--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.66/23"],"mac_address":"0a:58:0a:80:00:42","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.66/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.66" ], "mac": "0a:58:0a:80:00:42", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: cluster-autoscaler-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T09:23:48Z" generateName: cluster-autoscaler-operator-866dc4744- labels: k8s-app: cluster-autoscaler-operator pod-template-hash: 866dc4744 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"092f0777-a219-4d31-aa03-ce0b2fe0a533"}: {} f:spec: f:containers: k:{"name":"cluster-autoscaler-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"CLUSTER_AUTOSCALER_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"CLUSTER_AUTOSCALER_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"LEADER_ELECTION_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"WEBHOOKS_CERT_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"WEBHOOKS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-autoscaler-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9192,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"auth-proxy-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:23:48Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T09:23:48Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T09:23:49Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.66"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T09:25:31Z" name: cluster-autoscaler-operator-866dc4744-hzrg4 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-autoscaler-operator-866dc4744 uid: 092f0777-a219-4d31-aa03-ce0b2fe0a533 resourceVersion: "11061" uid: d32541c9-eef6-417c-9f5a-a7392dc70aa0 spec: containers: - args: - --secure-listen-address=0.0.0.0:9192 - --upstream=http://127.0.0.1:9191/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9192 name: metrics protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000490000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: auth-proxy-config readOnly: true - mountPath: /etc/tls/private name: cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fvp9m readOnly: true - args: - -alsologtostderr command: - cluster-autoscaler-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: WATCH_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: LEADER_ELECTION_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:23b753adc8f02ade73be6ad9f3d665745593cdeda0fb6460772426fd526f44b1 - name: WEBHOOKS_CERT_DIR value: /etc/cluster-autoscaler-operator/tls - name: WEBHOOKS_PORT value: "8443" - name: METRICS_PORT value: "9191" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db imagePullPolicy: IfNotPresent name: cluster-autoscaler-operator ports: - containerPort: 8443 protocol: TCP resources: requests: cpu: 20m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000490000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-autoscaler-operator/tls name: cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fvp9m readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: cluster-autoscaler-operator-dockercfg-wkbj2 nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000490000 seLinuxOptions: level: s0:c22,c14 seccompProfile: type: RuntimeDefault serviceAccount: cluster-autoscaler-operator serviceAccountName: cluster-autoscaler-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: cert secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: cluster-autoscaler-operator-cert - configMap: defaultMode: 420 name: kube-rbac-proxy-cluster-autoscaler-operator name: auth-proxy-config - name: kube-api-access-fvp9m projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T09:25:02Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T09:23:48Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T09:25:27Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T09:25:27Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T09:23:48Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://c05c0071f8d082f8e06ab51ea7cfd19e2aa33f8bf5691db9e8b0996e2e4f77b7 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db lastState: terminated: containerID: cri-o://d04b5565f460914cbdf914be37a041423b677254e05486f3d50bf2995c7a798e exitCode: 255 finishedAt: "2026-03-19T09:25:10Z" message: | I0319 09:25:10.753462 1 main.go:15] Go Version: go1.22.12 (Red Hat 1.22.12-8.el9) X:strictfipsruntime I0319 09:25:10.753630 1 main.go:16] Go OS/Arch: linux/amd64 I0319 09:25:10.753634 1 main.go:17] Version: cluster-autoscaler-operator v4.18.0-202602261953.p2.g474ad65.assembly.stream.el9+ose-cluster-autoscaler-operator I0319 09:25:10.753819 1 leaderelection.go:121] The leader election gives 4 retries and allows for 30s of clock skew. The kube-apiserver downtime tolerance is 78s. Worst non-graceful lease acquisition is 2m43s. Worst graceful lease acquisition is {26s}. W0319 09:25:10.755606 1 leaderelection.go:51] unable to get cluster infrastructure status, using HA cluster values for leader election: Get "https://172.30.0.1:443/apis/config.openshift.io/v1/infrastructures/cluster": dial tcp 172.30.0.1:443: connect: connection refused F0319 09:25:10.759902 1 main.go:38] Failed to create operator: failed to add controllers: failed to get API group resources: unable to retrieve the complete list of server APIs: machine.openshift.io/v1beta1: Get "https://172.30.0.1:443/apis/machine.openshift.io/v1beta1": dial tcp 172.30.0.1:443: connect: connection refused reason: Error startedAt: "2026-03-19T09:25:10Z" name: cluster-autoscaler-operator ready: true restartCount: 3 started: true state: running: startedAt: "2026-03-19T09:25:26Z" volumeMounts: - mountPath: /etc/cluster-autoscaler-operator/tls name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fvp9m readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://6edb54451814dd1a0b69a728692c547cb530f94076165a3f995d004b3eac6073 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed lastState: {} name: kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:23:50Z" volumeMounts: - mountPath: /etc/kube-rbac-proxy name: auth-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fvp9m readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.66 podIPs: - ip: 10.128.0.66 qosClass: Burstable startTime: "2026-03-19T09:23:48Z" - apiVersion: v1 kind: Pod metadata: annotations: capability.openshift.io/name: baremetal include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.67/23"],"mac_address":"0a:58:0a:80:00:43","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.67/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.67" ], "mac": "0a:58:0a:80:00:43", "default": true, "dns": {} }] openshift.io/required-scc: anyuid openshift.io/scc: anyuid creationTimestamp: "2026-03-19T09:23:48Z" generateName: cluster-baremetal-operator-6f69995874- labels: k8s-app: cluster-baremetal-operator pod-template-hash: 6f69995874 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"588cb78e-b42a-41ad-aadf-f7c338d2e77b"}: {} f:spec: f:containers: k:{"name":"baremetal-kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/baremetal-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"cluster-baremetal-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-baremetal-operator/images"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/cluster-baremetal-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"cluster-baremetal-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:23:48Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T09:23:48Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T09:23:49Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.67"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T09:35:20Z" name: cluster-baremetal-operator-6f69995874-nm9nx namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-baremetal-operator-6f69995874 uid: 588cb78e-b42a-41ad-aadf-f7c338d2e77b resourceVersion: "15801" uid: cd42096c-f18d-4bb5-8a51-8761dc1edb73 spec: containers: - args: - --enable-leader-election command: - /usr/bin/cluster-baremetal-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 imagePullPolicy: IfNotPresent name: cluster-baremetal-operator ports: - containerPort: 9443 name: webhook-server protocol: TCP resources: requests: cpu: 10m memory: 50Mi securityContext: capabilities: drop: - MKNOD terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-baremetal-operator/tls name: cert readOnly: true - mountPath: /etc/cluster-baremetal-operator/images name: images readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dxdb6 readOnly: true - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --config-file=/etc/baremetal-kube-rbac-proxy/config-file.yaml - --logtostderr=true - --v=10 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: baremetal-kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: capabilities: drop: - MKNOD terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/baremetal-kube-rbac-proxy name: config - mountPath: /etc/tls/private name: cluster-baremetal-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dxdb6 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-zxmm6 nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c22,c14 serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: cert secret: defaultMode: 420 secretName: cluster-baremetal-webhook-server-cert - configMap: defaultMode: 420 name: baremetal-kube-rbac-proxy name: config - name: cluster-baremetal-operator-tls secret: defaultMode: 420 secretName: cluster-baremetal-operator-tls - configMap: defaultMode: 420 name: cluster-baremetal-operator-images name: images - name: kube-api-access-dxdb6 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T09:25:02Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T09:23:48Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T09:35:11Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T09:35:11Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T09:23:48Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://fb65e57537c91c4e818bcaa291a7d70ac71b8cba3206885614909897a1a62d01 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed lastState: {} name: baremetal-kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:25:08Z" volumeMounts: - mountPath: /etc/baremetal-kube-rbac-proxy name: config - mountPath: /etc/tls/private name: cluster-baremetal-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dxdb6 readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://97c57e3d1069f9ab33eb42f329fe1020b7f84827b15b9bdb242511fa46937541 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 lastState: terminated: containerID: cri-o://cced7eea2b6d3f1e8b74c9b95b6c84c5d6a6a67257109c1fb5b4bb829cf963c8 exitCode: 1 finishedAt: "2026-03-19T09:34:28Z" message: | E0319 09:34:28.985732 1 main.go:144] "unable to get enabled features" err="unable to determine Platform: the server was unable to return a response in the time allotted, but may still be processing the request (get infrastructures.config.openshift.io cluster)" reason: Error startedAt: "2026-03-19T09:33:28Z" name: cluster-baremetal-operator ready: true restartCount: 5 started: true state: running: startedAt: "2026-03-19T09:35:10Z" volumeMounts: - mountPath: /etc/cluster-baremetal-operator/tls name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cluster-baremetal-operator/images name: images readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dxdb6 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.67 podIPs: - ip: 10.128.0.67 qosClass: Burstable startTime: "2026-03-19T09:23:48Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.56/23"],"mac_address":"0a:58:0a:80:00:38","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.56/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.56" ], "mac": "0a:58:0a:80:00:38", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T09:21:30Z" generateName: control-plane-machine-set-operator-6f97756bc8- labels: k8s-app: control-plane-machine-set-operator pod-template-hash: 6f97756bc8 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"0fd10b7d-d37d-446f-a58c-4e0cbbb881fb"}: {} f:spec: f:containers: k:{"name":"control-plane-machine-set-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/tmp/k8s-webhook-server/serving-certs"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"control-plane-machine-set-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:21:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T09:21:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T09:21:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.56"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T09:35:20Z" name: control-plane-machine-set-operator-6f97756bc8-l8kmn namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: control-plane-machine-set-operator-6f97756bc8 uid: 0fd10b7d-d37d-446f-a58c-4e0cbbb881fb resourceVersion: "15803" uid: d486ce23-acf7-429a-9739-4770e1a2bf78 spec: containers: - args: - -v=2 - --leader-elect=true - --leader-elect-lease-duration=137s - --leader-elect-renew-deadline=107s - --leader-elect-retry-period=26s - --leader-elect-resource-namespace=openshift-machine-api command: - /manager env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 imagePullPolicy: IfNotPresent name: control-plane-machine-set-operator ports: - containerPort: 9443 name: https protocol: TCP resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000490000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: control-plane-machine-set-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bzdjs readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: control-plane-machine-set-operator-dockercfg-bgq5z nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000490000 seLinuxOptions: level: s0:c22,c14 seccompProfile: type: RuntimeDefault serviceAccount: control-plane-machine-set-operator serviceAccountName: control-plane-machine-set-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: control-plane-machine-set-operator-tls secret: defaultMode: 420 secretName: control-plane-machine-set-operator-tls - name: kube-api-access-bzdjs projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T09:21:34Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T09:21:30Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T09:33:11Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T09:33:11Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T09:21:30Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://a03d9bcb8eef829f13473d071446200197cab1949b32f33f464a2b21695e97a4 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 lastState: terminated: containerID: cri-o://2ea52482522c190b31e0c2a767d192b95134c189dc647d21749261e6e8b31d1e exitCode: 1 finishedAt: "2026-03-19T09:33:10Z" message: | ble" controller="controlplanemachineset" reconcileID="10f9844e-dc51-4264-b1e4-ece468727eb5" namespace="openshift-machine-api" name="cluster" I0319 09:30:18.181264 1 controller.go:184] "Finished reconciling control plane machine set" controller="controlplanemachineset" reconcileID="10f9844e-dc51-4264-b1e4-ece468727eb5" namespace="openshift-machine-api" name="cluster" I0319 09:31:04.406784 1 controller.go:170] "Reconciling control plane machine set" controller="controlplanemachineset" reconcileID="22f9bfc8-727b-4f66-8ec1-b48b0a8f1aca" namespace="openshift-machine-api" name="cluster" I0319 09:31:04.406867 1 controller.go:178] "No control plane machine set found, setting operator status available" controller="controlplanemachineset" reconcileID="22f9bfc8-727b-4f66-8ec1-b48b0a8f1aca" namespace="openshift-machine-api" name="cluster" I0319 09:31:04.406909 1 controller.go:184] "Finished reconciling control plane machine set" controller="controlplanemachineset" reconcileID="22f9bfc8-727b-4f66-8ec1-b48b0a8f1aca" namespace="openshift-machine-api" name="cluster" E0319 09:31:23.450749 1 leaderelection.go:429] Failed to update lock optimitically: Timeout: request did not complete within requested timeout - context deadline exceeded, falling back to slow path E0319 09:32:23.452780 1 leaderelection.go:436] error retrieving resource lock openshift-machine-api/control-plane-machine-set-leader: the server was unable to return a response in the time allotted, but may still be processing the request (get leases.coordination.k8s.io control-plane-machine-set-leader) I0319 09:32:36.448134 1 leaderelection.go:297] failed to renew lease openshift-machine-api/control-plane-machine-set-leader: timed out waiting for the condition E0319 09:33:10.460373 1 leaderelection.go:322] Failed to release lock: Timeout: request did not complete within requested timeout - context deadline exceeded E0319 09:33:10.460528 1 main.go:233] "problem running manager" err="leader election lost" logger="setup" reason: Error startedAt: "2026-03-19T09:21:33Z" name: control-plane-machine-set-operator ready: true restartCount: 1 started: true state: running: startedAt: "2026-03-19T09:33:11Z" volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: control-plane-machine-set-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bzdjs readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.56 podIPs: - ip: 10.128.0.56 qosClass: Burstable startTime: "2026-03-19T09:21:30Z" - apiVersion: v1 kind: Pod metadata: annotations: openshift.io/scc: privileged creationTimestamp: "2026-03-19T09:43:12Z" generateName: ironic-proxy- labels: baremetal.openshift.io/cluster-baremetal-operator: ironic-proxy controller-revision-hash: 7b6998f9c8 k8s-app: metal3 pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:controller-revision-hash: {} f:k8s-app: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"44629c23-640d-4e62-9bff-d2c60808725e"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"ironic-proxy"}: .: {} f:command: {} f:env: .: {} k:{"name":"IRONIC_PROXY_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_UPSTREAM_IP"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_UPSTREAM_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":6385,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:add: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:43:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"192.168.32.10"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T09:43:25Z" name: ironic-proxy-kc5xl namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: ironic-proxy uid: 44629c23-640d-4e62-9bff-d2c60808725e resourceVersion: "18736" uid: edb10ae4-b456-4b8f-8ed0-95b53ba1bdf1 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - master-0 containers: - command: - /bin/runironic-proxy env: - name: IRONIC_PROXY_PORT value: "6385" - name: IRONIC_UPSTREAM_IP value: 192.168.32.10 - name: IRONIC_UPSTREAM_PORT value: "6388" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: ironic-proxy ports: - containerPort: 6385 hostPort: 6385 name: ironic-proxy protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: add: - FOWNER drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-9j67g readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true hostNetwork: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-zxmm6 nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: false serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists - effect: NoSchedule key: node.kubernetes.io/disk-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/pid-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/unschedulable operator: Exists - effect: NoSchedule key: node.kubernetes.io/network-unavailable operator: Exists volumes: - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: kube-api-access-9j67g projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:25Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:12Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:25Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:25Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:12Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://1153b3abed40c757dce6508f50ca214311ee79b73978a0b67530ca034b9be919 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: ironic-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:43:24Z" volumeMounts: - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-9j67g readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 192.168.32.10 podIPs: - ip: 192.168.32.10 qosClass: Burstable startTime: "2026-03-19T09:43:12Z" - apiVersion: v1 kind: Pod metadata: annotations: capability.openshift.io/name: MachineAPI k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.68/23"],"mac_address":"0a:58:0a:80:00:44","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.68/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.68" ], "mac": "0a:58:0a:80:00:44", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: machine-api-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T09:23:48Z" generateName: machine-api-operator-6fbb6cf6f9- labels: k8s-app: machine-api-operator pod-template-hash: 6fbb6cf6f9 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"f123deb6-f02a-4811-b5f1-01389f0439f5"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"machine-api-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/machine-api-operator-config/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"machine-api-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:23:48Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T09:23:48Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T09:23:49Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.68"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T09:35:20Z" name: machine-api-operator-6fbb6cf6f9-qx75g namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: machine-api-operator-6fbb6cf6f9 uid: f123deb6-f02a-4811-b5f1-01389f0439f5 resourceVersion: "15777" uid: f93b8728-4a33-4ee4-b7c6-cff7d7995953 spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000490000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: config - mountPath: /etc/tls/private name: machine-api-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kfw5k readOnly: true - args: - start - --images-json=/etc/machine-api-operator-config/images/images.json - --alsologtostderr - --v=3 command: - /machine-api-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c imagePullPolicy: IfNotPresent name: machine-api-operator resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000490000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/machine-api-operator-config/images name: images - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kfw5k readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: machine-api-operator-dockercfg-pr68p nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000490000 seLinuxOptions: level: s0:c22,c14 seccompProfile: type: RuntimeDefault serviceAccount: machine-api-operator serviceAccountName: machine-api-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 name: kube-rbac-proxy name: config - configMap: defaultMode: 420 name: machine-api-operator-images name: images - name: machine-api-operator-tls secret: defaultMode: 420 secretName: machine-api-operator-tls - name: kube-api-access-kfw5k projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T09:25:02Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T09:23:48Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T09:33:19Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T09:33:19Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T09:23:48Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://9f1ef2cb225eccd803b02b7cf6059c207b67d11faba6471ed6eec3f7aa0adfc4 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed lastState: {} name: kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:23:50Z" volumeMounts: - mountPath: /etc/kube-rbac-proxy name: config - mountPath: /etc/tls/private name: machine-api-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kfw5k readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://932f5755271fe68c4515bef8609cd9f80440bee3fe9984d85e6b86c95d6b348a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c lastState: terminated: containerID: cri-o://82c9db947e048d06ab325d28a9da9998cc2e567351adaf60dac34444baffd037 exitCode: 255 finishedAt: "2026-03-19T09:33:18Z" message: | terVersion from github.com/openshift/client-go/config/informers/externalversions/factory.go:125 I0319 09:30:22.071267 1 reflector.go:368] Caches populated for *v1.ClusterVersion from github.com/openshift/client-go/config/informers/externalversions/factory.go:125 I0319 09:30:27.093112 1 reflector.go:341] Listing and watching *v1.MutatingWebhookConfiguration from k8s.io/client-go/informers/factory.go:160 I0319 09:30:27.095041 1 reflector.go:368] Caches populated for *v1.MutatingWebhookConfiguration from k8s.io/client-go/informers/factory.go:160 I0319 09:30:41.477775 1 reflector.go:341] Listing and watching *v1beta1.Machine from github.com/openshift/client-go/machine/informers/externalversions/factory.go:125 I0319 09:30:41.479866 1 reflector.go:368] Caches populated for *v1beta1.Machine from github.com/openshift/client-go/machine/informers/externalversions/factory.go:125 I0319 09:30:50.213372 1 reflector.go:341] Listing and watching *v1.Deployment from k8s.io/client-go/informers/factory.go:160 I0319 09:30:50.221165 1 reflector.go:368] Caches populated for *v1.Deployment from k8s.io/client-go/informers/factory.go:160 E0319 09:31:31.807422 1 leaderelection.go:429] Failed to update lock optimitically: Timeout: request did not complete within requested timeout - context deadline exceeded, falling back to slow path E0319 09:32:31.811044 1 leaderelection.go:436] error retrieving resource lock openshift-machine-api/machine-api-operator: the server was unable to return a response in the time allotted, but may still be processing the request (get leases.coordination.k8s.io machine-api-operator) I0319 09:32:44.804601 1 leaderelection.go:297] failed to renew lease openshift-machine-api/machine-api-operator: timed out waiting for the condition E0319 09:33:18.809795 1 leaderelection.go:322] Failed to release lock: Timeout: request did not complete within requested timeout - context deadline exceeded F0319 09:33:18.809854 1 start.go:104] Leader election lost reason: Error startedAt: "2026-03-19T09:25:06Z" name: machine-api-operator ready: true restartCount: 2 started: true state: running: startedAt: "2026-03-19T09:33:19Z" volumeMounts: - mountPath: /etc/machine-api-operator-config/images name: images - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kfw5k readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.68 podIPs: - ip: 10.128.0.68 qosClass: Burstable startTime: "2026-03-19T09:23:48Z" - apiVersion: v1 kind: Pod metadata: annotations: openshift.io/scc: privileged creationTimestamp: "2026-03-19T09:43:07Z" generateName: metal3-546c754db- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-state k8s-app: metal3 pod-template-hash: 546c754db managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"7056b831-285d-44d9-8aff-93863fbc9d7d"}: {} f:spec: f:containers: k:{"name":"metal3-httpd"}: .: {} f:command: {} f:env: .: {} k:{"name":"HTTP_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_LISTEN_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_PRIVATE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_REVERSE_PROXY_SETUP"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_INTERFACE"}: .: {} f:name: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROVISIONING_MACS"}: .: {} f:name: {} k:{"name":"VMEDIA_TLS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":6180,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} k:{"containerPort":6183,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} k:{"containerPort":6388,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/auth/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/vmedia"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} k:{"name":"metal3-ironic"}: .: {} f:command: {} f:env: .: {} k:{"name":"HTTP_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_EXTERNAL_IP"}: .: {} f:name: {} k:{"name":"IRONIC_INSECURE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_KERNEL_PARAMS"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_PRIVATE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_REVERSE_PROXY_SETUP"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_INTERFACE"}: .: {} f:name: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROVISIONING_MACS"}: .: {} f:name: {} k:{"name":"VMEDIA_TLS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/vmedia"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} k:{"name":"metal3-ramdisk-logs"}: .: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:add: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:initContainers: .: {} k:{"name":"machine-os-images"}: .: {} f:command: {} f:env: .: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-ironic-basic-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-shared"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"metal3-shared-image-cache"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"metal3-vmedia-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:43:07Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"192.168.32.10"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T09:43:50Z" name: metal3-546c754db-8r9wh namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-546c754db uid: 7056b831-285d-44d9-8aff-93863fbc9d7d resourceVersion: "18800" uid: 90e6a8d7-86b3-4082-a6f7-4d1001e48563 spec: containers: - command: - /bin/runhttpd env: - name: HTTP_PORT value: "6180" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: PROVISIONING_INTERFACE - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdCF9i2OOE6jVFRNySl0BJRetjlZem0FmEK9HvW+A80avh0clSbj/RIvf4rkQwPmR01ahqSLo6/cjXkqIxKl783z0cxISY2tUwIm60A7x5EM1q5sUFJ+THjwGpI+Ea4ilLzL17q8/Ry2VB7LENWayWnPvc0HNXF1LNIqHjfcWHrQCI+SCcE2SeVs6SpV3kSc2FURB/KlUAgSvZ6QvlhVHko/Bd7Wv6jGOnR0sGDEb7GAO7vmOWF2sX14pfFxIUPFLIaOTpDmBOg65BNhzzDvGMsJFa8PxDxJ/X8c+LctIsx1XXF4bU5NDYcl5l4Ac70BFOOrVXoijC4HcF+dkCWbpv - name: PROVISIONING_MACS - name: VMEDIA_TLS_PORT value: "6183" - name: IRONIC_REVERSE_PROXY_SETUP value: "true" - name: IRONIC_PRIVATE_PORT value: unix - name: IRONIC_LISTEN_PORT value: "6388" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-httpd ports: - containerPort: 6388 hostPort: 6388 name: ironic protocol: TCP - containerPort: 6180 hostPort: 6180 name: http protocol: TCP - containerPort: 6183 hostPort: 6183 name: vmedia-https protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-stlf9 readOnly: true - command: - /bin/runironic env: - name: IRONIC_INSECURE value: "true" - name: IRONIC_KERNEL_PARAMS value: rd.net.timeout.carrier=30 ip=dhcp - name: IRONIC_REVERSE_PROXY_SETUP value: "true" - name: IRONIC_PRIVATE_PORT value: unix - name: HTTP_PORT value: "6180" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: PROVISIONING_INTERFACE - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdCF9i2OOE6jVFRNySl0BJRetjlZem0FmEK9HvW+A80avh0clSbj/RIvf4rkQwPmR01ahqSLo6/cjXkqIxKl783z0cxISY2tUwIm60A7x5EM1q5sUFJ+THjwGpI+Ea4ilLzL17q8/Ry2VB7LENWayWnPvc0HNXF1LNIqHjfcWHrQCI+SCcE2SeVs6SpV3kSc2FURB/KlUAgSvZ6QvlhVHko/Bd7Wv6jGOnR0sGDEb7GAO7vmOWF2sX14pfFxIUPFLIaOTpDmBOg65BNhzzDvGMsJFa8PxDxJ/X8c+LctIsx1XXF4bU5NDYcl5l4Ac70BFOOrVXoijC4HcF+dkCWbpv - name: IRONIC_EXTERNAL_IP - name: PROVISIONING_MACS - name: VMEDIA_TLS_PORT value: "6183" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-ironic resources: requests: cpu: 50m memory: 500Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-stlf9 readOnly: true - command: - /bin/runlogwatch.sh image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-ramdisk-logs resources: requests: cpu: 10m memory: 5Mi securityContext: capabilities: add: - CAP_DAC_OVERRIDE drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-stlf9 readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true hostNetwork: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-zxmm6 initContainers: - command: - /bin/copy-metal - --all - /shared/html/images env: - name: IP_OPTIONS value: ip=dhcp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imagePullPolicy: IfNotPresent name: machine-os-images resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-stlf9 readOnly: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: false serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: metal3-shared - hostPath: path: /var/lib/metal3/images type: DirectoryOrCreate name: metal3-shared-image-cache - name: metal3-ironic-basic-auth secret: defaultMode: 420 items: - key: username path: username - key: password path: password - key: htpasswd path: htpasswd secretName: metal3-ironic-password - name: cert secret: defaultMode: 420 secretName: baremetal-operator-webhook-server-cert - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: metal3-vmedia-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: kube-api-access-stlf9 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:45Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:47Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:50Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:50Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:07Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://3ed61417c7c09dc0345c952ff9d89cc3b451c8fa81c918d7bb58482fe11b39fa image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: metal3-httpd ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:43:48Z" volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true recursiveReadOnly: Disabled - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-stlf9 readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://48fa434bba7d4f4150ec99dddd18eabd2424969225c31ee83ff1584a7b2452a2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: metal3-ironic ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:43:49Z" volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-stlf9 readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://072a7352bb6d7096fb14880864d64d12d2f022e58d0bbad101db1eafcf33764f image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: metal3-ramdisk-logs ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:43:50Z" volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-stlf9 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 initContainerStatuses: - containerID: cri-o://f4cb52c4e655dea3ab58166e8c7340423e8f91136eed85f8e765a0a7aa1c8c0a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b lastState: {} name: machine-os-images ready: true restartCount: 0 started: false state: terminated: containerID: cri-o://f4cb52c4e655dea3ab58166e8c7340423e8f91136eed85f8e765a0a7aa1c8c0a exitCode: 0 finishedAt: "2026-03-19T09:43:46Z" reason: Completed startedAt: "2026-03-19T09:43:44Z" volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-stlf9 readOnly: true recursiveReadOnly: Disabled phase: Running podIP: 192.168.32.10 podIPs: - ip: 192.168.32.10 qosClass: Burstable startTime: "2026-03-19T09:43:07Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.119/23"],"mac_address":"0a:58:0a:80:00:77","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.119/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.119" ], "mac": "0a:58:0a:80:00:77", "default": true, "dns": {} }] openshift.io/required-scc: hostnetwork-v2 openshift.io/scc: hostnetwork-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T09:43:08Z" generateName: metal3-baremetal-operator-78474bdc48- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-baremetal-operator baremetal.openshift.io/metal3-validating-webhook: metal3-validating-webhook k8s-app: metal3 pod-template-hash: 78474bdc48 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:baremetal.openshift.io/metal3-validating-webhook: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"f2125165-d80e-4e3f-bd79-02c4b4d80986"}: {} f:spec: f:containers: k:{"name":"metal3-baremetal-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DEPLOY_KERNEL_URL"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_CACERT_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_ENDPOINT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_EXTERNAL_IP"}: .: {} f:name: {} k:{"name":"IRONIC_EXTERNAL_URL_V6"}: .: {} f:name: {} k:{"name":"IRONIC_INSECURE"}: .: {} f:name: {} f:value: {} k:{"name":"LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE"}: .: {} f:name: {} f:value: {} k:{"name":"METAL3_AUTH_ROOT_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"OPERATOR_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9447,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/auth/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp/k8s-webhook-server/serving-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-ironic-basic-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:43:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T09:43:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T09:43:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.119"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T09:43:14Z" name: metal3-baremetal-operator-78474bdc48-lpxgr namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-baremetal-operator-78474bdc48 uid: f2125165-d80e-4e3f-bd79-02c4b4d80986 resourceVersion: "18712" uid: bf7f4c14-046a-493e-b6b8-1e821c66b504 spec: containers: - args: - --health-addr - :9446 - -build-preprov-image - -enable-leader-election - -lease-duration-seconds - "137" - -renew-deadline-seconds - "107" - -retry-period-seconds - "26" - --webhook-port - "9447" command: - /baremetal-operator env: - name: WATCH_NAMESPACE - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: OPERATOR_NAME value: baremetal-operator - name: IRONIC_CACERT_FILE value: /certs/ironic/tls.crt - name: IRONIC_INSECURE value: "true" - name: DEPLOY_KERNEL_URL value: file:///shared/html/images/ironic-python-agent.kernel - name: IRONIC_ENDPOINT value: https://metal3-state.openshift-machine-api.svc.cluster.local:6388/v1/ - name: LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE value: Never - name: METAL3_AUTH_ROOT_DIR value: /auth - name: IRONIC_EXTERNAL_IP - name: IRONIC_EXTERNAL_URL_V6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 imagePullPolicy: IfNotPresent name: metal3-baremetal-operator ports: - containerPort: 9447 name: webhook-server protocol: TCP resources: requests: cpu: 20m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000490000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-rqrw2 readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-zxmm6 nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000490000 seLinuxOptions: level: s0:c22,c14 seccompProfile: type: RuntimeDefault supplementalGroups: - 1000490000 serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: cert secret: defaultMode: 420 secretName: baremetal-operator-webhook-server-cert - name: metal3-ironic-basic-auth secret: defaultMode: 420 items: - key: username path: username - key: password path: password secretName: metal3-ironic-password - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: kube-api-access-rqrw2 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:14Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:08Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:14Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:14Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:08Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://54686b6ede4d8ab1ec0bb94a464a5ba1f330335f1a9b94d2f6ad9f18afeb872c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 lastState: {} name: metal3-baremetal-operator ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:43:14Z" volumeMounts: - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true recursiveReadOnly: Disabled - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-rqrw2 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.119 podIPs: - ip: 10.128.0.119 qosClass: Burstable startTime: "2026-03-19T09:43:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.120/23"],"mac_address":"0a:58:0a:80:00:78","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.120/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.120" ], "mac": "0a:58:0a:80:00:78", "default": true, "dns": {} }] openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T09:43:11Z" generateName: metal3-image-customization-7b5d8dfcfd- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-image-customization-service k8s-app: metal3 pod-template-hash: 7b5d8dfcfd managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"afc45ee7-7b82-4490-8dac-c1b4ab78f8b8"}: {} f:spec: f:containers: k:{"name":"machine-image-customization-controller"}: .: {} f:command: {} f:env: .: {} k:{"name":"ADDITIONAL_NTP_SERVERS"}: .: {} f:name: {} k:{"name":"CA_BUNDLE"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_INITRD"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_ISO"}: .: {} f:name: {} f:value: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_AGENT_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_BASE_URL"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRIES_CONF_PATH"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8084,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/containers/registries.conf"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/run/secrets/pull-secret"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:initContainers: .: {} k:{"name":"machine-os-images"}: .: {} f:command: {} f:env: .: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"ironic-agent-pull-secret"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-image-customization-volume"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"metal3-shared-image-cache"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"user-ca-bundle"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:43:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T09:43:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T09:43:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.120"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T09:44:06Z" name: metal3-image-customization-7b5d8dfcfd-gjzrj namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-image-customization-7b5d8dfcfd uid: afc45ee7-7b82-4490-8dac-c1b4ab78f8b8 resourceVersion: "18910" uid: 127c2b98-5be4-46f3-95d6-1901fab637ff spec: containers: - command: - /machine-image-customization-controller - -images-bind-addr - :8084 - -images-publish-addr - http://metal3-image-customization-service.openshift-machine-api.svc.cluster.local/ env: - name: NO_PROXY value: ',192.168.32.10' - name: DEPLOY_ISO value: /shared/html/images/ironic-python-agent.iso - name: DEPLOY_INITRD value: /shared/html/images/ironic-python-agent.initramfs - name: IRONIC_BASE_URL value: https://192.168.32.10:6385 - name: IRONIC_AGENT_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:16b329950fbff70a8d997d0bd95e11d9a6a1263a00211385716b2b62bfacf0ee - name: REGISTRIES_CONF_PATH value: /etc/containers/registries.conf - name: IP_OPTIONS value: ip=dhcp - name: ADDITIONAL_NTP_SERVERS - name: CA_BUNDLE value: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdCF9i2OOE6jVFRNySl0BJRetjlZem0FmEK9HvW+A80avh0clSbj/RIvf4rkQwPmR01ahqSLo6/cjXkqIxKl783z0cxISY2tUwIm60A7x5EM1q5sUFJ+THjwGpI+Ea4ilLzL17q8/Ry2VB7LENWayWnPvc0HNXF1LNIqHjfcWHrQCI+SCcE2SeVs6SpV3kSc2FURB/KlUAgSvZ6QvlhVHko/Bd7Wv6jGOnR0sGDEb7GAO7vmOWF2sX14pfFxIUPFLIaOTpDmBOg65BNhzzDvGMsJFa8PxDxJ/X8c+LctIsx1XXF4bU5NDYcl5l4Ac70BFOOrVXoijC4HcF+dkCWbpv image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 imagePullPolicy: IfNotPresent name: machine-image-customization-controller ports: - containerPort: 8084 name: http protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/containers/registries.conf name: metal3-image-customization-volume - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /run/secrets/pull-secret name: ironic-agent-pull-secret readOnly: true subPath: pull-secret - mountPath: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt name: user-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bmdx9 readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-zxmm6 initContainers: - command: - /bin/copy-metal - --all - /shared/html/images env: - name: IP_OPTIONS value: ip=dhcp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imagePullPolicy: IfNotPresent name: machine-os-images resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bmdx9 readOnly: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - hostPath: path: /etc/containers/registries.conf type: FileOrCreate name: metal3-image-customization-volume - hostPath: path: /var/lib/metal3/images type: DirectoryOrCreate name: metal3-shared-image-cache - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: ironic-agent-pull-secret secret: defaultMode: 420 items: - key: .dockerconfigjson path: pull-secret secretName: pull-secret - hostPath: path: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt type: File name: user-ca-bundle - name: kube-api-access-bmdx9 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:45Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T09:44:02Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T09:44:06Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T09:44:06Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:11Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://0e72662b49b19fffaf16f81c2bb4595091c1a417219ada3e452c074a29b4e089 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 lastState: {} name: machine-image-customization-controller ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:44:05Z" volumeMounts: - mountPath: /etc/containers/registries.conf name: metal3-image-customization-volume - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /run/secrets/pull-secret name: ironic-agent-pull-secret readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt name: user-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bmdx9 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 initContainerStatuses: - containerID: cri-o://7cd0cff70285882000c8f225792f21809b02f776906de3a7671003d0e95a26d8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b lastState: {} name: machine-os-images ready: true restartCount: 2 started: false state: terminated: containerID: cri-o://7cd0cff70285882000c8f225792f21809b02f776906de3a7671003d0e95a26d8 exitCode: 0 finishedAt: "2026-03-19T09:44:02Z" reason: Completed startedAt: "2026-03-19T09:44:02Z" volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bmdx9 readOnly: true recursiveReadOnly: Disabled phase: Running podIP: 10.128.0.120 podIPs: - ip: 10.128.0.120 qosClass: Burstable startTime: "2026-03-19T09:43:11Z" kind: PodList metadata: resourceVersion: "75380"