--- apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.120/23"],"mac_address":"0a:58:0a:80:00:78","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.120/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.120" ], "mac": "0a:58:0a:80:00:78", "default": true, "dns": {} }] openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T09:43:11Z" generateName: metal3-image-customization-7b5d8dfcfd- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-image-customization-service k8s-app: metal3 pod-template-hash: 7b5d8dfcfd managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"afc45ee7-7b82-4490-8dac-c1b4ab78f8b8"}: {} f:spec: f:containers: k:{"name":"machine-image-customization-controller"}: .: {} f:command: {} f:env: .: {} k:{"name":"ADDITIONAL_NTP_SERVERS"}: .: {} f:name: {} k:{"name":"CA_BUNDLE"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_INITRD"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_ISO"}: .: {} f:name: {} f:value: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_AGENT_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_BASE_URL"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRIES_CONF_PATH"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8084,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/containers/registries.conf"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/run/secrets/pull-secret"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:initContainers: .: {} k:{"name":"machine-os-images"}: .: {} f:command: {} f:env: .: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"ironic-agent-pull-secret"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-image-customization-volume"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"metal3-shared-image-cache"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"user-ca-bundle"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T09:43:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T09:43:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T09:43:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.120"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T09:44:06Z" name: metal3-image-customization-7b5d8dfcfd-gjzrj namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-image-customization-7b5d8dfcfd uid: afc45ee7-7b82-4490-8dac-c1b4ab78f8b8 resourceVersion: "18910" uid: 127c2b98-5be4-46f3-95d6-1901fab637ff spec: containers: - command: - /machine-image-customization-controller - -images-bind-addr - :8084 - -images-publish-addr - http://metal3-image-customization-service.openshift-machine-api.svc.cluster.local/ env: - name: NO_PROXY value: ',192.168.32.10' - name: DEPLOY_ISO value: /shared/html/images/ironic-python-agent.iso - name: DEPLOY_INITRD value: /shared/html/images/ironic-python-agent.initramfs - name: IRONIC_BASE_URL value: https://192.168.32.10:6385 - name: IRONIC_AGENT_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:16b329950fbff70a8d997d0bd95e11d9a6a1263a00211385716b2b62bfacf0ee - name: REGISTRIES_CONF_PATH value: /etc/containers/registries.conf - name: IP_OPTIONS value: ip=dhcp - name: ADDITIONAL_NTP_SERVERS - name: CA_BUNDLE value: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdCF9i2OOE6jVFRNySl0BJRetjlZem0FmEK9HvW+A80avh0clSbj/RIvf4rkQwPmR01ahqSLo6/cjXkqIxKl783z0cxISY2tUwIm60A7x5EM1q5sUFJ+THjwGpI+Ea4ilLzL17q8/Ry2VB7LENWayWnPvc0HNXF1LNIqHjfcWHrQCI+SCcE2SeVs6SpV3kSc2FURB/KlUAgSvZ6QvlhVHko/Bd7Wv6jGOnR0sGDEb7GAO7vmOWF2sX14pfFxIUPFLIaOTpDmBOg65BNhzzDvGMsJFa8PxDxJ/X8c+LctIsx1XXF4bU5NDYcl5l4Ac70BFOOrVXoijC4HcF+dkCWbpv image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 imagePullPolicy: IfNotPresent name: machine-image-customization-controller ports: - containerPort: 8084 name: http protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/containers/registries.conf name: metal3-image-customization-volume - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /run/secrets/pull-secret name: ironic-agent-pull-secret readOnly: true subPath: pull-secret - mountPath: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt name: user-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bmdx9 readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-zxmm6 initContainers: - command: - /bin/copy-metal - --all - /shared/html/images env: - name: IP_OPTIONS value: ip=dhcp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imagePullPolicy: IfNotPresent name: machine-os-images resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bmdx9 readOnly: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - hostPath: path: /etc/containers/registries.conf type: FileOrCreate name: metal3-image-customization-volume - hostPath: path: /var/lib/metal3/images type: DirectoryOrCreate name: metal3-shared-image-cache - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: ironic-agent-pull-secret secret: defaultMode: 420 items: - key: .dockerconfigjson path: pull-secret secretName: pull-secret - hostPath: path: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt type: File name: user-ca-bundle - name: kube-api-access-bmdx9 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:45Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T09:44:02Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T09:44:06Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T09:44:06Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T09:43:11Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://0e72662b49b19fffaf16f81c2bb4595091c1a417219ada3e452c074a29b4e089 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 lastState: {} name: machine-image-customization-controller ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T09:44:05Z" volumeMounts: - mountPath: /etc/containers/registries.conf name: metal3-image-customization-volume - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /run/secrets/pull-secret name: ironic-agent-pull-secret readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt name: user-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bmdx9 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 initContainerStatuses: - containerID: cri-o://7cd0cff70285882000c8f225792f21809b02f776906de3a7671003d0e95a26d8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b lastState: {} name: machine-os-images ready: true restartCount: 2 started: false state: terminated: containerID: cri-o://7cd0cff70285882000c8f225792f21809b02f776906de3a7671003d0e95a26d8 exitCode: 0 finishedAt: "2026-03-19T09:44:02Z" reason: Completed startedAt: "2026-03-19T09:44:02Z" volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bmdx9 readOnly: true recursiveReadOnly: Disabled phase: Running podIP: 10.128.0.120 podIPs: - ip: 10.128.0.120 qosClass: Burstable startTime: "2026-03-19T09:43:11Z"