--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.65/23"],"mac_address":"0a:58:0a:80:00:41","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.65/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.65" ], "mac": "0a:58:0a:80:00:41", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: cluster-autoscaler-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-20T08:37:27Z" generateName: cluster-autoscaler-operator-866dc4744- labels: k8s-app: cluster-autoscaler-operator pod-template-hash: 866dc4744 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"4b5c9f08-9714-46df-b338-ccf8f0de7bdb"}: {} f:spec: f:containers: k:{"name":"cluster-autoscaler-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"CLUSTER_AUTOSCALER_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"CLUSTER_AUTOSCALER_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"LEADER_ELECTION_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"WEBHOOKS_CERT_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"WEBHOOKS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-autoscaler-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9192,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"auth-proxy-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-20T08:37:27Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-20T08:37:27Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-20T08:38:46Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.65"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-20T08:49:38Z" name: cluster-autoscaler-operator-866dc4744-xwxg7 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-autoscaler-operator-866dc4744 uid: 4b5c9f08-9714-46df-b338-ccf8f0de7bdb resourceVersion: "14422" uid: 21bebade-17fa-444e-92a9-eea53d6cd673 spec: containers: - args: - --secure-listen-address=0.0.0.0:9192 - --upstream=http://127.0.0.1:9191/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9192 name: metrics protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000480000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: auth-proxy-config readOnly: true - mountPath: /etc/tls/private name: cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zsht7 readOnly: true - args: - -alsologtostderr command: - cluster-autoscaler-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: WATCH_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: LEADER_ELECTION_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CLUSTER_AUTOSCALER_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:23b753adc8f02ade73be6ad9f3d665745593cdeda0fb6460772426fd526f44b1 - name: WEBHOOKS_CERT_DIR value: /etc/cluster-autoscaler-operator/tls - name: WEBHOOKS_PORT value: "8443" - name: METRICS_PORT value: "9191" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db imagePullPolicy: IfNotPresent name: cluster-autoscaler-operator ports: - containerPort: 8443 protocol: TCP resources: requests: cpu: 20m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000480000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-autoscaler-operator/tls name: cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zsht7 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000480000 seLinuxOptions: level: s0:c22,c9 seccompProfile: type: RuntimeDefault serviceAccount: cluster-autoscaler-operator serviceAccountName: cluster-autoscaler-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: cert secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: cluster-autoscaler-operator-cert - configMap: defaultMode: 420 name: kube-rbac-proxy-cluster-autoscaler-operator name: auth-proxy-config - name: kube-api-access-zsht7 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-20T08:38:52Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-20T08:37:27Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-20T08:49:19Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-20T08:49:19Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-20T08:37:27Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://bfed4f8a80c1542278e0af8b603bd065ec2e7f0456df8fbb20a61b42ed29fe9d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce8e3088493b4a72dd766b3b5b4ccb83b7d72d514bbf64063a913dfe961273db lastState: terminated: containerID: cri-o://8b198f10122a271a46d1da5f2f799d55468d2123b4b2ad74d6f0cb05641e6136 exitCode: 255 finishedAt: "2026-03-20T08:49:16Z" message: | 6 1 leaderelection.go:436] error retrieving resource lock openshift-machine-api/cluster-autoscaler-operator-leader: the server was unable to return a response in the time allotted, but may still be processing the request (get leases.coordination.k8s.io cluster-autoscaler-operator-leader) E0320 08:46:41.380751 1 status.go:311] status reporting failed: the server was unable to return a response in the time allotted, but may still be processing the request (get clusteroperators.config.openshift.io cluster-autoscaler) E0320 08:47:41.382778 1 status.go:426] failed to get dependency machine-api status: the server was unable to return a response in the time allotted, but may still be processing the request (get clusteroperators.config.openshift.io machine-api) W0320 08:47:41.382830 1 status.go:271] Operator status degraded: error checking machine-api status: the server was unable to return a response in the time allotted, but may still be processing the request (get clusteroperators.config.openshift.io machine-api) E0320 08:48:01.462612 1 leaderelection.go:429] Failed to update lock optimitically: Timeout: request did not complete within requested timeout - context deadline exceeded, falling back to slow path E0320 08:48:41.385228 1 status.go:311] status reporting failed: the server was unable to return a response in the time allotted, but may still be processing the request (get clusteroperators.config.openshift.io cluster-autoscaler) E0320 08:48:53.446570 1 leaderelection.go:436] error retrieving resource lock openshift-machine-api/cluster-autoscaler-operator-leader: Get "https://172.30.0.1:443/apis/coordination.k8s.io/v1/namespaces/openshift-machine-api/leases/cluster-autoscaler-operator-leader": context deadline exceeded I0320 08:48:53.446654 1 leaderelection.go:297] failed to renew lease openshift-machine-api/cluster-autoscaler-operator-leader: timed out waiting for the condition F0320 08:49:16.557103 1 main.go:43] Failed to start operator: leader election lost reason: Error startedAt: "2026-03-20T08:38:51Z" name: cluster-autoscaler-operator ready: true restartCount: 1 started: true state: running: startedAt: "2026-03-20T08:49:18Z" volumeMounts: - mountPath: /etc/cluster-autoscaler-operator/tls name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zsht7 readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://a74f65fd79254bc2069d4d58186204f182bbdda409cb8c9a6055b2b1614423bb image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed lastState: {} name: kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-20T08:38:46Z" volumeMounts: - mountPath: /etc/kube-rbac-proxy name: auth-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zsht7 readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.65 podIPs: - ip: 10.128.0.65 qosClass: Burstable startTime: "2026-03-20T08:37:27Z" - apiVersion: v1 kind: Pod metadata: annotations: capability.openshift.io/name: baremetal include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.16/23"],"mac_address":"0a:58:0a:80:00:10","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.16/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.16" ], "mac": "0a:58:0a:80:00:10", "default": true, "dns": {} }] openshift.io/required-scc: anyuid openshift.io/scc: anyuid creationTimestamp: "2026-03-20T08:34:25Z" generateName: cluster-baremetal-operator-6f69995874- labels: k8s-app: cluster-baremetal-operator pod-template-hash: 6f69995874 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:include.release.openshift.io/self-managed-high-availability: {} f:include.release.openshift.io/single-node-developer: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"3bf61f8d-821a-4579-9f41-ff32e8e4548e"}: {} f:spec: f:containers: k:{"name":"baremetal-kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/baremetal-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"cluster-baremetal-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-baremetal-operator/images"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/cluster-baremetal-operator/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"cluster-baremetal-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-20T08:34:25Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: .: {} k:{"type":"PodScheduled"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} manager: kube-scheduler operation: Update subresource: status time: "2026-03-20T08:34:25Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-20T08:36:06Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-20T08:36:48Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.16"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-20T08:49:48Z" name: cluster-baremetal-operator-6f69995874-dv6cd namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-baremetal-operator-6f69995874 uid: 3bf61f8d-821a-4579-9f41-ff32e8e4548e resourceVersion: "14922" uid: f53bc282-5937-49ac-ac98-2ee37ccb268d spec: containers: - args: - --enable-leader-election command: - /usr/bin/cluster-baremetal-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 imagePullPolicy: IfNotPresent name: cluster-baremetal-operator ports: - containerPort: 9443 name: webhook-server protocol: TCP resources: requests: cpu: 10m memory: 50Mi securityContext: capabilities: drop: - MKNOD terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/cluster-baremetal-operator/tls name: cert readOnly: true - mountPath: /etc/cluster-baremetal-operator/images name: images readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-b2d4r readOnly: true - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --config-file=/etc/baremetal-kube-rbac-proxy/config-file.yaml - --logtostderr=true - --v=10 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: baremetal-kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: capabilities: drop: - MKNOD terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/baremetal-kube-rbac-proxy name: config - mountPath: /etc/tls/private name: cluster-baremetal-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-b2d4r readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c22,c9 serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: cert secret: defaultMode: 420 secretName: cluster-baremetal-webhook-server-cert - configMap: defaultMode: 420 name: baremetal-kube-rbac-proxy name: config - name: cluster-baremetal-operator-tls secret: defaultMode: 420 secretName: cluster-baremetal-operator-tls - configMap: defaultMode: 420 name: cluster-baremetal-operator-images name: images - name: kube-api-access-b2d4r projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-20T08:37:03Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-20T08:36:06Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-20T08:49:48Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-20T08:49:48Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-20T08:36:06Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://20027ed3d8ce2945b58e2ed2edbfa6fa2b33157326dd7e152264af390a255b26 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed lastState: {} name: baremetal-kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-20T08:37:03Z" volumeMounts: - mountPath: /etc/baremetal-kube-rbac-proxy name: config - mountPath: /etc/tls/private name: cluster-baremetal-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-b2d4r readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://35c40c03b42708a0ad40c10b9e1386a3c24c5ef15edd9ec4b83c03e6e00b46ec image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f933312f49083e8746fc41ab5e46a9a757b448374f14971e256ebcb36f11dd97 lastState: terminated: containerID: cri-o://5b8f6cb814b9e840ab89858d438999874215c853379b386a3140792c0b17b9bf exitCode: 1 finishedAt: "2026-03-20T08:49:23Z" message: | E0320 08:49:23.383601 1 main.go:144] "unable to get enabled features" err="unable to determine Platform: the server was unable to return a response in the time allotted, but may still be processing the request (get infrastructures.config.openshift.io cluster)" reason: Error startedAt: "2026-03-20T08:48:23Z" name: cluster-baremetal-operator ready: true restartCount: 3 started: true state: running: startedAt: "2026-03-20T08:49:48Z" volumeMounts: - mountPath: /etc/cluster-baremetal-operator/tls name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cluster-baremetal-operator/images name: images readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-b2d4r readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.16 podIPs: - ip: 10.128.0.16 qosClass: Burstable startTime: "2026-03-20T08:36:06Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.62/23"],"mac_address":"0a:58:0a:80:00:3e","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.62/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.62" ], "mac": "0a:58:0a:80:00:3e", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-20T08:37:20Z" generateName: control-plane-machine-set-operator-6f97756bc8- labels: k8s-app: control-plane-machine-set-operator pod-template-hash: 6f97756bc8 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"fe3e2ab2-4c70-489c-a81d-c7f0c4224d0e"}: {} f:spec: f:containers: k:{"name":"control-plane-machine-set-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/tmp/k8s-webhook-server/serving-certs"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"control-plane-machine-set-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-20T08:37:20Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-20T08:37:20Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-20T08:38:52Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.62"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-20T08:49:38Z" name: control-plane-machine-set-operator-6f97756bc8-7t5qv namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: control-plane-machine-set-operator-6f97756bc8 uid: fe3e2ab2-4c70-489c-a81d-c7f0c4224d0e resourceVersion: "14500" uid: e9e912c1-a2d4-4d78-98c1-ea3b232ddd7e spec: containers: - args: - -v=2 - --leader-elect=true - --leader-elect-lease-duration=137s - --leader-elect-renew-deadline=107s - --leader-elect-retry-period=26s - --leader-elect-resource-namespace=openshift-machine-api command: - /manager env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 imagePullPolicy: IfNotPresent name: control-plane-machine-set-operator ports: - containerPort: 9443 name: https protocol: TCP resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000480000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: control-plane-machine-set-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-htv9s readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000480000 seLinuxOptions: level: s0:c22,c9 seccompProfile: type: RuntimeDefault serviceAccount: control-plane-machine-set-operator serviceAccountName: control-plane-machine-set-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: control-plane-machine-set-operator-tls secret: defaultMode: 420 secretName: control-plane-machine-set-operator-tls - name: kube-api-access-htv9s projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-20T08:38:59Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-20T08:37:20Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-20T08:47:26Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-20T08:47:26Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-20T08:37:20Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://f37851a25ef42464de23ed4647241a17980786083b49fee70a6360e2172ba84e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:908eaaf624959bc7645f6d585d160431d1efb070e9a1f37fefed73a3be42b0d3 lastState: terminated: containerID: cri-o://322d73e8b151dad5452501bac1f7dfab899c0c317c5ec70fec1dfe654509113e exitCode: 1 finishedAt: "2026-03-20T08:47:25Z" message: | Timeout: request did not complete within requested timeout - context deadline exceeded I0320 08:47:25.276099 1 recorder.go:104] "control-plane-machine-set-operator-6f97756bc8-7t5qv_487c5efe-9830-446f-8545-7ebf924edd1a stopped leading" logger="events" type="Normal" object={"kind":"Lease","namespace":"openshift-machine-api","name":"control-plane-machine-set-leader","uid":"df04292b-b9ee-405c-86f2-c6eca80b35a9","apiVersion":"coordination.k8s.io/v1","resourceVersion":"13998"} reason="LeaderElection" I0320 08:47:25.276568 1 internal.go:538] "Stopping and waiting for non leader election runnables" I0320 08:47:25.276597 1 internal.go:542] "Stopping and waiting for leader election runnables" I0320 08:47:25.276615 1 internal.go:550] "Stopping and waiting for caches" I0320 08:47:25.276630 1 internal.go:554] "Stopping and waiting for webhooks" I0320 08:47:25.276639 1 internal.go:557] "Stopping and waiting for HTTP servers" I0320 08:47:25.276649 1 internal.go:561] "Wait completed, proceeding to shutdown the manager" I0320 08:47:25.276665 1 controller.go:237] "Shutdown signal received, waiting for all workers to finish" controller="controlplanemachineset" I0320 08:47:25.276676 1 controller.go:237] "Shutdown signal received, waiting for all workers to finish" controller="controlplanemachinesetgenerator" W0320 08:47:25.276779 1 reflector.go:484] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers.go:106: watch of *v1.Node ended with: an error on the server ("unable to decode an event from the watch stream: context canceled") has prevented the request from succeeding W0320 08:47:25.276969 1 reflector.go:484] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers.go:106: watch of *v1.ClusterOperator ended with: an error on the server ("unable to decode an event from the watch stream: context canceled") has prevented the request from succeeding E0320 08:47:25.276056 1 main.go:233] "problem running manager" err="leader election lost" logger="setup" reason: Error startedAt: "2026-03-20T08:38:59Z" name: control-plane-machine-set-operator ready: true restartCount: 1 started: true state: running: startedAt: "2026-03-20T08:47:26Z" volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: control-plane-machine-set-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-htv9s readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.62 podIPs: - ip: 10.128.0.62 qosClass: Burstable startTime: "2026-03-20T08:37:20Z" - apiVersion: v1 kind: Pod metadata: annotations: openshift.io/scc: privileged creationTimestamp: "2026-03-20T08:58:51Z" generateName: ironic-proxy- labels: baremetal.openshift.io/cluster-baremetal-operator: ironic-proxy controller-revision-hash: 7b6998f9c8 k8s-app: metal3 pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:controller-revision-hash: {} f:k8s-app: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"da8072ac-5b4b-4676-9aae-cb1e1348d2b4"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"ironic-proxy"}: .: {} f:command: {} f:env: .: {} k:{"name":"IRONIC_PROXY_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_UPSTREAM_IP"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_UPSTREAM_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":6385,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:add: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-20T08:58:51Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"192.168.32.10"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-20T08:59:02Z" name: ironic-proxy-28zbq namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: ironic-proxy uid: da8072ac-5b4b-4676-9aae-cb1e1348d2b4 resourceVersion: "17363" uid: a94e327e-399f-403f-988c-9399f601171a spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - master-0 containers: - command: - /bin/runironic-proxy env: - name: IRONIC_PROXY_PORT value: "6385" - name: IRONIC_UPSTREAM_IP value: 192.168.32.10 - name: IRONIC_UPSTREAM_PORT value: "6388" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: ironic-proxy ports: - containerPort: 6385 hostPort: 6385 name: ironic-proxy protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: add: - FOWNER drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kx47l readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true hostNetwork: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: false serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists - effect: NoSchedule key: node.kubernetes.io/disk-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/pid-pressure operator: Exists - effect: NoSchedule key: node.kubernetes.io/unschedulable operator: Exists - effect: NoSchedule key: node.kubernetes.io/network-unavailable operator: Exists volumes: - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: kube-api-access-kx47l projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:02Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-20T08:58:51Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:02Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:02Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-20T08:58:51Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://d7fdc125f5323bb4c3f0962205d1b3dad7bcca2b5a935dab07c8391e964d0e7e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: ironic-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-20T08:59:02Z" volumeMounts: - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kx47l readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 192.168.32.10 podIPs: - ip: 192.168.32.10 qosClass: Burstable startTime: "2026-03-20T08:58:51Z" - apiVersion: v1 kind: Pod metadata: annotations: capability.openshift.io/name: MachineAPI k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.67/23"],"mac_address":"0a:58:0a:80:00:43","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.67/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.67" ], "mac": "0a:58:0a:80:00:43", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: machine-api-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-20T08:37:30Z" generateName: machine-api-operator-6fbb6cf6f9- labels: k8s-app: machine-api-operator pod-template-hash: 6fbb6cf6f9 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"3fb2b52a-64c7-4eb2-b291-c363bb3fe429"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"machine-api-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"COMPONENT_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"METRICS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/machine-api-operator-config/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"images"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"machine-api-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-20T08:37:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-20T08:37:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-20T08:38:46Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.67"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-20T08:49:37Z" name: machine-api-operator-6fbb6cf6f9-n8tnn namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: machine-api-operator-6fbb6cf6f9 uid: 3fb2b52a-64c7-4eb2-b291-c363bb3fe429 resourceVersion: "14409" uid: c7f5e6cd-e093-409a-8758-d3db7a7eb32c spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-proxy/config-file.yaml - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000480000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: config - mountPath: /etc/tls/private name: machine-api-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-plc2q readOnly: true - args: - start - --images-json=/etc/machine-api-operator-config/images/images.json - --alsologtostderr - --v=3 command: - /machine-api-operator env: - name: RELEASE_VERSION value: 4.18.35 - name: COMPONENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: METRICS_PORT value: "8080" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c imagePullPolicy: IfNotPresent name: machine-api-operator resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000480000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/machine-api-operator-config/images name: images - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-plc2q readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000480000 seLinuxOptions: level: s0:c22,c9 seccompProfile: type: RuntimeDefault serviceAccount: machine-api-operator serviceAccountName: machine-api-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 name: kube-rbac-proxy name: config - configMap: defaultMode: 420 name: machine-api-operator-images name: images - name: machine-api-operator-tls secret: defaultMode: 420 secretName: machine-api-operator-tls - name: kube-api-access-plc2q projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-20T08:38:59Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-20T08:37:30Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-20T08:49:19Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-20T08:49:19Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-20T08:37:30Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://b78496ecf995c35d24dfd3908193418c538ce4e684ecf45bdc674a187caf26f7 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed lastState: {} name: kube-rbac-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-20T08:38:47Z" volumeMounts: - mountPath: /etc/kube-rbac-proxy name: config - mountPath: /etc/tls/private name: machine-api-operator-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-plc2q readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://d7939ef7c290e843cafc75df83a35de9f660e51bdc0cf643e425304013e11a00 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:de91abd5ad76fb491881a75a0feb4b8ca5600ceb5e15a4b0b687ada01ea0a44c lastState: terminated: containerID: cri-o://43664e36cb7b60519ab710dfbfcb9bd2c63951d962e394659ce8bb21e98ebbb9 exitCode: 255 finishedAt: "2026-03-20T08:49:16Z" message: | ions/factory.go:125 I0320 08:44:40.768271 1 reflector.go:368] Caches populated for *v1beta1.Machine from github.com/openshift/client-go/machine/informers/externalversions/factory.go:125 I0320 08:44:42.523641 1 reflector.go:341] Listing and watching *v1.FeatureGate from github.com/openshift/client-go/config/informers/externalversions/factory.go:125 I0320 08:44:42.526418 1 reflector.go:368] Caches populated for *v1.FeatureGate from github.com/openshift/client-go/config/informers/externalversions/factory.go:125 I0320 08:44:52.878166 1 reflector.go:341] Listing and watching *v1.Proxy from github.com/openshift/client-go/config/informers/externalversions/factory.go:125 I0320 08:44:52.881803 1 reflector.go:368] Caches populated for *v1.Proxy from github.com/openshift/client-go/config/informers/externalversions/factory.go:125 E0320 08:45:33.859878 1 leaderelection.go:429] Failed to update lock optimitically: Timeout: request did not complete within requested timeout - context deadline exceeded, falling back to slow path E0320 08:46:33.861642 1 leaderelection.go:436] error retrieving resource lock openshift-machine-api/machine-api-operator: the server was unable to return a response in the time allotted, but may still be processing the request (get leases.coordination.k8s.io machine-api-operator) E0320 08:48:07.868981 1 leaderelection.go:429] Failed to update lock optimitically: Timeout: request did not complete within requested timeout - context deadline exceeded, falling back to slow path E0320 08:48:59.854858 1 leaderelection.go:436] error retrieving resource lock openshift-machine-api/machine-api-operator: Get "https://172.30.0.1:443/apis/coordination.k8s.io/v1/namespaces/openshift-machine-api/leases/machine-api-operator": context deadline exceeded I0320 08:48:59.854931 1 leaderelection.go:297] failed to renew lease openshift-machine-api/machine-api-operator: timed out waiting for the condition F0320 08:49:16.553353 1 start.go:104] Leader election lost reason: Error startedAt: "2026-03-20T08:38:59Z" name: machine-api-operator ready: true restartCount: 1 started: true state: running: startedAt: "2026-03-20T08:49:18Z" volumeMounts: - mountPath: /etc/machine-api-operator-config/images name: images - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-plc2q readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.67 podIPs: - ip: 10.128.0.67 qosClass: Burstable startTime: "2026-03-20T08:37:30Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.112/23"],"mac_address":"0a:58:0a:80:00:70","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.112/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.112" ], "mac": "0a:58:0a:80:00:70", "default": true, "dns": {} }] openshift.io/required-scc: hostnetwork-v2 openshift.io/scc: hostnetwork-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-20T08:58:47Z" generateName: metal3-baremetal-operator-78474bdc48- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-baremetal-operator baremetal.openshift.io/metal3-validating-webhook: metal3-validating-webhook k8s-app: metal3 pod-template-hash: 78474bdc48 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:baremetal.openshift.io/metal3-validating-webhook: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"fab06089-2363-47db-ba63-b16d69a0cc90"}: {} f:spec: f:containers: k:{"name":"metal3-baremetal-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DEPLOY_KERNEL_URL"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_CACERT_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_ENDPOINT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_EXTERNAL_IP"}: .: {} f:name: {} k:{"name":"IRONIC_EXTERNAL_URL_V6"}: .: {} f:name: {} k:{"name":"IRONIC_INSECURE"}: .: {} f:name: {} f:value: {} k:{"name":"LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE"}: .: {} f:name: {} f:value: {} k:{"name":"METAL3_AUTH_ROOT_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"OPERATOR_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"WATCH_NAMESPACE"}: .: {} f:name: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9447,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/auth/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp/k8s-webhook-server/serving-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-ironic-basic-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-20T08:58:47Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-20T08:58:47Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-20T08:58:49Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.112"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-20T08:58:53Z" name: metal3-baremetal-operator-78474bdc48-ndj7c namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-baremetal-operator-78474bdc48 uid: fab06089-2363-47db-ba63-b16d69a0cc90 resourceVersion: "17343" uid: 833281c3-2691-4d1b-852c-b02ab69e5f9f spec: containers: - args: - --health-addr - :9446 - -build-preprov-image - -enable-leader-election - -lease-duration-seconds - "137" - -renew-deadline-seconds - "107" - -retry-period-seconds - "26" - --webhook-port - "9447" command: - /baremetal-operator env: - name: WATCH_NAMESPACE - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: OPERATOR_NAME value: baremetal-operator - name: IRONIC_CACERT_FILE value: /certs/ironic/tls.crt - name: IRONIC_INSECURE value: "true" - name: DEPLOY_KERNEL_URL value: file:///shared/html/images/ironic-python-agent.kernel - name: IRONIC_ENDPOINT value: https://metal3-state.openshift-machine-api.svc.cluster.local:6388/v1/ - name: LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE value: Never - name: METAL3_AUTH_ROOT_DIR value: /auth - name: IRONIC_EXTERNAL_IP - name: IRONIC_EXTERNAL_URL_V6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 imagePullPolicy: IfNotPresent name: metal3-baremetal-operator ports: - containerPort: 9447 name: webhook-server protocol: TCP resources: requests: cpu: 20m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000480000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-96xfp readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000480000 seLinuxOptions: level: s0:c22,c9 seccompProfile: type: RuntimeDefault supplementalGroups: - 1000480000 serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: cert secret: defaultMode: 420 secretName: baremetal-operator-webhook-server-cert - name: metal3-ironic-basic-auth secret: defaultMode: 420 items: - key: username path: username - key: password path: password secretName: metal3-ironic-password - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: kube-api-access-96xfp projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-20T08:58:53Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-20T08:58:47Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-20T08:58:53Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-20T08:58:53Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-20T08:58:47Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://46d14571073011e493b10101177f3f8c7cda204db7876fcedecfce087026187b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3160b9c4d5f4c3af05c6a073a1c590b9679be82d06193a819aaed0a2914e27f7 lastState: {} name: metal3-baremetal-operator ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-20T08:58:53Z" volumeMounts: - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true recursiveReadOnly: Disabled - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-96xfp readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 phase: Running podIP: 10.128.0.112 podIPs: - ip: 10.128.0.112 qosClass: Burstable startTime: "2026-03-20T08:58:47Z" - apiVersion: v1 kind: Pod metadata: annotations: openshift.io/scc: privileged creationTimestamp: "2026-03-20T08:58:46Z" generateName: metal3-c957566cd- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-state k8s-app: metal3 pod-template-hash: c957566cd managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"4dd17295-b232-4122-aa77-a2ca9af13e69"}: {} f:spec: f:containers: k:{"name":"metal3-httpd"}: .: {} f:command: {} f:env: .: {} k:{"name":"HTTP_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_LISTEN_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_PRIVATE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_REVERSE_PROXY_SETUP"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_INTERFACE"}: .: {} f:name: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROVISIONING_MACS"}: .: {} f:name: {} k:{"name":"VMEDIA_TLS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":6180,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} k:{"containerPort":6183,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} k:{"containerPort":6388,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/auth/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/vmedia"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} k:{"name":"metal3-ironic"}: .: {} f:command: {} f:env: .: {} k:{"name":"HTTP_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_EXTERNAL_IP"}: .: {} f:name: {} k:{"name":"IRONIC_INSECURE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_KERNEL_PARAMS"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_PRIVATE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_REVERSE_PROXY_SETUP"}: .: {} f:name: {} f:value: {} k:{"name":"PROVISIONING_INTERFACE"}: .: {} f:name: {} k:{"name":"PROVISIONING_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROVISIONING_MACS"}: .: {} f:name: {} k:{"name":"VMEDIA_TLS_PORT"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/certs/ironic"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/certs/vmedia"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} k:{"name":"metal3-ramdisk-logs"}: .: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:add: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:initContainers: .: {} k:{"name":"machine-os-images"}: .: {} f:command: {} f:env: .: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-ironic-basic-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-ironic-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metal3-shared"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"metal3-shared-image-cache"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"metal3-vmedia-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-20T08:58:46Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"192.168.32.10"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-20T08:59:29Z" name: metal3-c957566cd-lgms8 namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-c957566cd uid: 4dd17295-b232-4122-aa77-a2ca9af13e69 resourceVersion: "17438" uid: 66940526-3f1e-4610-9d67-acea8496a04d spec: containers: - command: - /bin/runhttpd env: - name: HTTP_PORT value: "6180" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: PROVISIONING_INTERFACE - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnavJQaXxC+yeuA5N7qdNeeDsXeWq7JlzqryH1M4e/w6hHiwFgoek44R0ZcvwhEJtT/bDT2Itrv4ZEKH9QOZnHgwSupWuIU730ilXrLhoqbVXnPVs1KD1DMqPKe4a94PEcnwSjO4oHPPMTbi7sKB54G70oSldWQDK3sX3DNLgS6KXDTmWPPTI9Zm6z9qJRFULAOYyJS1ziv4e3X/plax6J/E1H7CTMq77xK7GEcbrMvw8sEjEYbtzAzYtlZKcEet0Y8aV77Zx01u+RkHYKXj7Ji5hn+x8IlIFshNumiVFKUSMoasw5uV+NfaJMdDlH4PVacb5Zb7chsWIw3W20UMKb - name: PROVISIONING_MACS - name: VMEDIA_TLS_PORT value: "6183" - name: IRONIC_REVERSE_PROXY_SETUP value: "true" - name: IRONIC_PRIVATE_PORT value: unix - name: IRONIC_LISTEN_PORT value: "6388" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-httpd ports: - containerPort: 6388 hostPort: 6388 name: ironic protocol: TCP - containerPort: 6180 hostPort: 6180 name: http protocol: TCP - containerPort: 6183 hostPort: 6183 name: vmedia-https protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-m7pgd readOnly: true - command: - /bin/runironic env: - name: IRONIC_INSECURE value: "true" - name: IRONIC_KERNEL_PARAMS value: rd.net.timeout.carrier=30 ip=dhcp - name: IRONIC_REVERSE_PROXY_SETUP value: "true" - name: IRONIC_PRIVATE_PORT value: unix - name: HTTP_PORT value: "6180" - name: PROVISIONING_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: PROVISIONING_INTERFACE - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnavJQaXxC+yeuA5N7qdNeeDsXeWq7JlzqryH1M4e/w6hHiwFgoek44R0ZcvwhEJtT/bDT2Itrv4ZEKH9QOZnHgwSupWuIU730ilXrLhoqbVXnPVs1KD1DMqPKe4a94PEcnwSjO4oHPPMTbi7sKB54G70oSldWQDK3sX3DNLgS6KXDTmWPPTI9Zm6z9qJRFULAOYyJS1ziv4e3X/plax6J/E1H7CTMq77xK7GEcbrMvw8sEjEYbtzAzYtlZKcEet0Y8aV77Zx01u+RkHYKXj7Ji5hn+x8IlIFshNumiVFKUSMoasw5uV+NfaJMdDlH4PVacb5Zb7chsWIw3W20UMKb - name: IRONIC_EXTERNAL_IP - name: PROVISIONING_MACS - name: VMEDIA_TLS_PORT value: "6183" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-ironic resources: requests: cpu: 50m memory: 500Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-m7pgd readOnly: true - command: - /bin/runlogwatch.sh image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imagePullPolicy: IfNotPresent name: metal3-ramdisk-logs resources: requests: cpu: 10m memory: 5Mi securityContext: capabilities: add: - CAP_DAC_OVERRIDE drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-m7pgd readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true hostNetwork: true initContainers: - command: - /bin/copy-metal - --all - /shared/html/images env: - name: IP_OPTIONS value: ip=dhcp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imagePullPolicy: IfNotPresent name: machine-os-images resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-m7pgd readOnly: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: false serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: metal3-shared - hostPath: path: /var/lib/metal3/images type: DirectoryOrCreate name: metal3-shared-image-cache - name: metal3-ironic-basic-auth secret: defaultMode: 420 items: - key: username path: username - key: password path: password - key: htpasswd path: htpasswd secretName: metal3-ironic-password - name: cert secret: defaultMode: 420 secretName: baremetal-operator-webhook-server-cert - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: metal3-ironic-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: metal3-vmedia-tls secret: defaultMode: 420 secretName: metal3-ironic-tls - name: kube-api-access-m7pgd projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:22Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:24Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:29Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:29Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-20T08:58:46Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://36a83cfb2eb1a3b43bd690cd5ad3fa88b09c580692252fdfc6f585aaa30c2860 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: metal3-httpd ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-20T08:59:25Z" volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /auth/ironic name: metal3-ironic-basic-auth readOnly: true recursiveReadOnly: Disabled - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-m7pgd readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://2c155afab473e3acdaac2c07dc119cd65b3d38ad1aa3084f2f3aeff954d5269d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: metal3-ironic ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-20T08:59:27Z" volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /certs/ironic name: metal3-ironic-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /certs/vmedia name: metal3-vmedia-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-m7pgd readOnly: true recursiveReadOnly: Disabled - containerID: cri-o://cccd0ad038ec8de56997d4b0db2fb804c4190cdc588a49a030c102b8f6f0757f image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8484f65d4a84230f93c986362dde19aff9b77de01b50e5af1948748b51382001 lastState: {} name: metal3-ramdisk-logs ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-20T08:59:28Z" volumeMounts: - mountPath: /shared name: metal3-shared - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-m7pgd readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 initContainerStatuses: - containerID: cri-o://8816ad105b5bad68dd32058052608cbc7b6133fab0c5c7ede99fe40a809fbe04 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b lastState: {} name: machine-os-images ready: true restartCount: 0 started: false state: terminated: containerID: cri-o://8816ad105b5bad68dd32058052608cbc7b6133fab0c5c7ede99fe40a809fbe04 exitCode: 0 finishedAt: "2026-03-20T08:59:24Z" reason: Completed startedAt: "2026-03-20T08:59:21Z" volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-m7pgd readOnly: true recursiveReadOnly: Disabled phase: Running podIP: 192.168.32.10 podIPs: - ip: 192.168.32.10 qosClass: Burstable startTime: "2026-03-20T08:58:47Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.128.0.113/23"],"mac_address":"0a:58:0a:80:00:71","gateway_ips":["10.128.0.1"],"routes":[{"dest":"10.128.0.0/16","nextHop":"10.128.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.128.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.128.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.128.0.1"}],"ip_address":"10.128.0.113/23","gateway_ip":"10.128.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.128.0.113" ], "mac": "0a:58:0a:80:00:71", "default": true, "dns": {} }] openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default creationTimestamp: "2026-03-20T08:58:50Z" generateName: metal3-image-customization-7dd5d8c865- labels: baremetal.openshift.io/cluster-baremetal-operator: metal3-image-customization-service k8s-app: metal3 pod-template-hash: 7dd5d8c865 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:baremetal.openshift.io/cluster-baremetal-operator: {} f:k8s-app: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"39cec1a7-f25c-4e82-b750-2930a58c67cb"}: {} f:spec: f:containers: k:{"name":"machine-image-customization-controller"}: .: {} f:command: {} f:env: .: {} k:{"name":"ADDITIONAL_NTP_SERVERS"}: .: {} f:name: {} k:{"name":"CA_BUNDLE"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_INITRD"}: .: {} f:name: {} f:value: {} k:{"name":"DEPLOY_ISO"}: .: {} f:name: {} f:value: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_AGENT_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_BASE_URL"}: .: {} f:name: {} f:value: {} k:{"name":"IRONIC_RAMDISK_SSH_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRIES_CONF_PATH"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8084,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/containers/registries.conf"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/run/secrets/pull-secret"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:initContainers: .: {} k:{"name":"machine-os-images"}: .: {} f:command: {} f:env: .: {} k:{"name":"IP_OPTIONS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/shared/html/images"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"ironic-agent-pull-secret"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} k:{"name":"metal3-image-customization-volume"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"metal3-shared-image-cache"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"user-ca-bundle"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-03-20T08:58:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: master-0 operation: Update subresource: status time: "2026-03-20T08:58:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-03-20T08:58:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.128.0.113"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-03-20T08:59:44Z" name: metal3-image-customization-7dd5d8c865-5ppkq namespace: openshift-machine-api ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metal3-image-customization-7dd5d8c865 uid: 39cec1a7-f25c-4e82-b750-2930a58c67cb resourceVersion: "17548" uid: a78acf22-ffe5-4b13-9ec6-a4b212930d6a spec: containers: - command: - /machine-image-customization-controller - -images-bind-addr - :8084 - -images-publish-addr - http://metal3-image-customization-service.openshift-machine-api.svc.cluster.local/ env: - name: NO_PROXY value: ',192.168.32.10' - name: DEPLOY_ISO value: /shared/html/images/ironic-python-agent.iso - name: DEPLOY_INITRD value: /shared/html/images/ironic-python-agent.initramfs - name: IRONIC_BASE_URL value: https://192.168.32.10:6385 - name: IRONIC_AGENT_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:16b329950fbff70a8d997d0bd95e11d9a6a1263a00211385716b2b62bfacf0ee - name: REGISTRIES_CONF_PATH value: /etc/containers/registries.conf - name: IP_OPTIONS value: ip=dhcp - name: ADDITIONAL_NTP_SERVERS - name: CA_BUNDLE value: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt - name: IRONIC_RAMDISK_SSH_KEY value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnavJQaXxC+yeuA5N7qdNeeDsXeWq7JlzqryH1M4e/w6hHiwFgoek44R0ZcvwhEJtT/bDT2Itrv4ZEKH9QOZnHgwSupWuIU730ilXrLhoqbVXnPVs1KD1DMqPKe4a94PEcnwSjO4oHPPMTbi7sKB54G70oSldWQDK3sX3DNLgS6KXDTmWPPTI9Zm6z9qJRFULAOYyJS1ziv4e3X/plax6J/E1H7CTMq77xK7GEcbrMvw8sEjEYbtzAzYtlZKcEet0Y8aV77Zx01u+RkHYKXj7Ji5hn+x8IlIFshNumiVFKUSMoasw5uV+NfaJMdDlH4PVacb5Zb7chsWIw3W20UMKb image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 imagePullPolicy: IfNotPresent name: machine-image-customization-controller ports: - containerPort: 8084 name: http protocol: TCP resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/containers/registries.conf name: metal3-image-customization-volume - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /run/secrets/pull-secret name: ironic-agent-pull-secret readOnly: true subPath: pull-secret - mountPath: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt name: user-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-jbd6w readOnly: true dnsPolicy: ClusterFirstWithHostNet enableServiceLinks: true initContainers: - command: - /bin/copy-metal - --all - /shared/html/images env: - name: IP_OPTIONS value: ip=dhcp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imagePullPolicy: IfNotPresent name: machine-os-images resources: requests: cpu: 5m memory: 50Mi securityContext: capabilities: drop: - ALL privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-jbd6w readOnly: true nodeName: master-0 nodeSelector: node-role.kubernetes.io/master: "" preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: cluster-baremetal-operator serviceAccountName: cluster-baremetal-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - hostPath: path: /etc/containers/registries.conf type: FileOrCreate name: metal3-image-customization-volume - hostPath: path: /var/lib/metal3/images type: DirectoryOrCreate name: metal3-shared-image-cache - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cbo-trusted-ca optional: true name: trusted-ca - name: ironic-agent-pull-secret secret: defaultMode: 420 items: - key: .dockerconfigjson path: pull-secret secretName: pull-secret - hostPath: path: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt type: File name: user-ca-bundle - name: kube-api-access-jbd6w projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:22Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:39Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:44Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-03-20T08:59:44Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-03-20T08:58:50Z" status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://055f55516659102ae6912a7f2b285d4cf811f3d74a6f2982b6d28321afed28cb image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f28c3488ff36d9ed2ab6da459a8bead5f5949a4216e12b83f22a26bc502faed1 lastState: {} name: machine-image-customization-controller ready: true restartCount: 0 started: true state: running: startedAt: "2026-03-20T08:59:43Z" volumeMounts: - mountPath: /etc/containers/registries.conf name: metal3-image-customization-volume - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /run/secrets/pull-secret name: ironic-agent-pull-secret readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt name: user-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-jbd6w readOnly: true recursiveReadOnly: Disabled hostIP: 192.168.32.10 hostIPs: - ip: 192.168.32.10 initContainerStatuses: - containerID: cri-o://ec26c34b7287b8d2f79420e74d8932d2d33d757c53cc49366a982ce2f281d552 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00db3efdb8113f49d0cf5fac1ce22ba738b29fb7ec51faa94e235d09dcfac70b lastState: {} name: machine-os-images ready: true restartCount: 2 started: false state: terminated: containerID: cri-o://ec26c34b7287b8d2f79420e74d8932d2d33d757c53cc49366a982ce2f281d552 exitCode: 0 finishedAt: "2026-03-20T08:59:38Z" reason: Completed startedAt: "2026-03-20T08:59:38Z" volumeMounts: - mountPath: /shared/html/images name: metal3-shared-image-cache - mountPath: /etc/pki/ca-trust/extracted/pem name: trusted-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-jbd6w readOnly: true recursiveReadOnly: Disabled phase: Running podIP: 10.128.0.113 podIPs: - ip: 10.128.0.113 qosClass: Burstable startTime: "2026-03-20T08:58:50Z" kind: PodList metadata: resourceVersion: "76739"