apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" creationTimestamp: "2025-10-11T10:54:36Z" generation: 1 name: keystone namespace: openstack ownerReferences: - apiVersion: keystone.openstack.org/v1beta1 blockOwnerDeletion: true controller: true kind: KeystoneAPI name: keystone uid: 5b468bea-99c5-4c26-baf3-f0a570a04a6f resourceVersion: "41148" uid: 3012e66c-6604-4457-8600-386c581c261e spec: progressDeadlineSeconds: 600 replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: owner: keystone service: keystone strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: k8s.v1.cni.cncf.io/networks: '[]' creationTimestamp: null labels: owner: keystone service: keystone spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: service operator: In values: - keystone topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - -c - /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n9dh85hb4hbfh96h64fh8hdbh56fh7fh586h75h64h6fh687h6chdbhbdh5fbh59h79h677h5c7h5c5h5f5h695h55fh5c9h99h65fh57dh54cq - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-keystone@sha256:1e5714637b6e1a24c2858fe6d9bbb3f00bc61d69ad74a657b1c23682bf4cb2b7 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /v3 port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 30 name: keystone-api readinessProbe: failureThreshold: 3 httpGet: path: /v3 port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 30 resources: {} securityContext: capabilities: drop: - MKNOD runAsGroup: 42425 runAsUser: 42425 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config-data - mountPath: /var/lib/kolla/config_files/config.json name: config-data readOnly: true subPath: keystone-api-config.json - mountPath: /etc/keystone/fernet-keys name: fernet-keys readOnly: true - mountPath: /etc/keystone/credential-keys name: credential-keys readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - mountPath: /var/lib/config-data/tls/certs/internal.crt name: internal-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/internal.key name: internal-tls-certs readOnly: true subPath: tls.key - mountPath: /var/lib/config-data/tls/certs/public.crt name: public-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/public.key name: public-tls-certs readOnly: true subPath: tls.key dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: keystone-keystone serviceAccountName: keystone-keystone terminationGracePeriodSeconds: 30 volumes: - name: scripts secret: defaultMode: 493 secretName: keystone-scripts - name: config-data secret: defaultMode: 420 secretName: keystone-config-data - name: fernet-keys secret: defaultMode: 420 items: - key: FernetKeys0 path: "0" - key: FernetKeys1 path: "1" - key: FernetKeys2 path: "2" - key: FernetKeys3 path: "3" - key: FernetKeys4 path: "4" secretName: keystone - name: credential-keys secret: defaultMode: 420 items: - key: CredentialKeys0 path: "0" - key: CredentialKeys1 path: "1" secretName: keystone - name: combined-ca-bundle secret: defaultMode: 292 secretName: combined-ca-bundle - name: internal-tls-certs secret: defaultMode: 256 secretName: cert-keystone-internal-svc - name: public-tls-certs secret: defaultMode: 256 secretName: cert-keystone-public-svc status: availableReplicas: 3 conditions: - lastTransitionTime: "2025-10-11T10:55:09Z" lastUpdateTime: "2025-10-11T10:55:09Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available - lastTransitionTime: "2025-10-11T10:54:36Z" lastUpdateTime: "2025-10-11T10:55:09Z" message: ReplicaSet "keystone-848fcbb4df" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 1 readyReplicas: 3 replicas: 3 updatedReplicas: 3