nodes=[*],namespaces=[*],persistentvolumes=[*],persistentvolumeclaims=[*],poddisruptionbudgets=[*] - | --metric-denylist= ^kube_.+_created$, ^kube_.+_metadata_resource_version$, ^kube_replicaset_metadata_generation$, ^kube_replicaset_status_observed_generation$, ^kube_pod_restart_policy$, ^kube_pod_init_container_status_terminated$, ^kube_pod_init_container_status_running$, ^kube_pod_container_status_terminated$, ^kube_pod_container_status_running$, ^kube_pod_completion_time$, ^kube_pod_status_scheduled$ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aba459a30191b49c89c71863fd4ec15776092b818c6f5fa44e233824dea4c6cf imagePullPolicy: IfNotPresent name: kube-state-metrics resources: requests: cpu: 2m memory: 80Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp name: volume-directive-shadow - mountPath: /etc/kube-state-metrics name: kube-state-metrics-custom-resource-state-configmap readOnly: true - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: kube-state-metrics serviceAccountName: kube-state-metrics terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: volume-directive-shadow - name: kube-state-metrics-tls secret: defaultMode: 420 secretName: kube-state-metrics-tls - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: kube-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: kube-state-metrics-custom-resource-state-configmap name: kube-state-metrics-custom-resource-state-configmap status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "2" deployment.kubernetes.io/max-replicas: "3" deployment.kubernetes.io/revision: "1" creationTimestamp: "2025-10-11T10:29:49Z" generation: 3 labels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 65d86dff78 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"6a776866-eea9-42e9-8ff9-f51ebd91a35f"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:monitoring.openshift.io/kubelet-serving-ca-bundle-hash: {} f:monitoring.openshift.io/metrics-client-cert-hash: {} f:monitoring.openshift.io/serving-ca-secret-hash: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:spec: f:affinity: .: {} f:podAntiAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"metrics-server"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":10250,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/audit"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/client-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/metrics-client-certs"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/log/metrics-server"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"audit-log"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"client-ca-bundle"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"metrics-server-audit-profiles"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-metrics-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-server-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:38:18Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:observedGeneration: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:38:19Z" name: metrics-server-65d86dff78 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: metrics-server uid: 6a776866-eea9-42e9-8ff9-f51ebd91a35f resourceVersion: "18781" uid: 24032a5d-928f-4c08-a885-ad6a8a09f57d spec: replicas: 0 selector: matchLabels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 65d86dff78 template: metadata: annotations: monitoring.openshift.io/kubelet-serving-ca-bundle-hash: el6sl2vaco6mv monitoring.openshift.io/metrics-client-cert-hash: 3q6kgvbljlpdj monitoring.openshift.io/serving-ca-secret-hash: 2roidultqkg0k openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 65d86dff78 spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring namespaces: - openshift-monitoring topologyKey: kubernetes.io/hostname containers: - args: - --secure-port=10250 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-certificate-authority=/etc/tls/kubelet-serving-ca-bundle/ca-bundle.crt - --kubelet-client-certificate=/etc/tls/metrics-client-certs/tls.crt - --kubelet-client-key=/etc/tls/metrics-client-certs/tls.key - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --shutdown-send-retry-after=true - --shutdown-delay-duration=150s - --disable-http2-serving=true - --tls-min-version=VersionTLS12 - --client-ca-file=/etc/client-ca-bundle/client-ca-file - --requestheader-client-ca-file=/etc/client-ca-bundle/requestheader-client-ca-file - --requestheader-allowed-names=kube-apiserver-proxy,system:kube-apiserver-proxy,system:openshift-aggregator - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --audit-policy-file=/etc/audit/metadata-profile.yaml - --audit-log-path=/var/log/metrics-server/audit.log - --audit-log-maxsize=100 - --audit-log-maxbackup=5 - --audit-log-compress=true image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aa8586795f9801090b8f01a74743474c41b5987eefc3a9b2c58f937098a1704f imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: metrics-server ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 6 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-client-certs name: secret-metrics-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: metrics-server serviceAccountName: metrics-server terminationGracePeriodSeconds: 170 volumes: - name: secret-metrics-client-certs secret: defaultMode: 420 secretName: metrics-client-certs - name: secret-metrics-server-tls secret: defaultMode: 420 secretName: metrics-server-tls - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - emptyDir: {} name: audit-log - configMap: defaultMode: 420 name: metrics-server-audit-profiles name: metrics-server-audit-profiles - name: client-ca-bundle secret: defaultMode: 420 secretName: metrics-server-ap7ej74ueigk4 status: observedGeneration: 3 replicas: 0 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "2" deployment.kubernetes.io/max-replicas: "3" deployment.kubernetes.io/revision: "2" creationTimestamp: "2025-10-11T10:34:57Z" generation: 2 labels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 7d46fcc5c6 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"6a776866-eea9-42e9-8ff9-f51ebd91a35f"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:monitoring.openshift.io/kubelet-serving-ca-bundle-hash: {} f:monitoring.openshift.io/metrics-client-cert-hash: {} f:monitoring.openshift.io/serving-ca-secret-hash: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:spec: f:affinity: .: {} f:podAntiAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"metrics-server"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":10250,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/audit"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/client-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/metrics-client-certs"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/log/metrics-server"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"audit-log"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"client-ca-bundle"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"metrics-server-audit-profiles"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-metrics-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-server-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:34:57Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:40:40Z" name: metrics-server-7d46fcc5c6 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: metrics-server uid: 6a776866-eea9-42e9-8ff9-f51ebd91a35f resourceVersion: "21204" uid: f03abb7d-5881-4a77-896f-45e8ee2462b3 spec: replicas: 2 selector: matchLabels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 7d46fcc5c6 template: metadata: annotations: monitoring.openshift.io/kubelet-serving-ca-bundle-hash: el6sl2vaco6mv monitoring.openshift.io/metrics-client-cert-hash: 3q6kgvbljlpdj monitoring.openshift.io/serving-ca-secret-hash: 2roidultqkg0k openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 7d46fcc5c6 spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring namespaces: - openshift-monitoring topologyKey: kubernetes.io/hostname containers: - args: - --secure-port=10250 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-certificate-authority=/etc/tls/kubelet-serving-ca-bundle/ca-bundle.crt - --kubelet-client-certificate=/etc/tls/metrics-client-certs/tls.crt - --kubelet-client-key=/etc/tls/metrics-client-certs/tls.key - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --shutdown-send-retry-after=true - --shutdown-delay-duration=150s - --disable-http2-serving=true - --tls-min-version=VersionTLS12 - --client-ca-file=/etc/client-ca-bundle/client-ca-file - --requestheader-client-ca-file=/etc/client-ca-bundle/requestheader-client-ca-file - --requestheader-allowed-names=kube-apiserver-proxy,system:kube-apiserver-proxy,system:openshift-aggregator - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --audit-policy-file=/etc/audit/metadata-profile.yaml - --audit-log-path=/var/log/metrics-server/audit.log - --audit-log-maxsize=100 - --audit-log-maxbackup=5 - --audit-log-compress=true image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aa8586795f9801090b8f01a74743474c41b5987eefc3a9b2c58f937098a1704f imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: metrics-server ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 6 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-client-certs name: secret-metrics-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: metrics-server serviceAccountName: metrics-server terminationGracePeriodSeconds: 170 volumes: - name: secret-metrics-client-certs secret: defaultMode: 420 secretName: metrics-client-certs - name: secret-metrics-server-tls secret: defaultMode: 420 secretName: metrics-server-tls - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - emptyDir: {} name: audit-log - configMap: defaultMode: 420 name: metrics-server-audit-profiles name: metrics-server-audit-profiles - name: client-ca-bundle secret: defaultMode: 420 secretName: metrics-server-2ocquro0n92lc status: availableReplicas: 2 fullyLabeledReplicas: 2 observedGeneration: 2 readyReplicas: 2 replicas: 2 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "2" deployment.kubernetes.io/max-replicas: "3" deployment.kubernetes.io/revision: "1" creationTimestamp: "2025-10-11T10:37:37Z" generation: 1 labels: app.kubernetes.io/component: monitoring-plugin app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: monitoring-plugin app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 578f8b47b8 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"1dc7b41b-f34f-4f64-ba31-2c1e72f73472"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:monitoring.openshift.io/cert-hash: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:spec: f:affinity: .: {} f:podAntiAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"monitoring-plugin"}: .: {} f:args: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/cert"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"monitoring-plugin-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:37:37Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:37:43Z" name: monitoring-plugin-578f8b47b8 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: monitoring-plugin uid: 1dc7b41b-f34f-4f64-ba31-2c1e72f73472 resourceVersion: "17210" uid: d57ff590-a28a-4ae8-ba42-9db7c01d5b07 spec: replicas: 2 selector: matchLabels: app.kubernetes.io/component: monitoring-plugin app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: monitoring-plugin app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 578f8b47b8 template: metadata: annotations: monitoring.openshift.io/cert-hash: 1cvqf400s1ius openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app.kubernetes.io/component: monitoring-plugin app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: monitoring-plugin app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 578f8b47b8 spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: monitoring-plugin app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: monitoring-plugin app.kubernetes.io/part-of: openshift-monitoring namespaces: - openshift-monitoring topologyKey: kubernetes.io/hostname automountServiceAccountToken: false containers: - args: - -config-path=/opt/app-root/web/dist - -static-path=/opt/app-root/web/dist - -cert=/var/cert/tls.crt - -key=/var/cert/tls.key command: - /opt/app-root/plugin-backend image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:84adcf9faa58ecd3baf5d7406e6ccc4f83a83c1b6d67dc4e188311d780221650 imagePullPolicy: IfNotPresent name: monitoring-plugin ports: - containerPort: 9443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /health port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/cert name: monitoring-plugin-cert readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationGracePeriodSeconds: 30 volumes: - name: monitoring-plugin-cert secret: defaultMode: 420 secretName: monitoring-plugin-cert status: availableReplicas: 2 fullyLabeledReplicas: 2 observedGeneration: 1 readyReplicas: 2 replicas: 2 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" creationTimestamp: "2025-10-11T10:29:44Z" generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: openshift-state-metrics app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 56d8dcb55c managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"aae41661-ad95-49cc-9628-a1059d0d455a"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"openshift-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"openshift-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"openshift-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:29:44Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:29:47Z" name: openshift-state-metrics-56d8dcb55c namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: openshift-state-metrics uid: aae41661-ad95-49cc-9628-a1059d0d455a resourceVersion: "10082" uid: d34449d3-5ce2-4968-9a00-375b37506659 spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: exporter app.kubernetes.io/name: openshift-state-metrics pod-template-hash: 56d8dcb55c template: metadata: annotations: openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: openshift-state-metrics app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 56d8dcb55c spec: containers: - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:982ec135c928d7c2904347f7727077c3d45b4c124557f6b3cb7dfca5ffa2e145 imagePullPolicy: IfNotPresent name: openshift-state-metrics resources: requests: cpu: 1m memory: 32Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: openshift-state-metrics serviceAccountName: openshift-state-metrics terminationGracePeriodSeconds: 30 volumes: - name: openshift-state-metrics-tls secret: defaultMode: 420 secretName: openshift-state-metrics-tls - name: openshift-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: openshift-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" creationTimestamp: "2025-10-11T10:29:32Z" generation: 1 labels: app.kubernetes.io/component: controller app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.78.1 pod-template-hash: 574d7f8db8 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"1e34ec32-7d82-4829-b4cf-fc6a05d03d21"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prometheus-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"GOGC"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-operator-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"prometheus-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:29:32Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:37:47Z" name: prometheus-operator-574d7f8db8 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: prometheus-operator uid: 1e34ec32-7d82-4829-b4cf-fc6a05d03d21 resourceVersion: "18059" uid: 28913451-4616-4479-a0e1-c802d5e7e671 spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 574d7f8db8 template: metadata: annotations: kubectl.kubernetes.io/default-container: prometheus-operator openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app.kubernetes.io/component: controller app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.78.1 pod-template-hash: 574d7f8db8 spec: automountServiceAccountToken: true containers: - args: - --kubelet-service=kube-system/kubelet - --prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d26267190f13ef59cf0f8f5eee729694c7faccc36ab1294566192272625a58af - --kubelet-endpoints=true - --kubelet-endpointslice=false - --prometheus-instance-namespaces=openshift-monitoring - --thanos-ruler-instance-namespaces=openshift-monitoring - --alertmanager-instance-namespaces=openshift-monitoring - --config-reloader-cpu-limit=0 - --config-reloader-memory-limit=0 - --config-reloader-cpu-request=1m - --config-reloader-memory-request=10Mi - --web.listen-address=127.0.0.1:8080 - --controller-id=openshift-monitoring/prometheus-operator env: - name: GOGC value: "30" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0a666f70f1223d9d2e6cfda2fb89ae1646dc73b9d2e78f0d31074c3e7f723aeb imagePullPolicy: IfNotPresent name: prometheus-operator resources: requests: cpu: 5m memory: 150Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: prometheus-operator-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-policy name: prometheus-operator-kube-rbac-proxy-config readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: prometheus-operator serviceAccountName: prometheus-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists volumes: - name: prometheus-operator-tls secret: defaultMode: 420 secretName: prometheus-operator-tls - name: prometheus-operator-kube-rbac-proxy-config secret: defaultMode: 420 secretName: prometheus-operator-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "2" deployment.kubernetes.io/max-replicas: "3" deployment.kubernetes.io/revision: "1" creationTimestamp: "2025-10-11T10:29:21Z" generation: 1 labels: app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator-admission-webhook app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.78.1 pod-template-hash: 79d5f95f5c managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"d2ed169a-6206-4fcd-8d52-546a7b15b5f1"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:spec: f:affinity: .: {} f:podAntiAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"prometheus-operator-admission-webhook"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certificates"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:29:21Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:37:48Z" name: prometheus-operator-admission-webhook-79d5f95f5c namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: prometheus-operator-admission-webhook uid: d2ed169a-6206-4fcd-8d52-546a7b15b5f1 resourceVersion: "18111" uid: 49954e00-82ca-46be-944f-e3ec73d73337 spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: prometheus-operator-admission-webhook app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 79d5f95f5c template: metadata: annotations: kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator-admission-webhook app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.78.1 pod-template-hash: 79d5f95f5c spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: prometheus-operator-admission-webhook app.kubernetes.io/part-of: openshift-monitoring namespaces: - openshift-monitoring topologyKey: kubernetes.io/hostname automountServiceAccountToken: false containers: - args: - --web.enable-tls=true - --web.cert-file=/etc/tls/private/tls.crt - --web.key-file=/etc/tls/private/tls.key - --web.tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --web.tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d17032145778e4a4adaeb2bd2a4107c77dc2b0f600d7d704f50648b6198801a imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: prometheus-operator-admission-webhook ports: - containerPort: 8443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 5m memory: 30Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: tls-certificates readOnly: true dnsPolicy: ClusterFirst priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: prometheus-operator-admission-webhook serviceAccountName: prometheus-operator-admission-webhook terminationGracePeriodSeconds: 30 volumes: - name: tls-certificates secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: prometheus-operator-admission-webhook-tls status: availableReplicas: 2 fullyLabeledReplicas: 2 observedGeneration: 1 readyReplicas: 2 replicas: 2 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" creationTimestamp: "2025-10-11T10:29:54Z" generation: 1 labels: app.kubernetes.io/component: telemetry-metrics-collector app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: telemeter-client app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 5b5c6cc5dd managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"83b232db-2905-4915-8b6e-cd94590e4cde"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:telemeter-token-hash: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"reload"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"name":"telemeter-client"}: .: {} f:command: {} f:env: .: {} k:{"name":"ANONYMIZE_LABELS"}: .: {} f:name: {} k:{"name":"FROM"}: .: {} f:name: {} f:value: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"ID"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"TO"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/telemeter"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"federate-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-telemeter-client"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-telemeter-client-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"telemeter-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemeter-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:29:54Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:30:14Z" name: telemeter-client-5b5c6cc5dd namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: telemeter-client uid: 83b232db-2905-4915-8b6e-cd94590e4cde resourceVersion: "10539" uid: 961661f7-e086-4df9-b626-f9494905625a spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: telemetry-metrics-collector app.kubernetes.io/name: telemeter-client pod-template-hash: 5b5c6cc5dd template: metadata: annotations: openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' telemeter-token-hash: d3d3dceeabnr7 creationTimestamp: null labels: app.kubernetes.io/component: telemetry-metrics-collector app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: telemeter-client app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 5b5c6cc5dd spec: containers: - command: - /usr/bin/telemeter-client - --id=$(ID) - --from=$(FROM) - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --from-ca-file=/etc/serving-certs-ca-bundle/service-ca.crt - --from-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token - --to=$(TO) - --to-token-file=/etc/telemeter/token - --listen=localhost:8080 - --anonymize-salt-file=/etc/telemeter/salt - --anonymize-labels=$(ANONYMIZE_LABELS) - --match={__name__=~"cluster:usage:.*"} - --match={__name__="count:up0"} - --match={__name__="count:up1"} - --match={__name__="cluster_version"} - --match={__name__="cluster_version_available_updates"} - --match={__name__="cluster_version_capability"} - --match={__name__="cluster_operator_up"} - --match={__name__="cluster_operator_conditions"} - --match={__name__="cluster_version_payload"} - --match={__name__="cluster_installer"} - --match={__name__="cluster_infrastructure_provider"} - --match={__name__="cluster_feature_set"} - --match={__name__="instance:etcd_object_counts:sum"} - --match={__name__="ALERTS",alertstate="firing",severity=~"critical|warning|info|none"} - --match={__name__="code:apiserver_request_total:rate:sum"} - --match={__name__="cluster:capacity_cpu_cores:sum"} - --match={__name__="cluster:capacity_memory_bytes:sum"} - --match={__name__="cluster:cpu_usage_cores:sum"} - --match={__name__="cluster:memory_usage_bytes:sum"} - --match={__name__="openshift:cpu_usage_cores:sum"} - --match={__name__="openshift:memory_usage_bytes:sum"} - --match={__name__="workload:cpu_usage_cores:sum"} - --match={__name__="workload:memory_usage_bytes:sum"} - --match={__name__="cluster:virt_platform_nodes:sum"} - --match={__name__="cluster:node_instance_type_count:sum"} - --match={__name__="cnv:vmi_status_running:count"} - --match={__name__="cnv_abnormal", reason=~"memory_working_set_delta_from_request|memory_rss_delta_from_request"} - --match={__name__="cluster:vmi_request_cpu_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_sockets:sum"} - --match={__name__="subscription_sync_total"} - --match={__name__="olm_resolution_duration_seconds"} - --match={__name__="csv_succeeded"} - --match={__name__="csv_abnormal"} - --match={__name__="cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum"} - --match={__name__="cluster:kubelet_volume_stats_used_bytes:provisioner:sum"} - --match={__name__="ceph_cluster_total_bytes"} - --match={__name__="ceph_cluster_total_used_raw_bytes"} - --match={__name__="ceph_health_status"} - --match={__name__="odf_system_raw_capacity_total_bytes"} - --match={__name__="odf_system_raw_capacity_used_bytes"} - --match={__name__="odf_system_health_status"} - --match={__name__="job:ceph_osd_metadata:count"} - --match={__name__="job:kube_pv:count"} - --match={__name__="job:odf_system_pvs:count"} - --match={__name__="job:ceph_pools_iops:total"} - --match={__name__="job:ceph_pools_iops_bytes:total"} - --match={__name__="job:ceph_versions_running:count"} - --match={__name__="job:noobaa_total_unhealthy_buckets:sum"} - --match={__name__="job:noobaa_bucket_count:sum"} - --match={__name__="job:noobaa_total_object_count:sum"} - --match={__name__="odf_system_bucket_count", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="odf_system_objects_total", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="noobaa_accounts_num"} - --match={__name__="noobaa_total_usage"} - --match={__name__="console_url"} - --match={__name__="cluster:console_auth_login_requests_total:sum"} - --match={__name__="cluster:console_auth_login_successes_total:sum"} - --match={__name__="cluster:console_auth_login_failures_total:sum"} - --match={__name__="cluster:console_auth_logout_requests_total:sum"} - --match={__name__="cluster:console_usage_users:max"} - --match={__name__="cluster:console_plugins_info:max"} - --match={__name__="cluster:console_customization_perspectives_info:max"} - --match={__name__="cluster:ovnkube_controller_egress_routing_via_host:max"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Pass|Allow|Deny"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Allow|Deny"} - --match={__name__="cluster:network_attachment_definition_instances:max"} - --match={__name__="cluster:network_attachment_definition_enabled_instance_up:max"} - --match={__name__="cluster:ingress_controller_aws_nlb_active:sum"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:min"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:max"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:avg"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:median"} - --match={__name__="cluster:openshift_route_info:tls_termination:sum"} - --match={__name__="insightsclient_request_send_total"} - --match={__name__="cam_app_workload_migrations"} - --match={__name__="cluster:apiserver_current_inflight_requests:sum:max_over_time:2m"} - --match={__name__="cluster:alertmanager_integrations:max"} - --match={__name__="cluster:telemetry_selected_series:count"} - --match={__name__="openshift:prometheus_tsdb_head_series:sum"} - --match={__name__="openshift:prometheus_tsdb_head_samples_appended_total:sum"} - --match={__name__="monitoring:container_memory_working_set_bytes:sum"} - --match={__name__="namespace_job:scrape_series_added:topk3_sum1h"} - --match={__name__="namespace_job:scrape_samples_post_metric_relabeling:topk3"} - --match={__name__="monitoring:haproxy_server_http_responses_total:sum"} - --match={__name__="profile:cluster_monitoring_operator_collection_profile:max"} - --match={__name__="vendor_model:node_accelerator_cards:sum",vendor=~"NVIDIA|AMD|GAUDI|INTEL|QUALCOMM"} - --match={__name__="rhmi_status"} - --match={__name__="status:upgrading:version:rhoam_state:max"} - --match={__name__="state:rhoam_critical_alerts:max"} - --match={__name__="state:rhoam_warning_alerts:max"} - --match={__name__="rhoam_7d_slo_percentile:max"} - --match={__name__="rhoam_7d_slo_remaining_error_budget:max"} - --match={__name__="cluster_legacy_scheduler_policy"} - --match={__name__="cluster_master_schedulable"} - --match={__name__="che_workspace_status"} - --match={__name__="che_workspace_started_total"} - --match={__name__="che_workspace_failure_total"} - --match={__name__="che_workspace_start_time_seconds_sum"} - --match={__name__="che_workspace_start_time_seconds_count"} - --match={__name__="cco_credentials_mode"} - --match={__name__="cluster:kube_persistentvolume_plugin_type_counts:sum"} - --match={__name__="acm_managed_cluster_info"} - --match={__name__="acm_managed_cluster_worker_cores:max"} - --match={__name__="acm_console_page_count:sum", page=~"overview-classic|overview-fleet|search|search-details|clusters|application|governance"} - --match={__name__="cluster:vsphere_vcenter_info:sum"} - --match={__name__="cluster:vsphere_esxi_version_total:sum"} - --match={__name__="cluster:vsphere_node_hw_version_total:sum"} - --match={__name__="openshift:build_by_strategy:sum"} - --match={__name__="rhods_aggregate_availability"} - --match={__name__="rhods_total_users"} - --match={__name__="instance:etcd_disk_wal_fsync_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_bytes:sum"} - --match={__name__="instance:etcd_network_peer_round_trip_time_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_use_in_bytes:sum"} - --match={__name__="instance:etcd_disk_backend_commit_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="jaeger_operator_instances_storage_types"} - --match={__name__="jaeger_operator_instances_strategies"} - --match={__name__="jaeger_operator_instances_agent_strategies"} - --match={__name__="type:tempo_operator_tempostack_storage_backend:sum",type=~"azure|gcs|s3"} - --match={__name__="state:tempo_operator_tempostack_managed:sum",state=~"Managed|Unmanaged"} - --match={__name__="type:tempo_operator_tempostack_multi_tenancy:sum",type=~"enabled|disabled"} - --match={__name__="enabled:tempo_operator_tempostack_jaeger_ui:sum",enabled=~"true|false"} - --match={__name__="type:opentelemetry_collector_receivers:sum",type=~"jaegerreceiver|hostmetricsreceiver|opencensusreceiver|prometheusreceiver|zipkinreceiver|kafkareceiver|filelogreceiver|journaldreceiver|k8seventsreceiver|kubeletstatsreceiver|k8sclusterreceiver|k8sobjectsreceiver"} - --match={__name__="type:opentelemetry_collector_exporters:sum",type=~"debugexporter|loggingexporter|otlpexporter|otlphttpexporter|prometheusexporter|lokiexporter|kafkaexporter|awscloudwatchlogsexporter|loadbalancingexporter"} - --match={__name__="type:opentelemetry_collector_processors:sum",type=~"batchprocessor|memorylimiterprocessor|attributesprocessor|resourceprocessor|spanprocessor|k8sattributesprocessor|resourcedetectionprocessor|filterprocessor|routingprocessor|cumulativetodeltaprocessor|groupbyattrsprocessor"} - --match={__name__="type:opentelemetry_collector_extensions:sum",type=~"zpagesextension|ballastextension|memorylimiterextension|jaegerremotesampling|healthcheckextension|pprofextension|oauth2clientauthextension|oidcauthextension|bearertokenauthextension|filestorage"} - --match={__name__="type:opentelemetry_collector_connectors:sum",type=~"spanmetricsconnector|forwardconnector"} - --match={__name__="type:opentelemetry_collector_info:sum",type=~"deployment|daemonset|sidecar|statefulset"} - --match={__name__="appsvcs:cores_by_product:sum"} - --match={__name__="nto_custom_profiles:count"} - --match={__name__="openshift_csi_share_configmap"} - --match={__name__="openshift_csi_share_secret"} - --match={__name__="openshift_csi_share_mount_failures_total"} - --match={__name__="openshift_csi_share_mount_requests_total"} - --match={__name__="eo_es_storage_info"} - --match={__name__="eo_es_redundancy_policy_info"} - --match={__name__="eo_es_defined_delete_namespaces_total"} - --match={__name__="eo_es_misconfigured_memory_resources_info"} - --match={__name__="cluster:eo_es_data_nodes_total:max"} - --match={__name__="cluster:eo_es_documents_created_total:sum"} - --match={__name__="cluster:eo_es_documents_deleted_total:sum"} - --match={__name__="pod:eo_es_shards_total:max"} - --match={__name__="eo_es_cluster_management_state_info"} - --match={__name__="imageregistry:imagestreamtags_count:sum"} - --match={__name__="imageregistry:operations_count:sum"} - --match={__name__="log_logging_info"} - --match={__name__="log_collector_error_count_total"} - --match={__name__="log_forwarder_pipeline_info"} - --match={__name__="log_forwarder_input_info"} - --match={__name__="log_forwarder_output_info"} - --match={__name__="cluster:log_collected_bytes_total:sum"} - --match={__name__="cluster:log_logged_bytes_total:sum"} - --match={__name__="openshift_logging:log_forwarder_pipelines:sum"} - --match={__name__="openshift_logging:log_forwarders:sum"} - --match={__name__="openshift_logging:log_forwarder_input_type:sum"} - --match={__name__="openshift_logging:log_forwarder_output_type:sum"} - --match={__name__="openshift_logging:vector_component_received_bytes_total:rate5m"} - --match={__name__="cluster:kata_monitor_running_shim_count:sum"} - --match={__name__="platform:hypershift_hostedclusters:max"} - --match={__name__="platform:hypershift_nodepools:max"} - --match={__name__="cluster_name:hypershift_nodepools_size:sum"} - --match={__name__="cluster_name:hypershift_nodepools_available_replicas:sum"} - --match={__name__="namespace:noobaa_unhealthy_bucket_claims:max"} - --match={__name__="namespace:noobaa_buckets_claims:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_resources:max"} - --match={__name__="namespace:noobaa_namespace_resources:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_buckets:max"} - --match={__name__="namespace:noobaa_namespace_buckets:max"} - --match={__name__="namespace:noobaa_accounts:max"} - --match={__name__="namespace:noobaa_usage:max"} - --match={__name__="namespace:noobaa_system_health_status:max"} - --match={__name__="ocs_advanced_feature_usage"} - --match={__name__="os_image_url_override:sum"} - --match={__name__="cluster:vsphere_topology_tags:max"} - --match={__name__="cluster:vsphere_infrastructure_failure_domains:max"} - --match={__name__="apiserver_list_watch_request_success_total:rate:sum", verb=~"LIST|WATCH"} - --match={__name__="rhacs:telemetry:rox_central_info"} - --match={__name__="rhacs:telemetry:rox_central_secured_clusters"} - --match={__name__="rhacs:telemetry:rox_central_secured_nodes"} - --match={__name__="rhacs:telemetry:rox_central_secured_vcpus"} - --match={__name__="rhacs:telemetry:rox_sensor_info"} - --match={__name__="cluster:volume_manager_selinux_pod_context_mismatch_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_warnings_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_errors_total"} - --match={__name__="cluster:volume_manager_selinux_volumes_admitted_total"} - --match={__name__="ols:provider_model_configuration"} - --match={__name__="ols:rest_api_query_calls_total:2xx"} - --match={__name__="ols:rest_api_query_calls_total:4xx"} - --match={__name__="ols:rest_api_query_calls_total:5xx"} - --match={__name__="openshift:openshift_network_operator_ipsec_state:info"} - --match={__name__="cluster:health:group_severity:count", severity=~"critical|warning|info|none"} - --limit-bytes=5242880 env: - name: ANONYMIZE_LABELS - name: FROM value: https://prometheus-k8s.openshift-monitoring.svc:9091 - name: ID value: ba4ebbb5-c59e-4734-b670-d3b3c4ce3d93 - name: TO value: https://infogw.api.openshift.com/ - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce0ff00581505232eae7c6725b65f09e2a81f94b2af66aa60af7a1e101a1a705 imagePullPolicy: IfNotPresent name: telemeter-client ports: - containerPort: 8080 name: http protocol: TCP resources: requests: cpu: 1m memory: 40Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /etc/telemeter name: secret-telemeter-client - mountPath: /etc/tls/private name: federate-client-tls - mountPath: /etc/pki/ca-trust/extracted/pem/ name: telemeter-trusted-ca-bundle readOnly: true - args: - --reload-url=http://localhost:8080/-/reload - --watched-dir=/etc/serving-certs-ca-bundle image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d26267190f13ef59cf0f8f5eee729694c7faccc36ab1294566192272625a58af imagePullPolicy: IfNotPresent name: reload resources: requests: cpu: 1m memory: 10Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - args: - --secure-listen-address=:8443 - --upstream=http://127.0.0.1:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: telemeter-client-tls - mountPath: /etc/kube-rbac-policy name: secret-telemeter-client-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: telemeter-client serviceAccountName: telemeter-client terminationGracePeriodSeconds: 30 volumes: - configMap: defaultMode: 420 name: telemeter-client-serving-certs-ca-bundle name: serving-certs-ca-bundle - name: secret-telemeter-client secret: defaultMode: 420 secretName: telemeter-client - name: telemeter-client-tls secret: defaultMode: 420 secretName: telemeter-client-tls - name: federate-client-tls secret: defaultMode: 420 secretName: federate-client-certs - name: secret-telemeter-client-kube-rbac-proxy-config secret: defaultMode: 420 secretName: telemeter-client-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: telemeter-trusted-ca-bundle-56c9b9fa8d9gs optional: true name: telemeter-trusted-ca-bundle status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "2" deployment.kubernetes.io/max-replicas: "3" deployment.kubernetes.io/revision: "1" creationTimestamp: "2025-10-11T10:40:04Z" generation: 1 labels: app.kubernetes.io/component: query-layer app.kubernetes.io/instance: thanos-querier app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: thanos-query app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.36.1 pod-template-hash: 7f646dd4d8 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"e555f707-504d-420c-a51a-65577a5e2c1f"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:spec: f:affinity: .: {} f:podAntiAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-rules"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9093,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} k:{"name":"thanos-query"}: .: {} f:args: {} f:env: .: {} k:{"name":"HOST_IP_ADDRESS"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-metrics"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-rules"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:40:04Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2025-10-11T10:40:15Z" name: thanos-querier-7f646dd4d8 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: thanos-querier uid: e555f707-504d-420c-a51a-65577a5e2c1f resourceVersion: "20962" uid: 240046cb-e7ad-4370-bb15-e630151dbe9f spec: replicas: 2 selector: matchLabels: app.kubernetes.io/component: query-layer app.kubernetes.io/instance: thanos-querier app.kubernetes.io/name: thanos-query app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 7f646dd4d8 template: metadata: annotations: openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app.kubernetes.io/component: query-layer app.kubernetes.io/instance: thanos-querier app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: thanos-query app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.36.1 pod-template-hash: 7f646dd4d8 spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/component: query-layer app.kubernetes.io/instance: thanos-querier app.kubernetes.io/name: thanos-query app.kubernetes.io/part-of: openshift-monitoring topologyKey: kubernetes.io/hostname containers: - args: - query - --grpc-address=127.0.0.1:10901 - --http-address=127.0.0.1:9090 - --log.format=logfmt - --query.replica-label=prometheus_replica - --query.replica-label=thanos_ruler_replica - --endpoint=dnssrv+_grpc._tcp.prometheus-operated.openshift-monitoring.svc.cluster.local - --query.auto-downsampling - --store.sd-dns-resolver=miekgdns - --grpc-client-tls-secure - --grpc-client-tls-cert=/etc/tls/grpc/client.crt - --grpc-client-tls-key=/etc/tls/grpc/client.key - --grpc-client-tls-ca=/etc/tls/grpc/ca.crt - --grpc-client-server-name=prometheus-grpc - --rule=dnssrv+_grpc._tcp.prometheus-operated.openshift-monitoring.svc.cluster.local - --target=dnssrv+_grpc._tcp.prometheus-operated.openshift-monitoring.svc.cluster.local - --web.disable-cors env: - name: HOST_IP_ADDRESS valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d24c4db9f6f0e9fb8ffdf9dd2b08101c37316b989e6709d13783e7d6d3baef73 imagePullPolicy: IfNotPresent name: thanos-query ports: - containerPort: 9090 name: http protocol: TCP resources: requests: cpu: 10m memory: 12Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 4 httpGet: path: /-/healthy port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP readinessProbe: failureThreshold: 20 httpGet: path: /-/ready port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-web - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/query,/api/v1/query_range,/api/v1/labels,/api/v1/label/*/values,/api/v1/series - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy - args: - --insecure-listen-address=127.0.0.1:9095 - --upstream=http://127.0.0.1:9090 - --label=namespace - --enable-label-apis - --error-on-replace - --rules-with-active-alerts image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:61f170d009db78c5df2e61a5de6cbd57283366bb46168eea3b0cca5f005bbf59 imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError - args: - --secure-listen-address=0.0.0.0:9093 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/rules,/api/v1/alerts - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-rules ports: - containerPort: 9093 name: tenancy-rules protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-rules - args: - --secure-listen-address=0.0.0.0:9094 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metrics ports: - containerPort: 9094 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-metrics - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccount: thanos-querier serviceAccountName: thanos-querier terminationGracePeriodSeconds: 120 volumes: - name: secret-thanos-querier-tls secret: defaultMode: 420 secretName: thanos-querier-tls - name: secret-thanos-querier-kube-rbac-proxy secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy - name: secret-thanos-querier-kube-rbac-proxy-web secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-web - name: secret-thanos-querier-kube-rbac-proxy-rules secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-rules - name: secret-thanos-querier-kube-rbac-proxy-metrics secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-metrics - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: secret-grpc-tls secret: defaultMode: 420 secretName: thanos-querier-grpc-tls-92o819hatg7mp status: availableReplicas: 2 fullyLabeledReplicas: 2 observedGeneration: 1 readyReplicas: 2 replicas: 2 kind: ReplicaSetList metadata: resourceVersion: "64487"