--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.52/23"],"mac_address":"0a:58:0a:80:00:34","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.52/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.52" ], "mac": "0a:58:0a:80:00:34", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: cluster-autoscaler-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2025-12-05T12:38:10Z" generateName: cluster-autoscaler-operator-5f49d774cd- labels: k8s-app: cluster-autoscaler-operator pod-template-hash: 5f49d774cd managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"553dbf9f-99aa-46d2-ad3a-95efc45ea870"}: {} f:spec: f:containers: k:{"name":"cluster-autoscaler-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"CLUSTER_AUTOSCALER_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"CLUSTER_AUTOSCALER_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"LEADER_ELECTION_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"WEBHOOKS_CERT_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"WEBHOOKS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-autoscaler-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9192,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"auth-proxy-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-12-05T12:38:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2025-12-05T12:38:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2025-12-05T12:38:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.52"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2025-12-05T12:38:35Z" name: cluster-autoscaler-operator-5f49d774cd-vdb8r namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-autoscaler-operator-5f49d774cd uid: 553dbf9f-99aa-46d2-ad3a-95efc45ea870 resourceVersion: "9732" uid: e5dfcb1e-1231-4f07-8c21-748965718729 spec: containers: - args: - --secure-listen-address=0.0.0.0:9192 - --upstream=http://127.0.0.1:9191/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c69ffd8f8dcceedc2d6eb306cea33f8beabc1be1308cd5f4ee8b9a8e3eab9843 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9192 name: metrics protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: auth-proxy-config readOnly: true - mountPath: /etc/tls/private name: cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pb46q readOnly: true - args: - -alsologtostderr command: - cluster-autoscaler-operator env: - name: RELEASE_VERSION value: 4.18.29 - name: WATCH_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: LEADER_ELECTION_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6127d09ff17b35440f5116598731952167eab9b30ad2218efd25fbb3fd0d7586 - name: WEBHOOKS_CERT_DIR value: /etc/cluster-autoscaler-operator/tls - name: WEBHOOKS_PORT value: "8443" - name: METRICS_PORT value: "9191" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:72bbe2c638872937108f647950ab8ad35c0428ca8ecc6a39a8314aace7d95078 imagePullPolicy: IfNotPresent name: cluster-autoscaler-operator ports: - containerPort: 8443 protocol: TCP resources: requests: cpu: 20m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-autoscaler-operator/tls name: cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pb46q readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: cluster-autoscaler-operator-dockercfg-6t5rm nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000500000 seLinuxOptions: level: s0:c22,c19 seccompProfile: type: RuntimeDefault serviceAccount: cluster-autoscaler-operator serviceAccountName: cluster-autoscaler-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: cert secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: cluster-autoscaler-operator-cert - configMap: defaultMode: 420 name: kube-rbac-proxy-cluster-autoscaler-operator name: auth-proxy-config - name: kube-api-access-pb46q projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:35Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:10Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:35Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:35Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:10Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://2b11a7092987ce9dc3415de6986fd3fb9e8cd98ab5789b4c5b5b61519d70650e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:72bbe2c638872937108f647950ab8ad35c0428ca8ecc6a39a8314aace7d95078 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:72bbe2c638872937108f647950ab8ad35c0428ca8ecc6a39a8314aace7d95078 lastState: {} name: cluster-autoscaler-operator ready: true restartCount: 0 started: true state: running: startedAt: "2025-12-05T12:38:34Z" volumeMounts: - mountPath: /etc/cluster-autoscaler-operator/tls name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pb46q readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://0881763cdee0ccdba8e5778bd81b5f22280f808126ce0c207bab6ce207f27343 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c69ffd8f8dcceedc2d6eb306cea33f8beabc1be1308cd5f4ee8b9a8e3eab9843 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c69ffd8f8dcceedc2d6eb306cea33f8beabc1be1308cd5f4ee8b9a8e3eab9843 lastState: {} name: kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2025-12-05T12:38:11Z" volumeMounts: - mountPath: /etc/kube-rbac-proxy name: auth-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pb46q readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.52 podIPs: - ip: 10.128.0.52 qosClass: Burstable startTime: "2025-12-05T12:38:10Z" - apiVersion: v1 kind: Pod metadata: annotations: capability.openshift.io/name: baremetal include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.55/23"],"mac_address":"0a:58:0a:80:00:37","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.55/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.55" ], "mac": "0a:58:0a:80:00:37", "default": true, "dns": {} }] openshift.io/required-scc: anyuid openshift.io/scc: anyuid creationTimestamp: "2025-12-05T12:38:10Z" generateName: cluster-baremetal-operator-78f758c7b9- labels: k8s-app: cluster-baremetal-operator pod-template-hash: 78f758c7b9 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"31fbd786-cf79-4fdf-9caf-8c0695ef91c1"}: {} f:spec: f:containers: k:{"name":"baremetal-kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/baremetal-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"cluster-baremetal-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-baremetal-operator/images"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/cluster-baremetal-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"cluster-baremetal-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2025-12-05T12:38:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2025-12-05T12:38:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2025-12-05T12:38:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.55"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2025-12-05T12:48:23Z" name: cluster-baremetal-operator-78f758c7b9-5xg2k namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-baremetal-operator-78f758c7b9 uid: 31fbd786-cf79-4fdf-9caf-8c0695ef91c1 resourceVersion: "11961" uid: a280c582-685e-47ac-bf6b-248aa0c129a9 spec: containers: - args: - --enable-leader-election command: - /usr/bin/cluster-baremetal-operator env: - name: RELEASE_VERSION value: 4.18.29 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a92c310ce30dcb3de85d6aac868e0d80919670fa29ef83d55edd96b0cae35563 imagePullPolicy: IfNotPresent name: cluster-baremetal-operator ports: - containerPort: 9443 name: webhook-server protocol: TCP resources: requests: cpu: 10m memory: 50Mi securityContext: capabilities: drop: - MKNOD terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-baremetal-operator/tls name: cert readOnly: true - mountPath: /etc/cluster-baremetal-operator/images name: images readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xkqq7 readOnly: true - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --config-file=/etc/baremetal-kube-rbac-proxy/config-file.yaml - --logtostderr=true - --v=10 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c69ffd8f8dcceedc2d6eb306cea33f8beabc1be1308cd5f4ee8b9a8e3eab9843 imagePullPolicy: IfNotPresent name: baremetal-kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: capabilities: drop: - MKNOD terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/baremetal-kube-rbac-proxy name: config - mountPath: /etc/tls/private name: cluster-baremetal-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xkqq7 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-cz7x2 nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c22,c19 serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: cert secret: defaultMode: 420 secretName: cluster-baremetal-webhook-server-cert - configMap: defaultMode: 420 name: baremetal-kube-rbac-proxy name: config - name: cluster-baremetal-operator-tls secret: defaultMode: 420 secretName: cluster-baremetal-operator-tls - configMap: defaultMode: 420 name: cluster-baremetal-operator-images name: images - name: kube-api-access-xkqq7 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:35Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:10Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2025-12-05T12:46:16Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2025-12-05T12:46:16Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:10Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://4e53d72cb8b1cdc5f2650e124f1a5eb3f2376bad125be7582d7eaee220557d0e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c69ffd8f8dcceedc2d6eb306cea33f8beabc1be1308cd5f4ee8b9a8e3eab9843 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c69ffd8f8dcceedc2d6eb306cea33f8beabc1be1308cd5f4ee8b9a8e3eab9843 lastState: {} name: baremetal-kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2025-12-05T12:38:34Z" volumeMounts: - mountPath: /etc/baremetal-kube-rbac-proxy name: config - mountPath: /etc/tls/private name: cluster-baremetal-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xkqq7 readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://fb030ad34b9342fc42a80c2fdf5d7deaefdc07aa0ffbb47e24246b631e76fcfa image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a92c310ce30dcb3de85d6aac868e0d80919670fa29ef83d55edd96b0cae35563 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a92c310ce30dcb3de85d6aac868e0d80919670fa29ef83d55edd96b0cae35563 lastState: terminated: containerID: cri-o://502462f2915d6fff82c1a557ec2a9e24c7fbeef3a6daff0dad2cf5862df79899 exitCode: 1 finishedAt: "2025-12-05T12:46:14Z" message: "12:38:35.086298 1 controller.go:215] \"msg\"=\"Starting workers\" \"controller\"=\"provisioning\" \"controllerGroup\"=\"metal3.io\" \"controllerKind\"=\"Provisioning\" \"worker count\"=1\nE1205 12:44:27.511437 \ 1 leaderelection.go:340] Failed to update lock optimitically: Timeout: request did not complete within requested timeout - context deadline exceeded, falling back to slow path\nE1205 12:45:27.513110 1 leaderelection.go:347] error retrieving resource lock openshift-machine-api/cluster-baremetal-operator: the server was unable to return a response in the time allotted, but may still be processing the request (get leases.coordination.k8s.io cluster-baremetal-operator)\nI1205 12:45:40.507788 1 leaderelection.go:285] failed to renew lease openshift-machine-api/cluster-baremetal-operator: timed out waiting for the condition\nE1205 12:46:14.512469 1 leaderelection.go:308] Failed to release lock: Timeout: request did not complete within requested timeout - context deadline exceeded\nI1205 12:46:14.512695 1 internal.go:525] \"msg\"=\"Stopping and waiting for non leader election runnables\" \nI1205 12:46:14.512742 1 internal.go:529] \"msg\"=\"Stopping and waiting for leader election runnables\" \nI1205 12:46:14.512763 1 internal.go:537] \"msg\"=\"Stopping and waiting for caches\" \nI1205 12:46:14.512785 1 internal.go:541] \"msg\"=\"Stopping and waiting for webhooks\" \nI1205 12:46:14.512801 1 internal.go:544] \"msg\"=\"Stopping and waiting for HTTP servers\" \nI1205 12:46:14.512815 1 internal.go:548] \"msg\"=\"Wait completed, proceeding to shutdown the manager\" \nI1205 12:46:14.512849 \ 1 controller.go:235] \"msg\"=\"Shutdown signal received, waiting for all workers to finish\" \"controller\"=\"provisioning\" \"controllerGroup\"=\"metal3.io\" \"controllerKind\"=\"Provisioning\"\nE1205 12:46:14.513014 1 main.go:182] \"problem running manager\" err=\"leader election lost\"\nI1205 12:46:14.513056 \ 1 server.go:249] \"msg\"=\"Shutting down webhook server with timeout of 1 minute\" \"logger\"=\"controller-runtime.webhook\"\n" reason: Error startedAt: "2025-12-05T12:38:34Z" name: cluster-baremetal-operator ready: true restartCount: 1 started: true state: running: startedAt: "2025-12-05T12:46:15Z" volumeMounts: - mountPath: /etc/cluster-baremetal-operator/tls name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cluster-baremetal-operator/images name: images readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xkqq7 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.55 podIPs: - ip: 10.128.0.55 qosClass: Burstable startTime: "2025-12-05T12:38:10Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.56/23"],"mac_address":"0a:58:0a:80:00:38","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.56/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.56" ], "mac": "0a:58:0a:80:00:38", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2025-12-05T12:38:10Z" generateName: control-plane-machine-set-operator-7df95c79b5- labels: k8s-app: control-plane-machine-set-operator pod-template-hash: 7df95c79b5 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"f7ca59b4-3f99-4f4d-87c1-57c58356ede4"}: {} f:spec: f:containers: k:{"name":"control-plane-machine-set-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/tmp/k8s-webhook-server/serving-certs"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"control-plane-machine-set-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-12-05T12:38:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2025-12-05T12:38:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2025-12-05T12:38:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.56"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2025-12-05T12:48:23Z" name: control-plane-machine-set-operator-7df95c79b5-ldg5j namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: control-plane-machine-set-operator-7df95c79b5 uid: f7ca59b4-3f99-4f4d-87c1-57c58356ede4 resourceVersion: "11959" uid: 531b8927-92db-4e9d-9a0a-12ff948cdaad spec: containers: - args: - -v=2 - --leader-elect=true - --leader-elect-lease-duration=137s - --leader-elect-renew-deadline=107s - --leader-elect-retry-period=26s - --leader-elect-resource-namespace=openshift-machine-api command: - /manager env: - name: RELEASE_VERSION value: 4.18.29 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fd3e9f8f00a59bda7483ec7dc8a0ed602f9ca30e3d72b22072dbdf2819da3f61 imagePullPolicy: IfNotPresent name: control-plane-machine-set-operator ports: - containerPort: 9443 name: https protocol: TCP resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: control-plane-machine-set-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xqblj readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: control-plane-machine-set-operator-dockercfg-jbzfz nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000500000 seLinuxOptions: level: s0:c22,c19 seccompProfile: type: RuntimeDefault serviceAccount: control-plane-machine-set-operator serviceAccountName: control-plane-machine-set-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: control-plane-machine-set-operator-tls secret: defaultMode: 420 secretName: control-plane-machine-set-operator-tls - name: kube-api-access-xqblj projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:34Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:10Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2025-12-05T12:46:15Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2025-12-05T12:46:15Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:10Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://a1e1f964f61db578543e8bda36d3c26eb06dbcb3659a952a96708304cb1ba2a9 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fd3e9f8f00a59bda7483ec7dc8a0ed602f9ca30e3d72b22072dbdf2819da3f61 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fd3e9f8f00a59bda7483ec7dc8a0ed602f9ca30e3d72b22072dbdf2819da3f61 lastState: terminated: containerID: cri-o://5227d615ebfc1e16e53996d356380f47ad9e8fd55349d0658112ccb54f8ef1bb exitCode: 1 finishedAt: "2025-12-05T12:46:13Z" message: | ble" controller="controlplanemachineset" reconcileID="2e8f73cc-6ed4-4657-ad90-5ccbdd98e282" namespace="openshift-machine-api" name="cluster" I1205 12:38:34.652231 1 controller.go:184] "Finished reconciling control plane machine set" controller="controlplanemachineset" reconcileID="2e8f73cc-6ed4-4657-ad90-5ccbdd98e282" namespace="openshift-machine-api" name="cluster" I1205 12:38:34.652323 1 controller.go:170] "Reconciling control plane machine set" controller="controlplanemachineset" reconcileID="1b228f4c-e920-4399-ae13-e4bcadca37f2" namespace="openshift-machine-api" name="cluster" I1205 12:38:34.652370 1 controller.go:178] "No control plane machine set found, setting operator status available" controller="controlplanemachineset" reconcileID="1b228f4c-e920-4399-ae13-e4bcadca37f2" namespace="openshift-machine-api" name="cluster" I1205 12:38:34.652407 1 controller.go:184] "Finished reconciling control plane machine set" controller="controlplanemachineset" reconcileID="1b228f4c-e920-4399-ae13-e4bcadca37f2" namespace="openshift-machine-api" name="cluster" E1205 12:44:26.617780 1 leaderelection.go:429] Failed to update lock optimitically: Timeout: request did not complete within requested timeout - context deadline exceeded, falling back to slow path E1205 12:45:26.621272 1 leaderelection.go:436] error retrieving resource lock openshift-machine-api/control-plane-machine-set-leader: the server was unable to return a response in the time allotted, but may still be processing the request (get leases.coordination.k8s.io control-plane-machine-set-leader) I1205 12:45:39.609633 1 leaderelection.go:297] failed to renew lease openshift-machine-api/control-plane-machine-set-leader: timed out waiting for the condition E1205 12:46:13.612895 1 leaderelection.go:322] Failed to release lock: Timeout: request did not complete within requested timeout - context deadline exceeded E1205 12:46:13.613048 1 main.go:233] "problem running manager" err="leader election lost" logger="setup" reason: Error startedAt: "2025-12-05T12:38:34Z" name: control-plane-machine-set-operator ready: true restartCount: 1 started: true state: running: startedAt: "2025-12-05T12:46:14Z" volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: control-plane-machine-set-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xqblj readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.56 podIPs: - ip: 10.128.0.56 qosClass: Burstable startTime: "2025-12-05T12:38:10Z" - apiVersion: v1 kind: Pod metadata: annotations: capability.openshift.io/name: MachineAPI k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.57/23"],"mac_address":"0a:58:0a:80:00:39","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.57/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.57" ], "mac": "0a:58:0a:80:00:39", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: machine-api-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2025-12-05T12:38:10Z" generateName: machine-api-operator-88d48b57d- labels: k8s-app: machine-api-operator pod-template-hash: 88d48b57d managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"bba7f5cd-65c2-4879-a8c4-018f76cb26e2"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"machine-api-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/machine-api-operator-config/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"machine-api-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2025-12-05T12:38:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2025-12-05T12:38:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2025-12-05T12:38:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.57"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2025-12-05T12:38:35Z" name: machine-api-operator-88d48b57d-x947v namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: machine-api-operator-88d48b57d uid: bba7f5cd-65c2-4879-a8c4-018f76cb26e2 resourceVersion: "9706" uid: 1ee7a76b-cf1d-4513-b314-5aa314da818d spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c69ffd8f8dcceedc2d6eb306cea33f8beabc1be1308cd5f4ee8b9a8e3eab9843 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: config - mountPath: /etc/tls/private name: machine-api-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lkdtr readOnly: true - args: - start - --images-json=/etc/machine-api-operator-config/images/images.json - --alsologtostderr - --v=3 command: - /machine-api-operator env: - name: RELEASE_VERSION value: 4.18.29 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c2431a990bcddde98829abda81950247021a2ebbabc964b1516ea046b5f1d4e imagePullPolicy: IfNotPresent name: machine-api-operator resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/machine-api-operator-config/images name: images - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lkdtr readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: machine-api-operator-dockercfg-wrm9q nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000500000 seLinuxOptions: level: s0:c22,c19 seccompProfile: type: RuntimeDefault serviceAccount: machine-api-operator serviceAccountName: machine-api-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 name: kube-rbac-proxy name: config - configMap: defaultMode: 420 name: machine-api-operator-images name: images - name: machine-api-operator-tls secret: defaultMode: 420 secretName: machine-api-operator-tls - name: kube-api-access-lkdtr projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:35Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:10Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:35Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:35Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2025-12-05T12:38:10Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://fede23ee661b7ea969175a9ba409eaa0d47e0f9069332c22e94196ac525e392e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c69ffd8f8dcceedc2d6eb306cea33f8beabc1be1308cd5f4ee8b9a8e3eab9843 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c69ffd8f8dcceedc2d6eb306cea33f8beabc1be1308cd5f4ee8b9a8e3eab9843 lastState: {} name: kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2025-12-05T12:38:12Z" volumeMounts: - mountPath: /etc/kube-rbac-proxy name: config - mountPath: /etc/tls/private name: machine-api-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lkdtr readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://be906a53f820b21555f2880c815b5a7120f14a015e27df21706cfb62d2b36ef4 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c2431a990bcddde98829abda81950247021a2ebbabc964b1516ea046b5f1d4e imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c2431a990bcddde98829abda81950247021a2ebbabc964b1516ea046b5f1d4e lastState: {} name: machine-api-operator ready: true restartCount: 0 started: true state: running: startedAt: "2025-12-05T12:38:34Z" volumeMounts: - mountPath: /etc/machine-api-operator-config/images name: images - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lkdtr readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.57 podIPs: - ip: 10.128.0.57 qosClass: Burstable startTime: "2025-12-05T12:38:10Z" kind: PodList metadata: resourceVersion: "51035"