--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.71/23"],"mac_address":"0a:58:0a:80:00:47","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.71/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.71" ], "mac": "0a:58:0a:80:00:47", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: cluster-autoscaler-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T11:57:18Z" generateName: cluster-autoscaler-operator-866dc4744- labels: k8s-app: cluster-autoscaler-operator pod-template-hash: 866dc4744 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"489f5618-f388-4cf8-af5e-c3484fb2d83d"}: {} f:spec: f:containers: k:{"name":"cluster-autoscaler-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"CLUSTER_AUTOSCALER_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"CLUSTER_AUTOSCALER_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"LEADER_ELECTION_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"WEBHOOKS_CERT_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"WEBHOOKS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-autoscaler-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9192,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"auth-proxy-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-19T11:57:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T11:57:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T11:57:19Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.71"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T11:57:40Z" name: cluster-autoscaler-operator-866dc4744-fblgs namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-autoscaler-operator-866dc4744 uid: 489f5618-f388-4cf8-af5e-c3484fb2d83d resourceVersion: "10555" uid: cf6b6560-1731-4fb1-b3c2-8257002842d6 spec: containers: - args: - --secure-listen-address=0.0.0.0:9192 - --upstream=http://127.0.0.1:9191/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9192 name: metrics protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: auth-proxy-config readOnly: true - mountPath: /etc/tls/private name: cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-64twc readOnly: true - args: - -alsologtostderr command: - cluster-autoscaler-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: WATCH_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: LEADER_ELECTION_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:23b753adc8f02ade73be6ad9f3d665745593cdeda0fb6460772426fd526f44b1 - name: WEBHOOKS_CERT_DIR value: /etc/cluster-autoscaler-operator/tls - name: WEBHOOKS_PORT value: "8443" - name: METRICS_PORT value: "9191" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db imagePullPolicy: IfNotPresent name: cluster-autoscaler-operator ports: - containerPort: 8443 protocol: TCP resources: requests: cpu: 20m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-autoscaler-operator/tls name: cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-64twc readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: cluster-autoscaler-operator-dockercfg-pcp8m nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000500000 seLinuxOptions: level: s0:c22,c19 seccompProfile: type: RuntimeDefault serviceAccount: cluster-autoscaler-operator serviceAccountName: cluster-autoscaler-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: cert secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: cluster-autoscaler-operator-cert - configMap: defaultMode: 420 name: kube-rbac-proxy-cluster-autoscaler-operator name: auth-proxy-config - name: kube-api-access-64twc projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:39Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:18Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:39Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:39Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:18Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://2967f90f9e5ee8c36ca7fef93b23beb026c519e6def04180aa006bfd822ac758 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db lastState: {} name: cluster-autoscaler-operator ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T11:57:39Z" volumeMounts: - mountPath: /etc/cluster-autoscaler-operator/tls name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-64twc readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://a261d8bdf1e7e76c8b1b20173c8026d62eabfa6b56b8af0e0ad1ecbaa8d3be35 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed lastState: {} name: kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T11:57:19Z" volumeMounts: - mountPath: /etc/kube-rbac-proxy name: auth-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-64twc readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.71 podIPs: - ip: 10.128.0.71 qosClass: Burstable startTime: "2026-03-19T11:57:18Z" - apiVersion: v1 kind: Pod metadata: annotations: capability.openshift.io/name: baremetal include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.24/23"],"mac_address":"0a:58:0a:80:00:18","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.24/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.24" ], "mac": "0a:58:0a:80:00:18", "default": true, "dns": {} }] openshift.io/required-scc: anyuid openshift.io/scc: anyuid creationTimestamp: "2026-03-19T11:51:45Z" generateName: cluster-baremetal-operator-6f69995874- labels: k8s-app: cluster-baremetal-operator pod-template-hash: 6f69995874 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"399215cc-9b6f-49ca-a400-667f72e75c5b"}: {} f:spec: f:containers: k:{"name":"baremetal-kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/baremetal-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"cluster-baremetal-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-baremetal-operator/images"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/cluster-baremetal-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"cluster-baremetal-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T11:51:45Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: .: {} k:{"type":"PodScheduled"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} manager: kube-scheduler operation: Update subresource: status time: "2026-03-19T11:51:45Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T11:53:37Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T11:54:24Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.24"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T12:24:45Z" name: cluster-baremetal-operator-6f69995874-ftml6 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-baremetal-operator-6f69995874 uid: 399215cc-9b6f-49ca-a400-667f72e75c5b resourceVersion: "19112" uid: 19de6601-10d4-4112-a21f-0398d2b160d1 spec: containers: - args: - --enable-leader-election command: - /usr/bin/cluster-baremetal-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 imagePullPolicy: IfNotPresent name: cluster-baremetal-operator ports: - containerPort: 9443 name: webhook-server protocol: TCP resources: requests: cpu: 10m memory: 50Mi securityContext: capabilities: drop: - MKNOD terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-baremetal-operator/tls name: cert readOnly: true - mountPath: /etc/cluster-baremetal-operator/images name: images readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6xpc2 readOnly: true - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --config-file=/etc/baremetal-kube-rbac-proxy/config-file.yaml - --logtostderr=true - --v=10 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: baremetal-kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: capabilities: drop: - MKNOD terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/baremetal-kube-rbac-proxy name: config - mountPath: /etc/tls/private name: cluster-baremetal-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6xpc2 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c22,c19 serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: cert secret: defaultMode: 420 secretName: cluster-baremetal-webhook-server-cert - configMap: defaultMode: 420 name: baremetal-kube-rbac-proxy name: config - name: cluster-baremetal-operator-tls secret: defaultMode: 420 secretName: cluster-baremetal-operator-tls - configMap: defaultMode: 420 name: cluster-baremetal-operator-images name: images - name: kube-api-access-6xpc2 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T11:54:42Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T11:53:37Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T12:24:45Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T12:24:45Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T11:53:37Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://68c205a7cfb2de9d6da9f6cfb9c833d6d4d07f368dbd0c842790192b58bcaa3f image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed lastState: {} name: baremetal-kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T11:54:41Z" volumeMounts: - mountPath: /etc/baremetal-kube-rbac-proxy name: config - mountPath: /etc/tls/private name: cluster-baremetal-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6xpc2 readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://4847293da7450fa4954f4352e2de3f901a1df502fece93e6a753117098564f14 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 lastState: terminated: containerID: cri-o://b2e13fc5e0e47b30a814c50b22ebab528689038f4224f101e1963ee3ecce529a exitCode: 1 finishedAt: "2026-03-19T12:24:43Z" message: | : connect: connection refused E0319 12:16:18.278770 1 leaderelection.go:340] Failed to update lock optimitically: Put "https://172.30.0.1:443/apis/coordination.k8s.io/v1/namespaces/openshift-machine-api/leases/cluster-baremetal-operator": dial tcp 172.30.0.1:443: connect: connection refused, falling back to slow path E0319 12:16:18.280546 1 leaderelection.go:347] error retrieving resource lock openshift-machine-api/cluster-baremetal-operator: Get "https://172.30.0.1:443/apis/coordination.k8s.io/v1/namespaces/openshift-machine-api/leases/cluster-baremetal-operator": dial tcp 172.30.0.1:443: connect: connection refused E0319 12:19:46.367236 1 leaderelection.go:340] Failed to update lock optimitically: Put "https://172.30.0.1:443/apis/coordination.k8s.io/v1/namespaces/openshift-machine-api/leases/cluster-baremetal-operator": dial tcp 172.30.0.1:443: connect: connection refused, falling back to slow path E0319 12:19:46.368221 1 leaderelection.go:347] error retrieving resource lock openshift-machine-api/cluster-baremetal-operator: Get "https://172.30.0.1:443/apis/coordination.k8s.io/v1/namespaces/openshift-machine-api/leases/cluster-baremetal-operator": dial tcp 172.30.0.1:443: connect: connection refused E0319 12:20:12.369714 1 leaderelection.go:340] Failed to update lock optimitically: Put "https://172.30.0.1:443/apis/coordination.k8s.io/v1/namespaces/openshift-machine-api/leases/cluster-baremetal-operator": dial tcp 172.30.0.1:443: connect: connection refused, falling back to slow path E0319 12:20:12.370897 1 leaderelection.go:347] error retrieving resource lock openshift-machine-api/cluster-baremetal-operator: Get "https://172.30.0.1:443/apis/coordination.k8s.io/v1/namespaces/openshift-machine-api/leases/cluster-baremetal-operator": dial tcp 172.30.0.1:443: connect: connection refused I0319 12:24:43.873281 1 webhook.go:104] WebhookDependenciesReady: everything ready for webhooks I0319 12:24:43.873315 1 provisioning_controller.go:238] restarting to enable the webhook reason: Error startedAt: "2026-03-19T12:05:14Z" name: cluster-baremetal-operator ready: true restartCount: 3 started: true state: running: startedAt: "2026-03-19T12:24:44Z" volumeMounts: - mountPath: /etc/cluster-baremetal-operator/tls name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cluster-baremetal-operator/images name: images readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6xpc2 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.24 podIPs: - ip: 10.128.0.24 qosClass: Burstable startTime: "2026-03-19T11:53:37Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.70/23"],"mac_address":"0a:58:0a:80:00:46","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.70/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.70" ], "mac": "0a:58:0a:80:00:46", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T11:57:18Z" generateName: control-plane-machine-set-operator-6f97756bc8- labels: k8s-app: control-plane-machine-set-operator pod-template-hash: 6f97756bc8 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"e4f8b85b-0956-42cb-b565-894b50964fd3"}: {} f:spec: f:containers: k:{"name":"control-plane-machine-set-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/tmp/k8s-webhook-server/serving-certs"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"control-plane-machine-set-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-19T11:57:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T11:57:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T11:57:19Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.70"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T12:05:49Z" name: control-plane-machine-set-operator-6f97756bc8-tql86 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: control-plane-machine-set-operator-6f97756bc8 uid: e4f8b85b-0956-42cb-b565-894b50964fd3 resourceVersion: "12025" uid: 44469a78-9300-4260-89e9-ea939de1357b spec: containers: - args: - -v=2 - --leader-elect=true - --leader-elect-lease-duration=137s - --leader-elect-renew-deadline=107s - --leader-elect-retry-period=26s - --leader-elect-resource-namespace=openshift-machine-api command: - /manager env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 imagePullPolicy: IfNotPresent name: control-plane-machine-set-operator ports: - containerPort: 9443 name: https protocol: TCP resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: control-plane-machine-set-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t7zpw readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: control-plane-machine-set-operator-dockercfg-67sx5 nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000500000 seLinuxOptions: level: s0:c22,c19 seccompProfile: type: RuntimeDefault serviceAccount: control-plane-machine-set-operator serviceAccountName: control-plane-machine-set-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: control-plane-machine-set-operator-tls secret: defaultMode: 420 secretName: control-plane-machine-set-operator-tls - name: kube-api-access-t7zpw projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:23Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:18Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T12:04:58Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T12:04:58Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:18Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://95df593bda230cfe7b98b6801869d6d366e321b5eb0ef734d501b2afe8aa29f6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 lastState: terminated: containerID: cri-o://bcbe72e4cc3e493a5ae6c052d3dcfb298a861d9613583852bbc5958392be50c4 exitCode: 1 finishedAt: "2026-03-19T12:04:56Z" message: | xt deadline exceeded, falling back to slow path E0319 12:04:09.682291 1 leaderelection.go:436] error retrieving resource lock openshift-machine-api/control-plane-machine-set-leader: the server was unable to return a response in the time allotted, but may still be processing the request (get leases.coordination.k8s.io control-plane-machine-set-leader) I0319 12:04:22.674871 1 leaderelection.go:297] failed to renew lease openshift-machine-api/control-plane-machine-set-leader: timed out waiting for the condition E0319 12:04:56.680009 1 leaderelection.go:322] Failed to release lock: Timeout: request did not complete within requested timeout - context deadline exceeded I0319 12:04:56.680422 1 internal.go:538] "Stopping and waiting for non leader election runnables" I0319 12:04:56.680522 1 internal.go:542] "Stopping and waiting for leader election runnables" I0319 12:04:56.680489 1 recorder.go:104] "control-plane-machine-set-operator-6f97756bc8-tql86_f44263c5-1ecd-4a43-a903-ad1575af904d stopped leading" logger="events" type="Normal" object={"kind":"Lease","namespace":"openshift-machine-api","name":"control-plane-machine-set-leader","uid":"ac62a09a-4674-45f1-b224-2516f9f43ae1","apiVersion":"coordination.k8s.io/v1","resourceVersion":"11806"} reason="LeaderElection" I0319 12:04:56.680670 1 internal.go:550] "Stopping and waiting for caches" I0319 12:04:56.680750 1 internal.go:554] "Stopping and waiting for webhooks" I0319 12:04:56.680865 1 internal.go:557] "Stopping and waiting for HTTP servers" I0319 12:04:56.680949 1 internal.go:561] "Wait completed, proceeding to shutdown the manager" I0319 12:04:56.680785 1 controller.go:237] "Shutdown signal received, waiting for all workers to finish" controller="controlplanemachinesetgenerator" I0319 12:04:56.681050 1 controller.go:239] "All workers finished" controller="controlplanemachinesetgenerator" E0319 12:04:56.681053 1 main.go:233] "problem running manager" err="leader election lost" logger="setup" reason: Error startedAt: "2026-03-19T11:57:23Z" name: control-plane-machine-set-operator ready: true restartCount: 1 started: true state: running: startedAt: "2026-03-19T12:04:57Z" volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: control-plane-machine-set-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t7zpw readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.70 podIPs: - ip: 10.128.0.70 qosClass: Burstable startTime: "2026-03-19T11:57:18Z" - apiVersion: v1 kind: Pod metadata: annotations: openshift.io/scc: privileged creationTimestamp: "2026-03-19T12:27:36Z" generateName: ironic-proxy- labels: baremetal.openshift.io/cluster-baremetal-operator: ironic-proxy controller-revision-hash: 7b6998f9c8 k8s-app: metal3 pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:controller-revision-hash: {} f:k8s-app: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"26efaf75-5df4-42a8-bbb2-cd1a7b37d07e"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"ironic-proxy"}: .: {} f:command: {} f:env: .: {} k:{"name":"IRONIC_PROXY_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_UPSTREAM_IP"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_UPSTREAM_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":6385,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:add: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T12:27:36Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"192.168.32.10"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T12:27:47Z" name: ironic-proxy-mnfjh namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: ironic-proxy uid: 26efaf75-5df4-42a8-bbb2-cd1a7b37d07e resourceVersion: "20183" uid: 0d92c44a-db10-4400-8eef-4d9930650684 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - master-0 containers: - command: - /bin/runironic-proxy env: - name: IRONIC_PROXY_PORT value: "6385" - name: IRONIC_UPSTREAM_IP value: 192.168.32.10 - name: IRONIC_UPSTREAM_PORT value: "6388" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: ironic-proxy ports: - containerPort: 6385 hostPort: 6385 name: ironic-proxy protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: add: - FOWNER drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s6jh8 readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true hostNetwork: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-qznjf nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: false serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists - effect: NoSchedule key: node.kubernetes.io/disk-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/pid-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/unschedulable operator: Exists - effect: NoSchedule key: node.kubernetes.io/network-unavailable operator: Exists volumes: - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: kube-api-access-s6jh8 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:47Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:36Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:47Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:47Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:36Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://212597805a915a5140944cf5b9b13cb63cfed21d337f1dc950da8248b6075f1b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: ironic-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T12:27:47Z" volumeMounts: - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s6jh8 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 192.168.32.10 podIPs: - ip: 192.168.32.10 qosClass: Burstable startTime: "2026-03-19T12:27:36Z" - apiVersion: v1 kind: Pod metadata: annotations: capability.openshift.io/name: MachineAPI k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.72/23"],"mac_address":"0a:58:0a:80:00:48","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.72/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.72" ], "mac": "0a:58:0a:80:00:48", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: machine-api-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T11:57:18Z" generateName: machine-api-operator-6fbb6cf6f9- labels: k8s-app: machine-api-operator pod-template-hash: 6fbb6cf6f9 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"01ec9192-4700-4d66-b0eb-322f6e813064"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"machine-api-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/machine-api-operator-config/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"machine-api-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-19T11:57:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T11:57:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T11:57:19Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.72"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T11:57:40Z" name: machine-api-operator-6fbb6cf6f9-75w5c namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: machine-api-operator-6fbb6cf6f9 uid: 01ec9192-4700-4d66-b0eb-322f6e813064 resourceVersion: "10563" uid: 7b2ecb08-a0f9-4127-967c-7087dea4c0f6 spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: config - mountPath: /etc/tls/private name: machine-api-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dxw6t readOnly: true - args: - start - --images-json=/etc/machine-api-operator-config/images/images.json - --alsologtostderr - --v=3 command: - /machine-api-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c imagePullPolicy: IfNotPresent name: machine-api-operator resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/machine-api-operator-config/images name: images - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dxw6t readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: machine-api-operator-dockercfg-ww9m4 nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000500000 seLinuxOptions: level: s0:c22,c19 seccompProfile: type: RuntimeDefault serviceAccount: machine-api-operator serviceAccountName: machine-api-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 name: kube-rbac-proxy name: config - configMap: defaultMode: 420 name: machine-api-operator-images name: images - name: machine-api-operator-tls secret: defaultMode: 420 secretName: machine-api-operator-tls - name: kube-api-access-dxw6t projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:39Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:18Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:39Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:39Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T11:57:18Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://84cb664afef1ffa9eee06b4e53f8ab677638d974a315efd207acbf4961b60b62 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed lastState: {} name: kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T11:57:19Z" volumeMounts: - mountPath: /etc/kube-rbac-proxy name: config - mountPath: /etc/tls/private name: machine-api-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dxw6t readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://5d31241cbfd7328f7ef428f31ffdbc26b4a00817c912ba157ca859080b34581f image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c lastState: {} name: machine-api-operator ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T11:57:39Z" volumeMounts: - mountPath: /etc/machine-api-operator-config/images name: images - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dxw6t readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.72 podIPs: - ip: 10.128.0.72 qosClass: Burstable startTime: "2026-03-19T11:57:18Z" - apiVersion: v1 kind: Pod metadata: annotations: openshift.io/scc: privileged creationTimestamp: "2026-03-19T12:27:32Z" generateName: metal3-65f8c5cc94- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-state k8s-app: metal3 pod-template-hash: 65f8c5cc94 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"912a9116-b487-4338-a158-0cc8536dabde"}: {} f:spec: f:containers: k:{"name":"metal3-httpd"}: .: {} f:command: {} f:env: .: {} k:{"name":"HTTP_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_LISTEN_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_PRIVATE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_REVERSE_PROXY_SETUP"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_INTERFACE"}: .: {} f:name: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROVISIONING_MACS"}: .: {} f:name: {} k:{"name":"VMEDIA_TLS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":6180,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} k:{"containerPort":6183,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} k:{"containerPort":6388,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/auth/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/vmedia"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} k:{"name":"metal3-ironic"}: .: {} f:command: {} f:env: .: {} k:{"name":"HTTP_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_EXTERNAL_IP"}: .: {} f:name: {} k:{"name":"IRONIC_INSECURE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_KERNEL_PARAMS"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_PRIVATE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_REVERSE_PROXY_SETUP"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_INTERFACE"}: .: {} f:name: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROVISIONING_MACS"}: .: {} f:name: {} k:{"name":"VMEDIA_TLS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/vmedia"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} k:{"name":"metal3-ramdisk-logs"}: .: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:add: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:initContainers: .: {} k:{"name":"machine-os-images"}: .: {} f:command: {} f:env: .: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-ironic-basic-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-shared"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"metal3-shared-image-cache"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"metal3-vmedia-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T12:27:32Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"192.168.32.10"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T12:28:14Z" name: metal3-65f8c5cc94-trthc namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-65f8c5cc94 uid: 912a9116-b487-4338-a158-0cc8536dabde resourceVersion: "20306" uid: f262d280-de9c-40ab-a879-abfec51007e6 spec: containers: - command: - /bin/runhttpd env: - name: HTTP_PORT value: "6180" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: PROVISIONING_INTERFACE - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHokZSxsS9TCiBTdZls5Vr6X8XeFdYQGG0BMgLJjDdRcZ46yPRSOUFZciGmOghZOS9DQe7gN24aVS1cMJo/TLUV/r1m+IpS0ciH/EZxsqKiO10hKnc8+E5uN33ORnKcmtrSfszbuPdvb2ZlS7KXZEPWJdAoGwamQXTVcsXP/Ps5OpQAA4hmZmvuJwK/z/3cLK6lmDWQWfcXTYQEUMlf1ASTUXAgaIIb4cbzpvKw3C7nrd0u3U1lnqVui0bSLt5X4qB8xSlzmX1QcvB+/ZVeCvhjKp23Jz6T272fZqcuEtfAB6YZYZJP+L/BiWWxMo610Eull5tF5/XMSF7ZncZUGGh - name: PROVISIONING_MACS - name: VMEDIA_TLS_PORT value: "6183" - name: IRONIC_REVERSE_PROXY_SETUP value: "true" - name: IRONIC_PRIVATE_PORT value: unix - name: IRONIC_LISTEN_PORT value: "6388" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-httpd ports: - containerPort: 6388 hostPort: 6388 name: ironic protocol: TCP - containerPort: 6180 hostPort: 6180 name: http protocol: TCP - containerPort: 6183 hostPort: 6183 name: vmedia-https protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-crz6g readOnly: true - command: - /bin/runironic env: - name: IRONIC_INSECURE value: "true" - name: IRONIC_KERNEL_PARAMS value: rd.net.timeout.carrier=30 ip=dhcp - name: IRONIC_REVERSE_PROXY_SETUP value: "true" - name: IRONIC_PRIVATE_PORT value: unix - name: HTTP_PORT value: "6180" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: PROVISIONING_INTERFACE - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHokZSxsS9TCiBTdZls5Vr6X8XeFdYQGG0BMgLJjDdRcZ46yPRSOUFZciGmOghZOS9DQe7gN24aVS1cMJo/TLUV/r1m+IpS0ciH/EZxsqKiO10hKnc8+E5uN33ORnKcmtrSfszbuPdvb2ZlS7KXZEPWJdAoGwamQXTVcsXP/Ps5OpQAA4hmZmvuJwK/z/3cLK6lmDWQWfcXTYQEUMlf1ASTUXAgaIIb4cbzpvKw3C7nrd0u3U1lnqVui0bSLt5X4qB8xSlzmX1QcvB+/ZVeCvhjKp23Jz6T272fZqcuEtfAB6YZYZJP+L/BiWWxMo610Eull5tF5/XMSF7ZncZUGGh - name: IRONIC_EXTERNAL_IP - name: PROVISIONING_MACS - name: VMEDIA_TLS_PORT value: "6183" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-ironic resources: requests: cpu: 50m memory: 500Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-crz6g readOnly: true - command: - /bin/runlogwatch.sh image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-ramdisk-logs resources: requests: cpu: 10m memory: 5Mi securityContext: capabilities: add: - CAP_DAC_OVERRIDE drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-crz6g readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true hostNetwork: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-qznjf initContainers: - command: - /bin/copy-metal - --all - /shared/html/images env: - name: IP_OPTIONS value: ip=dhcp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imagePullPolicy: IfNotPresent name: machine-os-images resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-crz6g readOnly: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: false serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: metal3-shared - hostPath: path: /var/lib/metal3/images type: DirectoryOrCreate name: metal3-shared-image-cache - name: metal3-ironic-basic-auth secret: defaultMode: 420 items: - key: username path: username - key: password path: password - key: htpasswd path: htpasswd secretName: metal3-ironic-password - name: cert secret: defaultMode: 420 secretName: baremetal-operator-webhook-server-cert - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: metal3-vmedia-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: kube-api-access-crz6g projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T12:28:09Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T12:28:11Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T12:28:14Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T12:28:14Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:32Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://b827b8dbb28ff94eb06791002fb932f8a5ee766dddac4c75a2c119e057d14c73 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: metal3-httpd ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T12:28:11Z" volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true recursiveReadOnly: Disabled - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-crz6g readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://809bb511a3ba75bccf17de7c6cc7f703eca3ee664d7cc49113a5f1f42dc7b907 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: metal3-ironic ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T12:28:12Z" volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-crz6g readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://4d1679af88e2caa3fb6cd15bf24e5cd11dfea28666c4585a9f0199fd129ed7c2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: metal3-ramdisk-logs ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T12:28:13Z" volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-crz6g readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 initContainerStatuses: - containerID: cri-o://1642bc05e91cf7cf29a1e7749434faf174234639cecd4464c254f2673baa95a3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b lastState: {} name: machine-os-images ready: true restartCount: 0 started: false state: terminated: containerID: cri-o://1642bc05e91cf7cf29a1e7749434faf174234639cecd4464c254f2673baa95a3 exitCode: 0 finishedAt: "2026-03-19T12:28:10Z" reason: Completed startedAt: "2026-03-19T12:28:08Z" volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-crz6g readOnly: true recursiveReadOnly: Disabled phase: Running podIP: 192.168.32.10 podIPs: - ip: 192.168.32.10 qosClass: Burstable startTime: "2026-03-19T12:27:32Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.114/23"],"mac_address":"0a:58:0a:80:00:72","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.114/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.114" ], "mac": "0a:58:0a:80:00:72", "default": true, "dns": {} }] openshift.io/required-scc: hostnetwork-v2 openshift.io/scc: hostnetwork-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T12:27:32Z" generateName: metal3-baremetal-operator-78474bdc48- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-baremetal-operator baremetal.openshift.io/metal3-validating-webhook: metal3-validating-webhook k8s-app: metal3 pod-template-hash: 78474bdc48 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:baremetal.openshift.io/metal3-validating-webhook: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"af6ab591-fda6-4541-9e72-8b3ee58b4728"}: {} f:spec: f:containers: k:{"name":"metal3-baremetal-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DEPLOY_KERNEL_URL"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_CACERT_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_ENDPOINT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_EXTERNAL_IP"}: .: {} f:name: {} k:{"name":"IRONIC_EXTERNAL_URL_V6"}: .: {} f:name: {} k:{"name":"IRONIC_INSECURE"}: .: {} f:name: {} f:value: {} k:{"name":"LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE"}: .: {} f:name: {} f:value: {} k:{"name":"METAL3_AUTH_ROOT_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"OPERATOR_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9447,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/auth/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp/k8s-webhook-server/serving-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-ironic-basic-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T12:27:32Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T12:27:32Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T12:27:35Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.114"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T12:27:38Z" name: metal3-baremetal-operator-78474bdc48-sl88n namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-baremetal-operator-78474bdc48 uid: af6ab591-fda6-4541-9e72-8b3ee58b4728 resourceVersion: "19837" uid: c4d8205e-157b-4a66-9ee7-318bae255129 spec: containers: - args: - --health-addr - :9446 - -build-preprov-image - -enable-leader-election - -lease-duration-seconds - "137" - -renew-deadline-seconds - "107" - -retry-period-seconds - "26" - --webhook-port - "9447" command: - /baremetal-operator env: - name: WATCH_NAMESPACE - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: OPERATOR_NAME value: baremetal-operator - name: IRONIC_CACERT_FILE value: /certs/ironic/tls.crt - name: IRONIC_INSECURE value: "true" - name: DEPLOY_KERNEL_URL value: file:///shared/html/images/ironic-python-agent.kernel - name: IRONIC_ENDPOINT value: https://metal3-state.openshift-machine-api.svc.cluster.local:6388/v1/ - name: LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE value: Never - name: METAL3_AUTH_ROOT_DIR value: /auth - name: IRONIC_EXTERNAL_IP - name: IRONIC_EXTERNAL_URL_V6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 imagePullPolicy: IfNotPresent name: metal3-baremetal-operator ports: - containerPort: 9447 name: webhook-server protocol: TCP resources: requests: cpu: 20m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000500000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hqs8w readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-qznjf nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000500000 seLinuxOptions: level: s0:c22,c19 seccompProfile: type: RuntimeDefault supplementalGroups: - 1000500000 serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: cert secret: defaultMode: 420 secretName: baremetal-operator-webhook-server-cert - name: metal3-ironic-basic-auth secret: defaultMode: 420 items: - key: username path: username - key: password path: password secretName: metal3-ironic-password - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: kube-api-access-hqs8w projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:38Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:32Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:38Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:38Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:32Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://158800db1271e06b1b842cf8861b242371f7f08a853ae2563dbcca5156a3aadf image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 lastState: {} name: metal3-baremetal-operator ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T12:27:38Z" volumeMounts: - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true recursiveReadOnly: Disabled - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hqs8w readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.114 podIPs: - ip: 10.128.0.114 qosClass: Burstable startTime: "2026-03-19T12:27:32Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.115/23"],"mac_address":"0a:58:0a:80:00:73","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.115/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.115" ], "mac": "0a:58:0a:80:00:73", "default": true, "dns": {} }] openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-19T12:27:35Z" generateName: metal3-image-customization-5b889bff9b- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-image-customization-service k8s-app: metal3 pod-template-hash: 5b889bff9b managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"104213bd-7eb6-4f51-87c7-3e15d118ef8d"}: {} f:spec: f:containers: k:{"name":"machine-image-customization-controller"}: .: {} f:command: {} f:env: .: {} k:{"name":"ADDITIONAL_NTP_SERVERS"}: .: {} f:name: {} k:{"name":"CA_BUNDLE"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_INITRD"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_ISO"}: .: {} f:name: {} f:value: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_AGENT_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_BASE_URL"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRIES_CONF_PATH"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8084,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/containers/registries.conf"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/run/secrets/pull-secret"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:initContainers: .: {} k:{"name":"machine-os-images"}: .: {} f:command: {} f:env: .: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"ironic-agent-pull-secret"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-image-customization-volume"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"metal3-shared-image-cache"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"user-ca-bundle"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-19T12:27:35Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-19T12:27:35Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-19T12:27:36Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.115"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-19T12:28:33Z" name: metal3-image-customization-5b889bff9b-dxbkp namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-image-customization-5b889bff9b uid: 104213bd-7eb6-4f51-87c7-3e15d118ef8d resourceVersion: "20425" uid: ed8f0c5d-4f16-444c-b706-e78cf4036b87 spec: containers: - command: - /machine-image-customization-controller - -images-bind-addr - :8084 - -images-publish-addr - http://metal3-image-customization-service.openshift-machine-api.svc.cluster.local/ env: - name: NO_PROXY value: ',192.168.32.10' - name: DEPLOY_ISO value: /shared/html/images/ironic-python-agent.iso - name: DEPLOY_INITRD value: /shared/html/images/ironic-python-agent.initramfs - name: IRONIC_BASE_URL value: https://192.168.32.10:6385 - name: IRONIC_AGENT_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:16b329950fbff70a8d997d0bd95e11d9a6a1263a00211385716b2b62bfacf0ee - name: REGISTRIES_CONF_PATH value: /etc/containers/registries.conf - name: IP_OPTIONS value: ip=dhcp - name: ADDITIONAL_NTP_SERVERS - name: CA_BUNDLE value: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHokZSxsS9TCiBTdZls5Vr6X8XeFdYQGG0BMgLJjDdRcZ46yPRSOUFZciGmOghZOS9DQe7gN24aVS1cMJo/TLUV/r1m+IpS0ciH/EZxsqKiO10hKnc8+E5uN33ORnKcmtrSfszbuPdvb2ZlS7KXZEPWJdAoGwamQXTVcsXP/Ps5OpQAA4hmZmvuJwK/z/3cLK6lmDWQWfcXTYQEUMlf1ASTUXAgaIIb4cbzpvKw3C7nrd0u3U1lnqVui0bSLt5X4qB8xSlzmX1QcvB+/ZVeCvhjKp23Jz6T272fZqcuEtfAB6YZYZJP+L/BiWWxMo610Eull5tF5/XMSF7ZncZUGGh image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 imagePullPolicy: IfNotPresent name: machine-image-customization-controller ports: - containerPort: 8084 name: http protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/containers/registries.conf name: metal3-image-customization-volume - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /run/secrets/pull-secret name: ironic-agent-pull-secret readOnly: true subPath: pull-secret - mountPath: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt name: user-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-99dct readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true imagePullSecrets: - name: cluster-baremetal-operator-dockercfg-qznjf initContainers: - command: - /bin/copy-metal - --all - /shared/html/images env: - name: IP_OPTIONS value: ip=dhcp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imagePullPolicy: IfNotPresent name: machine-os-images resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-99dct readOnly: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - hostPath: path: /etc/containers/registries.conf type: FileOrCreate name: metal3-image-customization-volume - hostPath: path: /var/lib/metal3/images type: DirectoryOrCreate name: metal3-shared-image-cache - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: ironic-agent-pull-secret secret: defaultMode: 420 items: - key: .dockerconfigjson path: pull-secret secretName: pull-secret - hostPath: path: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt type: File name: user-ca-bundle - name: kube-api-access-99dct projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-19T12:28:09Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-19T12:28:29Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-19T12:28:33Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-19T12:28:33Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-19T12:27:35Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://c72c9f21649475fe0bd06dc1f79c9e41855723e5dfeb95138425161a91f3f076 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 lastState: {} name: machine-image-customization-controller ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-19T12:28:33Z" volumeMounts: - mountPath: /etc/containers/registries.conf name: metal3-image-customization-volume - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /run/secrets/pull-secret name: ironic-agent-pull-secret readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt name: user-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-99dct readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 initContainerStatuses: - containerID: cri-o://6acc12b56175ffbe527022f603cbbf98807913e16ce2ea91c8f4d540432bb34d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b lastState: {} name: machine-os-images ready: true restartCount: 2 started: false state: terminated: containerID: cri-o://6acc12b56175ffbe527022f603cbbf98807913e16ce2ea91c8f4d540432bb34d exitCode: 0 finishedAt: "2026-03-19T12:28:28Z" reason: Completed startedAt: "2026-03-19T12:28:28Z" volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-99dct readOnly: true recursiveReadOnly: Disabled phase: Running podIP: 10.128.0.115 podIPs: - ip: 10.128.0.115 qosClass: Burstable startTime: "2026-03-19T12:27:35Z" kind: PodList metadata: resourceVersion: "76540"