--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: capability.openshift.io/name: MachineAPI deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" creationTimestamp: "2026-03-19T09:23:48Z" generation: 1 labels: k8s-app: cluster-autoscaler-operator pod-template-hash: 866dc4744 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:exclude.release.openshift.io/internal-openshift-hosted: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"c36af369-f5ed-4da7-930a-9fd88a4eea9f"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"cluster-autoscaler-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"CLUSTER_AUTOSCALER_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"CLUSTER_AUTOSCALER_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"LEADER_ELECTION_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"WEBHOOKS_CERT_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"WEBHOOKS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-autoscaler-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9192,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"auth-proxy-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:23:48Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-03-19T09:25:31Z" name: cluster-autoscaler-operator-866dc4744 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: cluster-autoscaler-operator uid: c36af369-f5ed-4da7-930a-9fd88a4eea9f resourceVersion: "11065" uid: 092f0777-a219-4d31-aa03-ce0b2fe0a533 spec: replicas: 1 selector: matchLabels: k8s-app: cluster-autoscaler-operator pod-template-hash: 866dc4744 template: metadata: annotations: kubectl.kubernetes.io/default-container: cluster-autoscaler-operator openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: k8s-app: cluster-autoscaler-operator pod-template-hash: 866dc4744 spec: containers: - args: - --secure-listen-address=0.0.0.0:9192 - --upstream=http://127.0.0.1:9191/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9192 name: metrics protocol: TCP resources: requests: cpu: 10m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: auth-proxy-config readOnly: true - mountPath: /etc/tls/private name: cert readOnly: true - args: - -alsologtostderr command: - cluster-autoscaler-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: WATCH_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: LEADER_ELECTION_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:23b753adc8f02ade73be6ad9f3d665745593cdeda0fb6460772426fd526f44b1 - name: WEBHOOKS_CERT_DIR value: /etc/cluster-autoscaler-operator/tls - name: WEBHOOKS_PORT value: "8443" - name: METRICS_PORT value: "9191" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db imagePullPolicy: IfNotPresent name: cluster-autoscaler-operator ports: - containerPort: 8443 protocol: TCP resources: requests: cpu: 20m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-autoscaler-operator/tls name: cert readOnly: true dnsPolicy: ClusterFirst nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: cluster-autoscaler-operator serviceAccountName: cluster-autoscaler-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists volumes: - name: cert secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: cluster-autoscaler-operator-cert - configMap: defaultMode: 420 name: kube-rbac-proxy-cluster-autoscaler-operator name: auth-proxy-config status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: capability.openshift.io/name: baremetal deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "1" deployment.kubernetes.io/revision: "1" exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" creationTimestamp: "2026-03-19T09:23:48Z" generation: 1 labels: k8s-app: cluster-baremetal-operator pod-template-hash: 6f69995874 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:exclude.release.openshift.io/internal-openshift-hosted: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"9db9cba3-33f3-4da9-8847-92ec0e899508"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"baremetal-kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/baremetal-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"cluster-baremetal-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-baremetal-operator/images"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/cluster-baremetal-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"cluster-baremetal-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:23:48Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-03-19T09:25:31Z" name: cluster-baremetal-operator-6f69995874 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: cluster-baremetal-operator uid: 9db9cba3-33f3-4da9-8847-92ec0e899508 resourceVersion: "11078" uid: 588cb78e-b42a-41ad-aadf-f7c338d2e77b spec: replicas: 1 selector: matchLabels: k8s-app: cluster-baremetal-operator pod-template-hash: 6f69995874 template: metadata: annotations: capability.openshift.io/name: baremetal include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" openshift.io/required-scc: anyuid target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: k8s-app: cluster-baremetal-operator pod-template-hash: 6f69995874 spec: containers: - args: - --enable-leader-election command: - /usr/bin/cluster-baremetal-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 imagePullPolicy: IfNotPresent name: cluster-baremetal-operator ports: - containerPort: 9443 name: webhook-server protocol: TCP resources: requests: cpu: 10m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-baremetal-operator/tls name: cert readOnly: true - mountPath: /etc/cluster-baremetal-operator/images name: images readOnly: true - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --config-file=/etc/baremetal-kube-rbac-proxy/config-file.yaml - --logtostderr=true - --v=10 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: baremetal-kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/baremetal-kube-rbac-proxy name: config - mountPath: /etc/tls/private name: cluster-baremetal-operator-tls dnsPolicy: ClusterFirst nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true runAsUser: 65534 serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - name: cert secret: defaultMode: 420 secretName: cluster-baremetal-webhook-server-cert - configMap: defaultMode: 420 name: baremetal-kube-rbac-proxy name: config - name: cluster-baremetal-operator-tls secret: defaultMode: 420 secretName: cluster-baremetal-operator-tls - configMap: defaultMode: 420 name: cluster-baremetal-operator-images name: images status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: capability.openshift.io/name: MachineAPI deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" creationTimestamp: "2026-03-19T09:21:29Z" generation: 1 labels: k8s-app: control-plane-machine-set-operator pod-template-hash: 6f97756bc8 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:exclude.release.openshift.io/internal-openshift-hosted: {} f:include.release.openshift.io/self-managed-high-availability: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"72af9661-e1ac-4d40-89cd-091fe4d9d80f"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"control-plane-machine-set-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/tmp/k8s-webhook-server/serving-certs"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"control-plane-machine-set-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:21:29Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-03-19T09:21:34Z" name: control-plane-machine-set-operator-6f97756bc8 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: control-plane-machine-set-operator uid: 72af9661-e1ac-4d40-89cd-091fe4d9d80f resourceVersion: "9433" uid: 0fd10b7d-d37d-446f-a58c-4e0cbbb881fb spec: replicas: 1 selector: matchLabels: k8s-app: control-plane-machine-set-operator pod-template-hash: 6f97756bc8 template: metadata: annotations: openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: k8s-app: control-plane-machine-set-operator pod-template-hash: 6f97756bc8 spec: containers: - args: - -v=2 - --leader-elect=true - --leader-elect-lease-duration=137s - --leader-elect-renew-deadline=107s - --leader-elect-retry-period=26s - --leader-elect-resource-namespace=openshift-machine-api command: - /manager env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 imagePullPolicy: IfNotPresent name: control-plane-machine-set-operator ports: - containerPort: 9443 name: https protocol: TCP resources: requests: cpu: 10m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: control-plane-machine-set-operator-tls dnsPolicy: ClusterFirst nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: control-plane-machine-set-operator serviceAccountName: control-plane-machine-set-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists volumes: - name: control-plane-machine-set-operator-tls secret: defaultMode: 420 secretName: control-plane-machine-set-operator-tls status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: capability.openshift.io/name: MachineAPI deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" creationTimestamp: "2026-03-19T09:23:48Z" generation: 1 labels: k8s-app: machine-api-operator pod-template-hash: 6fbb6cf6f9 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:exclude.release.openshift.io/internal-openshift-hosted: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"d8d71e9d-0c35-46ec-8456-4c5a725fc910"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"machine-api-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/machine-api-operator-config/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"machine-api-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:23:48Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-03-19T09:25:20Z" name: machine-api-operator-6fbb6cf6f9 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: machine-api-operator uid: d8d71e9d-0c35-46ec-8456-4c5a725fc910 resourceVersion: "10891" uid: f123deb6-f02a-4811-b5f1-01389f0439f5 spec: replicas: 1 selector: matchLabels: k8s-app: machine-api-operator pod-template-hash: 6fbb6cf6f9 template: metadata: annotations: capability.openshift.io/name: MachineAPI kubectl.kubernetes.io/default-container: machine-api-operator openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: k8s-app: machine-api-operator pod-template-hash: 6fbb6cf6f9 spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: config - mountPath: /etc/tls/private name: machine-api-operator-tls - args: - start - --images-json=/etc/machine-api-operator-config/images/images.json - --alsologtostderr - --v=3 command: - /machine-api-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c imagePullPolicy: IfNotPresent name: machine-api-operator resources: requests: cpu: 10m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/machine-api-operator-config/images name: images dnsPolicy: ClusterFirst nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: machine-api-operator serviceAccountName: machine-api-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - configMap: defaultMode: 420 name: kube-rbac-proxy name: config - configMap: defaultMode: 420 name: machine-api-operator-images name: images - name: machine-api-operator-tls secret: defaultMode: 420 secretName: machine-api-operator-tls status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: baremetal.openshift.io/owned: "" deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "1" deployment.kubernetes.io/revision: "1" operator.openshift.io/spec-hash: 761d6fe67bebf0e568f37dab1d925e152e8f971600dcb9ea26e4468affc126bd creationTimestamp: "2026-03-19T09:43:07Z" generation: 1 labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-state k8s-app: metal3 pod-template-hash: 546c754db managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:baremetal.openshift.io/owned: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:operator.openshift.io/spec-hash: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"29410f08-940a-4787-8553-2e7d3f2f25f8"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"metal3-httpd"}: .: {} f:command: {} f:env: .: {} k:{"name":"HTTP_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_LISTEN_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_PRIVATE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_REVERSE_PROXY_SETUP"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_INTERFACE"}: .: {} f:name: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROVISIONING_MACS"}: .: {} f:name: {} k:{"name":"VMEDIA_TLS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":6180,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} k:{"containerPort":6183,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} k:{"containerPort":6388,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/auth/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/vmedia"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} k:{"name":"metal3-ironic"}: .: {} f:command: {} f:env: .: {} k:{"name":"HTTP_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_EXTERNAL_IP"}: .: {} f:name: {} k:{"name":"IRONIC_INSECURE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_KERNEL_PARAMS"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_PRIVATE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_REVERSE_PROXY_SETUP"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_INTERFACE"}: .: {} f:name: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROVISIONING_MACS"}: .: {} f:name: {} k:{"name":"VMEDIA_TLS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/vmedia"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} k:{"name":"metal3-ramdisk-logs"}: .: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:add: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:hostNetwork: {} f:initContainers: .: {} k:{"name":"machine-os-images"}: .: {} f:command: {} f:env: .: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-ironic-basic-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-shared"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"metal3-shared-image-cache"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"metal3-vmedia-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:43:07Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-03-19T09:43:51Z" name: metal3-546c754db namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: metal3 uid: 29410f08-940a-4787-8553-2e7d3f2f25f8 resourceVersion: "18807" uid: 7056b831-285d-44d9-8aff-93863fbc9d7d spec: replicas: 1 selector: matchLabels: baremetal.openshift.io/cluster-baremetal-operator: metal3-state k8s-app: metal3 pod-template-hash: 546c754db template: metadata: annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-state k8s-app: metal3 pod-template-hash: 546c754db spec: containers: - command: - /bin/runhttpd env: - name: HTTP_PORT value: "6180" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: PROVISIONING_INTERFACE - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdCF9i2OOE6jVFRNySl0BJRetjlZem0FmEK9HvW+A80avh0clSbj/RIvf4rkQwPmR01ahqSLo6/cjXkqIxKl783z0cxISY2tUwIm60A7x5EM1q5sUFJ+THjwGpI+Ea4ilLzL17q8/Ry2VB7LENWayWnPvc0HNXF1LNIqHjfcWHrQCI+SCcE2SeVs6SpV3kSc2FURB/KlUAgSvZ6QvlhVHko/Bd7Wv6jGOnR0sGDEb7GAO7vmOWF2sX14pfFxIUPFLIaOTpDmBOg65BNhzzDvGMsJFa8PxDxJ/X8c+LctIsx1XXF4bU5NDYcl5l4Ac70BFOOrVXoijC4HcF+dkCWbpv - name: PROVISIONING_MACS - name: VMEDIA_TLS_PORT value: "6183" - name: IRONIC_REVERSE_PROXY_SETUP value: "true" - name: IRONIC_PRIVATE_PORT value: unix - name: IRONIC_LISTEN_PORT value: "6388" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-httpd ports: - containerPort: 6388 hostPort: 6388 name: ironic protocol: TCP - containerPort: 6180 hostPort: 6180 name: http protocol: TCP - containerPort: 6183 hostPort: 6183 name: vmedia-https protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - command: - /bin/runironic env: - name: IRONIC_INSECURE value: "true" - name: IRONIC_KERNEL_PARAMS value: rd.net.timeout.carrier=30 ip=dhcp - name: IRONIC_REVERSE_PROXY_SETUP value: "true" - name: IRONIC_PRIVATE_PORT value: unix - name: HTTP_PORT value: "6180" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: PROVISIONING_INTERFACE - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdCF9i2OOE6jVFRNySl0BJRetjlZem0FmEK9HvW+A80avh0clSbj/RIvf4rkQwPmR01ahqSLo6/cjXkqIxKl783z0cxISY2tUwIm60A7x5EM1q5sUFJ+THjwGpI+Ea4ilLzL17q8/Ry2VB7LENWayWnPvc0HNXF1LNIqHjfcWHrQCI+SCcE2SeVs6SpV3kSc2FURB/KlUAgSvZ6QvlhVHko/Bd7Wv6jGOnR0sGDEb7GAO7vmOWF2sX14pfFxIUPFLIaOTpDmBOg65BNhzzDvGMsJFa8PxDxJ/X8c+LctIsx1XXF4bU5NDYcl5l4Ac70BFOOrVXoijC4HcF+dkCWbpv - name: IRONIC_EXTERNAL_IP - name: PROVISIONING_MACS - name: VMEDIA_TLS_PORT value: "6183" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-ironic resources: requests: cpu: 50m memory: 500Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - command: - /bin/runlogwatch.sh image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-ramdisk-logs resources: requests: cpu: 10m memory: 5Mi securityContext: capabilities: add: - CAP_DAC_OVERRIDE drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true dnsPolicy: ClusterFirstWithHostNet hostNetwork: true initContainers: - command: - /bin/copy-metal - --all - /shared/html/images env: - name: IP_OPTIONS value: ip=dhcp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imagePullPolicy: IfNotPresent name: machine-os-images resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: false serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 volumes: - emptyDir: {} name: metal3-shared - hostPath: path: /var/lib/metal3/images type: DirectoryOrCreate name: metal3-shared-image-cache - name: metal3-ironic-basic-auth secret: defaultMode: 420 items: - key: username path: username - key: password path: password - key: htpasswd path: htpasswd secretName: metal3-ironic-password - name: cert secret: defaultMode: 420 secretName: baremetal-operator-webhook-server-cert - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: metal3-vmedia-tls secret: defaultMode: 420 secretName: metal3-ironic-tls status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: baremetal.openshift.io/owned: "" deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "1" deployment.kubernetes.io/revision: "1" operator.openshift.io/spec-hash: 9ff558657a62c2d87646896ed3d93111f3155baf4e106ea8ad30e7fafdcde65e creationTimestamp: "2026-03-19T09:43:08Z" generation: 1 labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-baremetal-operator baremetal.openshift.io/metal3-validating-webhook: metal3-validating-webhook k8s-app: metal3 pod-template-hash: 78474bdc48 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:baremetal.openshift.io/owned: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:operator.openshift.io/spec-hash: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:baremetal.openshift.io/metal3-validating-webhook: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"afe31c95-07f7-499c-912e-6207e298e921"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:baremetal.openshift.io/metal3-validating-webhook: {} f:k8s-app: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"metal3-baremetal-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DEPLOY_KERNEL_URL"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_CACERT_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_ENDPOINT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_EXTERNAL_IP"}: .: {} f:name: {} k:{"name":"IRONIC_EXTERNAL_URL_V6"}: .: {} f:name: {} k:{"name":"IRONIC_INSECURE"}: .: {} f:name: {} f:value: {} k:{"name":"LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE"}: .: {} f:name: {} f:value: {} k:{"name":"METAL3_AUTH_ROOT_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"OPERATOR_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9447,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/auth/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp/k8s-webhook-server/serving-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-ironic-basic-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:43:08Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-03-19T09:43:14Z" name: metal3-baremetal-operator-78474bdc48 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: metal3-baremetal-operator uid: afe31c95-07f7-499c-912e-6207e298e921 resourceVersion: "18715" uid: f2125165-d80e-4e3f-bd79-02c4b4d80986 spec: replicas: 1 selector: matchLabels: baremetal.openshift.io/cluster-baremetal-operator: metal3-baremetal-operator baremetal.openshift.io/metal3-validating-webhook: metal3-validating-webhook k8s-app: metal3 pod-template-hash: 78474bdc48 template: metadata: annotations: openshift.io/required-scc: hostnetwork-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-baremetal-operator baremetal.openshift.io/metal3-validating-webhook: metal3-validating-webhook k8s-app: metal3 pod-template-hash: 78474bdc48 spec: containers: - args: - --health-addr - :9446 - -build-preprov-image - -enable-leader-election - -lease-duration-seconds - "137" - -renew-deadline-seconds - "107" - -retry-period-seconds - "26" - --webhook-port - "9447" command: - /baremetal-operator env: - name: WATCH_NAMESPACE - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: OPERATOR_NAME value: baremetal-operator - name: IRONIC_CACERT_FILE value: /certs/ironic/tls.crt - name: IRONIC_INSECURE value: "true" - name: DEPLOY_KERNEL_URL value: file:///shared/html/images/ironic-python-agent.kernel - name: IRONIC_ENDPOINT value: https://metal3-state.openshift-machine-api.svc.cluster.local:6388/v1/ - name: LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE value: Never - name: METAL3_AUTH_ROOT_DIR value: /auth - name: IRONIC_EXTERNAL_IP - name: IRONIC_EXTERNAL_URL_V6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 imagePullPolicy: IfNotPresent name: metal3-baremetal-operator ports: - containerPort: 9447 name: webhook-server protocol: TCP resources: requests: cpu: 20m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true dnsPolicy: ClusterFirstWithHostNet nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 volumes: - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: cert secret: defaultMode: 420 secretName: baremetal-operator-webhook-server-cert - name: metal3-ironic-basic-auth secret: defaultMode: 420 items: - key: username path: username - key: password path: password secretName: metal3-ironic-password - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" operator.openshift.io/spec-hash: 2390fc73b84a553f1778c02c7f435cc7c3984bda0d55210392cd02212bf3fbe3 creationTimestamp: "2026-03-19T09:43:11Z" generation: 1 labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-image-customization-service k8s-app: metal3 pod-template-hash: 7b5d8dfcfd managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:operator.openshift.io/spec-hash: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"3b08ca46-6da5-4b56-ad7e-61f1e0089dfe"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"machine-image-customization-controller"}: .: {} f:command: {} f:env: .: {} k:{"name":"ADDITIONAL_NTP_SERVERS"}: .: {} f:name: {} k:{"name":"CA_BUNDLE"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_INITRD"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_ISO"}: .: {} f:name: {} f:value: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_AGENT_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_BASE_URL"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRIES_CONF_PATH"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8084,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/containers/registries.conf"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/run/secrets/pull-secret"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:initContainers: .: {} k:{"name":"machine-os-images"}: .: {} f:command: {} f:env: .: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"ironic-agent-pull-secret"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-image-customization-volume"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"metal3-shared-image-cache"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"user-ca-bundle"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:43:11Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-03-19T09:44:06Z" name: metal3-image-customization-7b5d8dfcfd namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: metal3-image-customization uid: 3b08ca46-6da5-4b56-ad7e-61f1e0089dfe resourceVersion: "18913" uid: afc45ee7-7b82-4490-8dac-c1b4ab78f8b8 spec: replicas: 1 selector: matchLabels: baremetal.openshift.io/cluster-baremetal-operator: metal3-image-customization-service k8s-app: metal3 pod-template-hash: 7b5d8dfcfd template: metadata: annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-image-customization-service k8s-app: metal3 pod-template-hash: 7b5d8dfcfd spec: containers: - command: - /machine-image-customization-controller - -images-bind-addr - :8084 - -images-publish-addr - http://metal3-image-customization-service.openshift-machine-api.svc.cluster.local/ env: - name: NO_PROXY value: ',192.168.32.10' - name: DEPLOY_ISO value: /shared/html/images/ironic-python-agent.iso - name: DEPLOY_INITRD value: /shared/html/images/ironic-python-agent.initramfs - name: IRONIC_BASE_URL value: https://192.168.32.10:6385 - name: IRONIC_AGENT_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:16b329950fbff70a8d997d0bd95e11d9a6a1263a00211385716b2b62bfacf0ee - name: REGISTRIES_CONF_PATH value: /etc/containers/registries.conf - name: IP_OPTIONS value: ip=dhcp - name: ADDITIONAL_NTP_SERVERS - name: CA_BUNDLE value: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdCF9i2OOE6jVFRNySl0BJRetjlZem0FmEK9HvW+A80avh0clSbj/RIvf4rkQwPmR01ahqSLo6/cjXkqIxKl783z0cxISY2tUwIm60A7x5EM1q5sUFJ+THjwGpI+Ea4ilLzL17q8/Ry2VB7LENWayWnPvc0HNXF1LNIqHjfcWHrQCI+SCcE2SeVs6SpV3kSc2FURB/KlUAgSvZ6QvlhVHko/Bd7Wv6jGOnR0sGDEb7GAO7vmOWF2sX14pfFxIUPFLIaOTpDmBOg65BNhzzDvGMsJFa8PxDxJ/X8c+LctIsx1XXF4bU5NDYcl5l4Ac70BFOOrVXoijC4HcF+dkCWbpv image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 imagePullPolicy: IfNotPresent name: machine-image-customization-controller ports: - containerPort: 8084 name: http protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/containers/registries.conf name: metal3-image-customization-volume - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /run/secrets/pull-secret name: ironic-agent-pull-secret readOnly: true subPath: pull-secret - mountPath: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt name: user-ca-bundle dnsPolicy: ClusterFirstWithHostNet initContainers: - command: - /bin/copy-metal - --all - /shared/html/images env: - name: IP_OPTIONS value: ip=dhcp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imagePullPolicy: IfNotPresent name: machine-os-images resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 volumes: - hostPath: path: /etc/containers/registries.conf type: FileOrCreate name: metal3-image-customization-volume - hostPath: path: /var/lib/metal3/images type: DirectoryOrCreate name: metal3-shared-image-cache - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: ironic-agent-pull-secret secret: defaultMode: 420 items: - key: .dockerconfigjson path: pull-secret secretName: pull-secret - hostPath: path: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt type: File name: user-ca-bundle status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 kind: ReplicaSetList metadata: resourceVersion: "75380"