apiVersion: apps/v1 kind: StatefulSet metadata: creationTimestamp: "2025-12-04T12:22:42Z" generation: 2 name: ironic-inspector namespace: openstack ownerReferences: - apiVersion: ironic.openstack.org/v1beta1 blockOwnerDeletion: true controller: true kind: IronicInspector name: ironic-inspector uid: 41d21a95-3e6a-4624-882f-f84f79ba3ab3 resourceVersion: "36561" uid: dcd46061-29d3-4875-878f-f424a1fafbb2 spec: persistentVolumeClaimRetentionPolicy: whenDeleted: Retain whenScaled: Retain podManagementPolicy: Parallel replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: component: inspector service: ironic serviceName: "" template: metadata: annotations: k8s.v1.cni.cncf.io/networks: '[{"name":"ironic","namespace":"openstack","interface":"ironic"}]' creationTimestamp: null labels: component: inspector service: ironic spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: service operator: In values: - ironic topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n8dh568h568hc6h54bh8dh688h9chf5h65fhbfh6ch87h56fh5d8h5dfh87h59dh679hd4hdbhd4h5c4h65bh4h5b7h5f7hdfh696hc9h669h79q - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-inspector@sha256:942f9cbe36d328caa5d68b398703b2be5d7b7dc2b034a72d2ae62416cb7be208 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /v1 port: 5050 scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 name: ironic-inspector-httpd readinessProbe: failureThreshold: 3 httpGet: path: /v1 port: 5050 scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: runAsUser: 0 startupProbe: failureThreshold: 6 httpGet: path: /v1 port: 5050 scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: httpd-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - mountPath: /var/lib/config-data/tls/certs/internal.crt name: internal-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/internal.key name: internal-tls-certs readOnly: true subPath: tls.key - mountPath: /var/lib/config-data/tls/certs/public.crt name: public-tls-certs readOnly: true subPath: tls.crt - mountPath: /var/lib/config-data/tls/private/public.key name: public-tls-certs readOnly: true subPath: tls.key - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n8dh568h568hc6h54bh8dh688h9chf5h65fhbfh6ch87h56fh5d8h5dfh87h59dh679hd4hdbhd4h5c4h65bh4h5b7h5f7hdfh696hc9h669h79q - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-inspector@sha256:942f9cbe36d328caa5d68b398703b2be5d7b7dc2b034a72d2ae62416cb7be208 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /v1 port: 5050 scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 name: ironic-inspector readinessProbe: failureThreshold: 3 httpGet: path: /v1 port: 5050 scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: runAsUser: 0 startupProbe: failureThreshold: 6 httpGet: path: /v1 port: 5050 scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: ironic-inspector-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n8dh568h568hc6h54bh8dh688h9chf5h65fhbfh6ch87h56fh5d8h5dfh87h59dh679hd4hdbhd4h5c4h65bh4h5b7h5f7hdfh696hc9h669h79q - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-pxe@sha256:7cb9e377fa81bbe84fcc006b27c45d56ea3d6ed2144fb9ebf5fb8df5b920d423 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 tcpSocket: port: 8088 timeoutSeconds: 10 name: inspector-httpboot readinessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 tcpSocket: port: 8088 timeoutSeconds: 10 resources: {} securityContext: runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: httpboot-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n8dh568h568hc6h54bh8dh688h9chf5h65fhbfh6ch87h56fh5d8h5dfh87h59dh679hd4hdbhd4h5c4h65bh4h5b7h5f7hdfh696hc9h669h79q - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-inspector@sha256:942f9cbe36d328caa5d68b398703b2be5d7b7dc2b034a72d2ae62416cb7be208 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - /usr/bin/pkill - inotifywait name: ramdisk-logs resources: {} securityContext: runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: ramdisk-logs-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - args: - -c - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start command: - /bin/bash env: - name: CONFIG_HASH value: n8dh568h568hc6h54bh8dh688h9chf5h65fhbfh6ch87h56fh5d8h5dfh87h59dh679hd4hdbhd4h5c4h65bh4h5b7h5f7hdfh696hc9h669h79q - name: KOLLA_CONFIG_STRATEGY value: COPY_ALWAYS image: quay.io/podified-antelope-centos9/openstack-ironic-inspector@sha256:942f9cbe36d328caa5d68b398703b2be5d7b7dc2b034a72d2ae62416cb7be208 imagePullPolicy: IfNotPresent livenessProbe: exec: command: - sh - -c - ss -lun | grep :69 failureThreshold: 3 initialDelaySeconds: 3 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 10 name: inspector-dnsmasq readinessProbe: exec: command: - sh - -c - ss -lun | grep :69 failureThreshold: 3 initialDelaySeconds: 3 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 10 resources: {} securityContext: capabilities: add: - NET_ADMIN - NET_RAW runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/kolla/config_files/config.json name: config readOnly: true subPath: dnsmasq-config.json - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /var/lib/ironic-inspector/dhcp-hostsdir name: var-lib-ironic-inspector-dhcp-hostsdir - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem dnsPolicy: ClusterFirst initContainers: - args: - -c - mkdir -p /var/lib/ironic/httpboot /var/lib/ironic/ramdisk-logs command: - /bin/bash env: - name: DEST_DIR value: /var/lib/ironic/httpboot image: quay.io/podified-antelope-centos9/ironic-python-agent@sha256:9d930c44b5d90b140117dd05d976d10d29d93eed9a70118e594e00da64594562 imagePullPolicy: IfNotPresent name: ironic-python-agent-init resources: {} securityContext: privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem - args: - -c - /usr/local/bin/container-scripts/inspector-pxe-init.sh command: - /bin/bash env: - name: IronicInspectorPassword valueFrom: secretKeyRef: key: IronicInspectorPassword name: osp-secret - name: PodName valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: PodNamespace valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: TransportURL valueFrom: secretKeyRef: key: transport_url name: rabbitmq-transport-url-ironic-inspector-transport - name: QuorumQueues valueFrom: secretKeyRef: key: quorumqueues name: rabbitmq-transport-url-ironic-inspector-transport optional: true - name: DatabaseHost value: openstack.openstack.svc - name: DatabaseName value: ironic_inspector - name: IngressDomain value: apps.sno.openstack.lab - name: InspectionNetwork value: ironic - name: InspectorHTTPURL value: http://%(InspectorNetworkIP)s:8088/ image: quay.io/podified-antelope-centos9/openstack-ironic-pxe@sha256:7cb9e377fa81bbe84fcc006b27c45d56ea3d6ed2144fb9ebf5fb8df5b920d423 imagePullPolicy: IfNotPresent name: inspector-pxe-init resources: {} securityContext: capabilities: add: - SYS_CHROOT - SETFCAP runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/local/bin/container-scripts name: scripts readOnly: true - mountPath: /var/lib/config-data/default name: config readOnly: true - mountPath: /var/lib/ironic name: var-lib-ironic - mountPath: /etc/podinfo name: etc-podinfo - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem name: combined-ca-bundle readOnly: true subPath: tls-ca-bundle.pem restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: ironic-ironic serviceAccountName: ironic-ironic terminationGracePeriodSeconds: 60 volumes: - name: scripts secret: defaultMode: 493 secretName: ironic-inspector-scripts - name: config secret: defaultMode: 416 secretName: ironic-inspector-config-data - emptyDir: {} name: var-lib-ironic - emptyDir: {} name: var-lib-ironic-inspector-dhcp-hostsdir - downwardAPI: defaultMode: 420 items: - fieldRef: apiVersion: v1 fieldPath: metadata.annotations['k8s.v1.cni.cncf.io/network-status'] path: network-status name: etc-podinfo - name: combined-ca-bundle secret: defaultMode: 292 secretName: combined-ca-bundle - name: internal-tls-certs secret: defaultMode: 256 secretName: cert-ironic-inspector-internal-svc - name: public-tls-certs secret: defaultMode: 256 secretName: cert-ironic-inspector-public-svc updateStrategy: rollingUpdate: partition: 0 type: RollingUpdate status: availableReplicas: 1 collisionCount: 0 currentReplicas: 1 currentRevision: ironic-inspector-7b4bd8bb45 observedGeneration: 2 readyReplicas: 1 replicas: 1 updateRevision: ironic-inspector-7b4bd8bb45 updatedReplicas: 1