--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: capability.openshift.io/name: CloudCredential config.openshift.io/inject-proxy: cloud-credential-operator deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "1" deployment.kubernetes.io/revision: "1" exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" creationTimestamp: "2026-03-18T13:10:54Z" generation: 1 labels: app: cloud-credential-operator control-plane: controller-manager controller-tools.k8s.io: "1.0" pod-template-hash: 744f9dbf77 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:capability.openshift.io/name: {} f:config.openshift.io/inject-proxy: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:exclude.release.openshift.io/internal-openshift-hosted: {} f:include.release.openshift.io/self-managed-high-availability: {} f:labels: .: {} f:app: {} f:control-plane: {} f:controller-tools.k8s.io: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"6e22562f-1b4e-47d3-b43e-5f1e4b0616fb"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:app: {} f:control-plane: {} f:controller-tools.k8s.io: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"cloud-credential-operator"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"AWS_POD_IDENTITY_WEBHOOK_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"AZURE_POD_IDENTITY_WEBHOOK_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"GCP_POD_IDENTITY_WEBHOOK_IMAGE"}: .: {} f:name: {} f:value: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/run/configmaps/trusted-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cco-trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"cloud-credential-operator-serving-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-03-18T13:10:54Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-03-18T13:11:24Z" name: cloud-credential-operator-744f9dbf77 namespace: openshift-cloud-credential-operator ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: cloud-credential-operator uid: 6e22562f-1b4e-47d3-b43e-5f1e4b0616fb resourceVersion: "10154" uid: a16792bd-513d-40cb-8f5e-a8e9145c4649 spec: replicas: 1 selector: matchLabels: control-plane: controller-manager controller-tools.k8s.io: "1.0" pod-template-hash: 744f9dbf77 template: metadata: annotations: openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: app: cloud-credential-operator control-plane: controller-manager controller-tools.k8s.io: "1.0" pod-template-hash: 744f9dbf77 spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:2112/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --logtostderr=true image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d12d0dc7eb86bbedf6b2d7689a28fd51f0d928f720e4a6783744304297c661ed imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: metrics protocol: TCP resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: cloud-credential-operator-serving-cert - args: - | if [ -s /var/run/configmaps/trusted-ca-bundle/tls-ca-bundle.pem ]; then echo "Copying system trust bundle" cp -f /var/run/configmaps/trusted-ca-bundle/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem fi exec /usr/bin/cloud-credential-operator operator command: - /bin/bash - -ec env: - name: RELEASE_VERSION value: 4.18.35 - name: AZURE_POD_IDENTITY_WEBHOOK_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:94b28a0da75f383085a88df3d5b3d97b976bd9cccf0defe613085e918c7126d8 - name: AWS_POD_IDENTITY_WEBHOOK_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a28db2438421fe0949a55d72bae4a3420a62802cb6b393cb295433652707aa11 - name: GCP_POD_IDENTITY_WEBHOOK_IMAGE value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6039c0124bfe0608d088f9380a0fc864f7e67d8815f8af0f00000c185b019fbb image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:82f2c59d19eb73ad5c0f93b0a63003c1885f5297959c9c45b401d1a74aea6e76 imagePullPolicy: IfNotPresent name: cloud-credential-operator resources: requests: cpu: 10m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/configmaps/trusted-ca-bundle name: cco-trusted-ca dnsPolicy: ClusterFirst nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccount: cloud-credential-operator serviceAccountName: cloud-credential-operator terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: cco-trusted-ca optional: true name: cco-trusted-ca - name: cloud-credential-operator-serving-cert secret: defaultMode: 420 secretName: cloud-credential-operator-serving-cert status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 1 readyReplicas: 1 replicas: 1 kind: ReplicaSetList metadata: resourceVersion: "24950"