--- apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes: hosted-cluster-api-access k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.129.0.39/23"],"mac_address":"0a:58:0a:81:00:27","gateway_ips":["10.129.0.1"],"routes":[{"dest":"10.128.0.0/14","nextHop":"10.129.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.129.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.129.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.129.0.1"}],"ip_address":"10.129.0.39/23","gateway_ip":"10.129.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.129.0.39" ], "mac": "0a:58:0a:81:00:27", "default": true, "dns": {} }] creationTimestamp: "2025-10-11T10:29:55Z" generateName: multus-admission-controller-7b6b7bb859- labels: app: multus-admission-controller component: network namespace: openshift-multus openshift.io/component: network pod-template-hash: 7b6b7bb859 type: infra managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:component: {} f:namespace: {} f:openshift.io/component: {} f:pod-template-hash: {} f:type: {} f:ownerReferences: .: {} k:{"uid":"164c7d21-4cc0-481d-8629-f38350e87220"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/webhook"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"multus-admission-controller"}: .: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/webhook"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"webhook-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:29:55Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-1 operation: Update subresource: status time: "2025-10-11T10:29:55Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2025-10-11T10:29:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.129.0.39"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2025-10-11T10:30:12Z" name: multus-admission-controller-7b6b7bb859-rwvpf namespace: openshift-multus ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: multus-admission-controller-7b6b7bb859 uid: 164c7d21-4cc0-481d-8629-f38350e87220 resourceVersion: "10498" uid: 5ce7321b-beff-4c96-9998-a3177ac79f36 spec: containers: - command: - /bin/bash - -c - |- set -euo pipefail exec /usr/bin/webhook \ -bind-address=0.0.0.0 \ -port=6443 \ -tls-private-key-file=/etc/webhook/tls.key \ -tls-cert-file=/etc/webhook/tls.crt \ -metrics-listen-address=127.0.0.1:9091 \ -alsologtostderr=true \ -ignore-namespaces=openshift-etcd,openshift-console,openshift-ingress-canary,openshift-apiserver,openshift-apiserver-operator,openshift-authentication,openshift-authentication-operator,openshift-cloud-controller-manager,openshift-cloud-controller-manager-operator,openshift-cloud-credential-operator,openshift-cloud-network-config-controller,openshift-cluster-csi-drivers,openshift-cluster-machine-approver,openshift-cluster-node-tuning-operator,openshift-cluster-samples-operator,openshift-cluster-storage-operator,openshift-cluster-version,openshift-config-operator,openshift-controller-manager,openshift-controller-manager-operator,openshift-dns,openshift-dns-operator,openshift-etcd-operator,openshift-image-registry,openshift-ingress,openshift-ingress-operator,openshift-insights,openshift-kube-apiserver,openshift-kube-apiserver-operator,openshift-kube-controller-manager,openshift-kube-controller-manager-operator,openshift-kube-scheduler,openshift-kube-scheduler-operator,openshift-kube-storage-version-migrator,openshift-kube-storage-version-migrator-operator,openshift-machine-api,openshift-machine-config-operator,openshift-marketplace,openshift-monitoring,openshift-multus,openshift-network-diagnostics,openshift-network-node-identity,openshift-network-operator,openshift-oauth-apiserver,openshift-operator-lifecycle-manager,openshift-ovn-kubernetes,openshift-route-controller-manager,openshift-service-ca-operator,openshift-user-workload-monitoring image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:20340db1108fda428a7abee6193330945c70ad69148f122a7f32a889047c8003 imagePullPolicy: IfNotPresent name: multus-admission-controller ports: - containerPort: 9091 name: metrics-port protocol: TCP resources: requests: cpu: 10m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/webhook name: webhook-certs readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zvhg6 readOnly: true - args: - --logtostderr - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:9091/ - --tls-private-key-file=/etc/webhook/tls.key - --tls-cert-file=/etc/webhook/tls.crt image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/webhook name: webhook-certs readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zvhg6 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: master-1 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true runAsUser: 65534 serviceAccount: multus-ac serviceAccountName: multus-ac terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: webhook-certs secret: defaultMode: 420 secretName: multus-admission-controller-secret - name: kube-api-access-zvhg6 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2025-10-11T10:30:12Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2025-10-11T10:29:55Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2025-10-11T10:30:12Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2025-10-11T10:30:12Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2025-10-11T10:29:55Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://e3778718c55abd380f89d429871aa3167dd83cf5f32ed7e3ae6c0059601b60c2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f22b65e5c744a32d3955dd7c36d809e3114a8aa501b44c00330dfda886c21169 lastState: {} name: kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2025-10-11T10:30:12Z" volumeMounts: - mountPath: /etc/webhook name: webhook-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zvhg6 readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://76a63630e5dd4a315944c4777a18d2b03bde842d5b787f9b071acb9666f6fe9e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:20340db1108fda428a7abee6193330945c70ad69148f122a7f32a889047c8003 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:20340db1108fda428a7abee6193330945c70ad69148f122a7f32a889047c8003 lastState: {} name: multus-admission-controller ready: true restartCount: 0 started: true state: running: startedAt: "2025-10-11T10:30:12Z" volumeMounts: - mountPath: /etc/webhook name: webhook-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zvhg6 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.34.11 hostIPs: - ip: 192.168.34.11 phase: Running podIP: 10.129.0.39 podIPs: - ip: 10.129.0.39 qosClass: Burstable startTime: "2025-10-11T10:29:55Z"