apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  creationTimestamp: "2025-12-05T13:06:45Z"
  generation: 1
  name: keystone
  namespace: openstack
  ownerReferences:
  - apiVersion: keystone.openstack.org/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: KeystoneAPI
    name: keystone
    uid: 6da36938-b37c-4655-8604-26d8a7aa839d
  resourceVersion: "33615"
  uid: 63095848-ac96-4478-8d48-f446dc054369
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      owner: keystone
      service: keystone
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        k8s.v1.cni.cncf.io/networks: '[]'
      creationTimestamp: null
      labels:
        owner: keystone
        service: keystone
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: service
                  operator: In
                  values:
                  - keystone
              topologyKey: kubernetes.io/hostname
            weight: 100
      containers:
      - args:
        - -c
        - /usr/local/bin/kolla_start
        command:
        - /bin/bash
        env:
        - name: CONFIG_HASH
          value: n5b8h68ch674h68fhfdh5dh68dh687h66hfch8h594hd6h65chbdh5f7h597h58dhf6h5fbh564h6dhcfh55dh9ch87h67ch67h87h5d6h7fh57bq
        - name: KOLLA_CONFIG_STRATEGY
          value: COPY_ALWAYS
        image: quay.io/podified-antelope-centos9/openstack-keystone@sha256:a7b6fa2f16a882674624b48939737e2bd95da7bef60db593a8e6e4d397fa516c
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /v3
            port: 5000
            scheme: HTTPS
          initialDelaySeconds: 5
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 30
        name: keystone-api
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /v3
            port: 5000
            scheme: HTTPS
          initialDelaySeconds: 5
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 30
        resources: {}
        securityContext:
          capabilities:
            drop:
            - MKNOD
          runAsGroup: 42425
          runAsUser: 42425
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /usr/local/bin/container-scripts
          name: scripts
          readOnly: true
        - mountPath: /var/lib/config-data/default
          name: config-data
        - mountPath: /var/lib/kolla/config_files/config.json
          name: config-data
          readOnly: true
          subPath: keystone-api-config.json
        - mountPath: /etc/keystone/fernet-keys
          name: fernet-keys
          readOnly: true
        - mountPath: /etc/keystone/credential-keys
          name: credential-keys
          readOnly: true
        - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
          name: combined-ca-bundle
          readOnly: true
          subPath: tls-ca-bundle.pem
        - mountPath: /var/lib/config-data/tls/certs/internal.crt
          name: internal-tls-certs
          readOnly: true
          subPath: tls.crt
        - mountPath: /var/lib/config-data/tls/private/internal.key
          name: internal-tls-certs
          readOnly: true
          subPath: tls.key
        - mountPath: /var/lib/config-data/tls/certs/public.crt
          name: public-tls-certs
          readOnly: true
          subPath: tls.crt
        - mountPath: /var/lib/config-data/tls/private/public.key
          name: public-tls-certs
          readOnly: true
          subPath: tls.key
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: keystone-keystone
      serviceAccountName: keystone-keystone
      terminationGracePeriodSeconds: 30
      volumes:
      - name: scripts
        secret:
          defaultMode: 493
          secretName: keystone-scripts
      - name: config-data
        secret:
          defaultMode: 420
          secretName: keystone-config-data
      - name: fernet-keys
        secret:
          defaultMode: 420
          items:
          - key: FernetKeys0
            path: "0"
          - key: FernetKeys1
            path: "1"
          - key: FernetKeys2
            path: "2"
          - key: FernetKeys3
            path: "3"
          - key: FernetKeys4
            path: "4"
          secretName: keystone
      - name: credential-keys
        secret:
          defaultMode: 420
          items:
          - key: CredentialKeys0
            path: "0"
          - key: CredentialKeys1
            path: "1"
          secretName: keystone
      - name: combined-ca-bundle
        secret:
          defaultMode: 292
          secretName: combined-ca-bundle
      - name: internal-tls-certs
        secret:
          defaultMode: 256
          secretName: cert-keystone-internal-svc
      - name: public-tls-certs
        secret:
          defaultMode: 256
          secretName: cert-keystone-public-svc
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2025-12-05T13:07:18Z"
    lastUpdateTime: "2025-12-05T13:07:18Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2025-12-05T13:06:45Z"
    lastUpdateTime: "2025-12-05T13:07:18Z"
    message: ReplicaSet "keystone-6584d6f967" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 1
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1