apiVersion: apps/v1 kind: StatefulSet metadata: creationTimestamp: "2025-12-05T13:07:32Z" generation: 2 name: ironic-inspector namespace: openstack ownerReferences: - apiVersion: ironic.openstack.org/v1beta1 blockOwnerDeletion: true controller: true kind: IronicInspector name: ironic-inspector uid: 92747cee-bb54-4107-ad12-94a37676a412 resourceVersion: "34997" uid: 68a37616-289f-4395-a6cf-a779bc497819 spec: persistentVolumeClaimRetentionPolicy: whenDeleted: Retain whenScaled: Retain podManagementPolicy: Parallel replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: component: inspector service: ironic serviceName: "" template: metadata: annotations: k8s.v1.cni.cncf.io/networks: '[{"name":"ironic","namespace":"openstack","interface":"ironic"}]' creationTimestamp: null labels: component: inspector service: ironic spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: service operator: In values: - ironic topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n55dh56dh65ch5c4h9fh6fh67h5d5h5b5h67dh556h76h5dbh55chd7h58bh88h544h659hfch54fhch5hd9hdbh645h675h557hfhbch679h5ccq - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-inspector@sha256:942f9cbe36d328caa5d68b398703b2be5d7b7dc2b034a72d2ae62416cb7be208 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /v1 port: 5050 scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 name: ironic-inspector-httpd readinessProbe: failureThreshold: 3 httpGet: path: /v1 port: 5050 scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: runAsUser: 0 startupProbe: failureThreshold: 6 httpGet: path: /v1 port: 5050 scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: httpd-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - mountPath: /var/lib/config-data/tls/certs/internal.crt name: internal-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/internal.key name: internal-tls-certs readOnly: true subPath: tls.key - mountPath: /var/lib/config-data/tls/certs/public.crt name: public-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/public.key name: public-tls-certs readOnly: true subPath: tls.key - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n55dh56dh65ch5c4h9fh6fh67h5d5h5b5h67dh556h76h5dbh55chd7h58bh88h544h659hfch54fhch5hd9hdbh645h675h557hfhbch679h5ccq - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-inspector@sha256:942f9cbe36d328caa5d68b398703b2be5d7b7dc2b034a72d2ae62416cb7be208 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /v1 port: 5050 scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 name: ironic-inspector readinessProbe: failureThreshold: 3 httpGet: path: /v1 port: 5050 scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: runAsUser: 0 startupProbe: failureThreshold: 6 httpGet: path: /v1 port: 5050 scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: ironic-inspector-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n55dh56dh65ch5c4h9fh6fh67h5d5h5b5h67dh556h76h5dbh55chd7h58bh88h544h659hfch54fhch5hd9hdbh645h675h557hfhbch679h5ccq - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-pxe@sha256:7cb9e377fa81bbe84fcc006b27c45d56ea3d6ed2144fb9ebf5fb8df5b920d423 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 tcpSocket: port: 8088 timeoutSeconds: 10 name: inspector-httpboot readinessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 tcpSocket: port: 8088 timeoutSeconds: 10 resources: {} securityContext: runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: httpboot-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n55dh56dh65ch5c4h9fh6fh67h5d5h5b5h67dh556h76h5dbh55chd7h58bh88h544h659hfch54fhch5hd9hdbh645h675h557hfhbch679h5ccq - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-inspector@sha256:942f9cbe36d328caa5d68b398703b2be5d7b7dc2b034a72d2ae62416cb7be208 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - /usr/bin/pkill - inotifywait name: ramdisk-logs resources: {} securityContext: runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: ramdisk-logs-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n55dh56dh65ch5c4h9fh6fh67h5d5h5b5h67dh556h76h5dbh55chd7h58bh88h544h659hfch54fhch5hd9hdbh645h675h557hfhbch679h5ccq - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-inspector@sha256:942f9cbe36d328caa5d68b398703b2be5d7b7dc2b034a72d2ae62416cb7be208 imagePullPolicy: IfNotPresent livenessProbe: exec: command: - sh - -c - ss -lun | grep :69 failureThreshold: 3 initialDelaySeconds: 3 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 10 name: inspector-dnsmasq readinessProbe: exec: command: - sh - -c - ss -lun | grep :69 failureThreshold: 3 initialDelaySeconds: 3 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 10 resources: {} securityContext: capabilities: add: - NET_ADMIN - NET_RAW runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: dnsmasq-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem dnsPolicy: ClusterFirst initContainers: - args: - -c - mkdir -p /var/lib/ironic/httpboot /var/lib/ironic/ramdisk-logs command: - /bin/bash env: - name: DEST_DIR value: /var/lib/ironic/httpboot image: quay.io/podified-antelope-centos9/ironic-python-agent@sha256:9d930c44b5d90b140117dd05d976d10d29d93eed9a70118e594e00da64594562 imagePullPolicy: IfNotPresent name: ironic-python-agent-init resources: {} securityContext: privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - args: - -c - /usr/local/bin/container-scripts/inspector-pxe-init.sh command: - /bin/bash env: - name: IronicInspectorPassword valueFrom: secretKeyRef: key: IronicInspectorPassword name: osp-secret - name: PodName valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: PodNamespace valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: TransportURL valueFrom: secretKeyRef: key: transport_url name: rabbitmq-transport-url-ironic-inspector-transport - name: QuorumQueues valueFrom: secretKeyRef: key: quorumqueues name: rabbitmq-transport-url-ironic-inspector-transport optional: true - name: DatabaseHost value: openstack.openstack.svc - name: DatabaseName value: ironic_inspector - name: IngressDomain value: apps.sno.openstack.lab - name: InspectionNetwork value: ironic - name: InspectorHTTPURL value: http://%(InspectorNetworkIP)s:8088/ image: quay.io/podified-antelope-centos9/openstack-ironic-pxe@sha256:7cb9e377fa81bbe84fcc006b27c45d56ea3d6ed2144fb9ebf5fb8df5b920d423 imagePullPolicy: IfNotPresent name: inspector-pxe-init resources: {} securityContext: capabilities: add: - SYS_CHROOT - SETFCAP runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: ironic-ironic serviceAccountName: ironic-ironic terminationGracePeriodSeconds: 60 volumes: - name: scripts secret: defaultMode: 493 secretName: ironic-inspector-scripts - name: config secret: defaultMode: 416 secretName: ironic-inspector-config-data - emptyDir: {} name: var-lib-ironic - emptyDir: {} name: var-lib-ironic-inspector-dhcp-hostsdir - downwardAPI: defaultMode: 420 items: - fieldRef: apiVersion: v1 fieldPath: metadata.annotations['k8s.v1.cni.cncf.io/network-status'] path: network-status name: etc-podinfo - name: combined-ca-bundle secret: defaultMode: 292 secretName: combined-ca-bundle - name: internal-tls-certs secret: defaultMode: 256 secretName: cert-ironic-inspector-internal-svc - name: public-tls-certs secret: defaultMode: 256 secretName: cert-ironic-inspector-public-svc updateStrategy: rollingUpdate: partition: 0 type: RollingUpdate status: availableReplicas: 1 collisionCount: 0 currentReplicas: 1 currentRevision: ironic-inspector-6f6f9dfdc5 observedGeneration: 2 readyReplicas: 1 replicas: 1 updateRevision: ironic-inspector-6f6f9dfdc5 updatedReplicas: 1