--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.40/23"],"mac_address":"0a:58:0a:84:00:28","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.40/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.40" ], "mac": "0a:58:0a:84:00:28", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-15T05:59:19Z" generateName: authorino-686db986cb- generation: 1 labels: authorino-resource: authorino control-plane: controller-manager kuadrant.io/managed: "true" pod-template-hash: 686db986cb sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:generateName: {} f:labels: .: {} f:authorino-resource: {} f:control-plane: {} f:kuadrant.io/managed: {} f:pod-template-hash: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"7aea426e-f6a7-4862-bcec-66fce4e690d9"}: {} f:spec: f:containers: k:{"name":"authorino"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/ssl/certs/tls.crt"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/ssl/private/tls.key"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-15T05:59:19Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-128-243 operation: Update subresource: status time: "2026-06-15T05:59:20Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-15T05:59:20Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.40"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-15T05:59:21Z" name: authorino-686db986cb-n5rxl namespace: kuadrant-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: authorino-686db986cb uid: 7aea426e-f6a7-4862-bcec-66fce4e690d9 resourceVersion: "20638" uid: 82db39b0-d5da-43ef-8722-238f3f7cfeed spec: containers: - args: - --allow-superseding-host-subsets - --tls-cert=/etc/ssl/certs/tls.crt - --tls-cert-key=/etc/ssl/private/tls.key image: registry.redhat.io/rhcl-1/authorino-rhel9@sha256:76be3de77f8848f9e9f5ed0271b31255d35fdd486bb67eb6ca9ac792bc65b1ce imagePullPolicy: Always name: authorino resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000690000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/ssl/certs/tls.crt name: tls-cert readOnly: true subPath: tls.crt - mountPath: /etc/ssl/private/tls.key name: tls-cert readOnly: true subPath: tls.key - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2r279 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: authorino-authorino-dockercfg-6ncq5 nodeName: ip-10-0-128-243.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000690000 seLinuxOptions: level: s0:c26,c20 seccompProfile: type: RuntimeDefault serviceAccount: authorino-authorino serviceAccountName: authorino-authorino terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: tls-cert secret: defaultMode: 420 secretName: authorino-server-cert - name: kube-api-access-2r279 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-15T05:59:21Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-15T05:59:20Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-15T05:59:21Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-15T05:59:21Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-15T05:59:20Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://9b3a1ac119424c77fb25955e3cc384742ed4ba7059ddf9abe2178f4af25af3e4 image: registry.redhat.io/rhcl-1/authorino-rhel9@sha256:76be3de77f8848f9e9f5ed0271b31255d35fdd486bb67eb6ca9ac792bc65b1ce imageID: registry.redhat.io/rhcl-1/authorino-rhel9@sha256:4c493d4c74bfdccc75745400c8e0dd0734ecfa0e08b175e002a9466c1971e113 lastState: {} name: authorino ready: true resources: {} restartCount: 0 started: true state: running: startedAt: "2026-06-15T05:59:20Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000690000 uid: 1000690000 volumeMounts: - mountPath: /etc/ssl/certs/tls.crt name: tls-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/ssl/private/tls.key name: tls-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2r279 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.128.243 hostIPs: - ip: 10.0.128.243 observedGeneration: 1 phase: Running podIP: 10.132.0.40 podIPs: - ip: 10.132.0.40 qosClass: BestEffort startTime: "2026-06-15T05:59:20Z" - apiVersion: v1 kind: Pod metadata: annotations: alm-examples: |- [ { "apiVersion": "authorino.kuadrant.io/v1beta2", "kind": "AuthConfig", "metadata": { "name": "my-api-protection" }, "spec": { "authentication": { "api-key-users": { "apiKey": { "selector": { "matchLabels": { "group": "friends" } } }, "credentials": { "authorizationHeader": { "prefix": "APIKEY" } } } }, "hosts": [ "my-api.io" ] } }, { "apiVersion": "authorino.kuadrant.io/v1beta3", "kind": "AuthConfig", "metadata": { "name": "my-api-protection" }, "spec": { "authentication": { "api-key-users": { "apiKey": { "selector": { "matchLabels": { "group": "friends" } } }, "credentials": { "authorizationHeader": { "prefix": "APIKEY" } } } }, "hosts": [ "my-api.io" ] } }, { "apiVersion": "operator.authorino.kuadrant.io/v1beta1", "kind": "Authorino", "metadata": { "name": "authorino-sample" }, "spec": { "listener": { "tls": { "enabled": false } }, "oidcServer": { "tls": { "enabled": false } } } } ] capabilities: Basic Install categories: Integration & Delivery containerImage: registry.redhat.io/rhcl-1/authorino-rhel9-operator@sha256:1ebc76aad15cbaed4e24838005a68e3bd83353aaf341518d9846d419d6b65524 createdAt: "2026-05-28T14:45:22Z" features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "false" features.operators.openshift.io/csi: "false" features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" features.operators.openshift.io/proxy-aware: "false" features.operators.openshift.io/tls-profiles: "false" features.operators.openshift.io/token-auth-aws: "false" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.30/23"],"mac_address":"0a:58:0a:85:00:1e","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.30/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.30" ], "mac": "0a:58:0a:85:00:1e", "default": true, "dns": {} }] olm.operatorGroup: kuadrant olm.operatorNamespace: kuadrant-system olm.targetNamespaces: "" openshift.io/scc: restricted-v2 operatorframework.io/properties: '{"properties":[{"type":"olm.gvk","value":{"group":"authorino.kuadrant.io","kind":"AuthConfig","version":"v1beta2"}},{"type":"olm.gvk","value":{"group":"authorino.kuadrant.io","kind":"AuthConfig","version":"v1beta3"}},{"type":"olm.gvk","value":{"group":"operator.authorino.kuadrant.io","kind":"Authorino","version":"v1beta1"}},{"type":"olm.package","value":{"packageName":"authorino-operator","version":"1.4.0"}}]}' operators.openshift.io/valid-subscription: '["Red Hat Connectivity Link"]' operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/Kuadrant/authorino-operator seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user support: kuadrant creationTimestamp: "2026-06-15T05:57:59Z" generateName: authorino-operator-6d75c86569- generation: 1 labels: control-plane: authorino-operator pod-template-hash: 6d75c86569 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-141-25 operation: Update subresource: status time: "2026-06-15T05:57:59Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:alm-examples: {} f:capabilities: {} f:categories: {} f:containerImage: {} f:createdAt: {} f:features.operators.openshift.io/cnf: {} f:features.operators.openshift.io/cni: {} f:features.operators.openshift.io/csi: {} f:features.operators.openshift.io/disconnected: {} f:features.operators.openshift.io/fips-compliant: {} f:features.operators.openshift.io/proxy-aware: {} f:features.operators.openshift.io/tls-profiles: {} f:features.operators.openshift.io/token-auth-aws: {} f:features.operators.openshift.io/token-auth-azure: {} f:features.operators.openshift.io/token-auth-gcp: {} f:olm.operatorGroup: {} f:olm.operatorNamespace: {} f:olm.targetNamespaces: {} f:operatorframework.io/properties: {} f:operators.openshift.io/valid-subscription: {} f:operators.operatorframework.io/builder: {} f:operators.operatorframework.io/project_layout: {} f:repository: {} f:support: {} f:generateName: {} f:labels: .: {} f:control-plane: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"72012ff9-3a16-4e0a-9872-298036a185fb"}: {} f:spec: f:containers: k:{"name":"manager"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"OPERATOR_CONDITION_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"RELATED_IMAGE_AUTHORINO"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} manager: kube-controller-manager operation: Update time: "2026-06-15T05:57:59Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-15T05:57:59Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.30"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-15T05:58:14Z" name: authorino-operator-6d75c86569-cxdzr namespace: kuadrant-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: authorino-operator-6d75c86569 uid: 72012ff9-3a16-4e0a-9872-298036a185fb resourceVersion: "18804" uid: d7702eb8-c68c-4f71-b444-704933993bed spec: containers: - args: - --leader-elect command: - /manager env: - name: RELATED_IMAGE_AUTHORINO value: registry.redhat.io/rhcl-1/authorino-rhel9@sha256:76be3de77f8848f9e9f5ed0271b31255d35fdd486bb67eb6ca9ac792bc65b1ce - name: OPERATOR_CONDITION_NAME value: authorino-operator.v1.4.0 image: registry.redhat.io/rhcl-1/authorino-rhel9-operator@sha256:1ebc76aad15cbaed4e24838005a68e3bd83353aaf341518d9846d419d6b65524 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 8081 scheme: HTTP initialDelaySeconds: 15 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 name: manager ports: - containerPort: 8080 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: 8081 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 200m memory: 300Mi requests: cpu: 200m memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 1000690000 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lpfgb readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: authorino-operator-dockercfg-r5zhw nodeName: ip-10-0-141-25.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000690000 runAsNonRoot: true seLinuxOptions: level: s0:c26,c20 seccompProfile: type: RuntimeDefault serviceAccount: authorino-operator serviceAccountName: authorino-operator terminationGracePeriodSeconds: 10 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: kube-api-access-lpfgb projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:03Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-15T05:57:59Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:14Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:14Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-15T05:57:59Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 200m memory: 200Mi containerID: cri-o://2434fb8d7a088fe6dc1840d471538ce71251cc9ee9b345d0a6e1feba61e73a13 image: registry.redhat.io/rhcl-1/authorino-rhel9-operator@sha256:1ebc76aad15cbaed4e24838005a68e3bd83353aaf341518d9846d419d6b65524 imageID: registry.redhat.io/rhcl-1/authorino-rhel9-operator@sha256:1ebc76aad15cbaed4e24838005a68e3bd83353aaf341518d9846d419d6b65524 lastState: {} name: manager ready: true resources: limits: cpu: 200m memory: 300Mi requests: cpu: 200m memory: 200Mi restartCount: 0 started: true state: running: startedAt: "2026-06-15T05:58:02Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000690000 uid: 1000690000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lpfgb readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.141.25 hostIPs: - ip: 10.0.141.25 observedGeneration: 1 phase: Running podIP: 10.133.0.30 podIPs: - ip: 10.133.0.30 qosClass: Burstable startTime: "2026-06-15T05:57:59Z" - apiVersion: v1 kind: Pod metadata: annotations: alm-examples: |- [ { "apiVersion": "kuadrant.io/v1alpha1", "kind": "DNSHealthCheckProbe", "metadata": { "name": "$NAME" }, "spec": { "additionalHeadersRef": { "name": "headers" }, "address": "192.168.0.16", "allowInsecureCertificate": true, "failureThreshold": 5, "hostname": "test.com", "interval": "60s", "path": "/healthz", "port": 443, "protocol": "HTTPS" } }, { "apiVersion": "kuadrant.io/v1alpha1", "kind": "DNSRecord", "metadata": { "labels": { "app.kubernetes.io/created-by": "dns-operator", "app.kubernetes.io/instance": "dnsrecord-sample", "app.kubernetes.io/managed-by": "kustomize", "app.kubernetes.io/name": "dnsrecord", "app.kubernetes.io/part-of": "dns-operator" }, "name": "dnsrecord-sample" }, "spec": { "endpoints": [ { "dnsName": "dnsrecord-simple.kuadrant.local", "recordTTL": 60, "recordType": "A", "targets": [ "52.215.108.61", "52.30.101.221" ] } ], "providerRef": { "name": "dns-provider-credentials-inmemory" }, "rootHost": "dnsrecord-simple.kuadrant.local" } } ] capabilities: Basic Install categories: Integration & Delivery containerImage: registry.redhat.io/rhcl-1/dns-rhel9-operator@sha256:ba46f54446ecd3ed1a3d877dcbb7359ff8f2d918827f3411a5cb0781915a65d5 createdAt: "2026-05-28T08:04:09Z" description: A Kubernetes Operator to manage the lifecycle of DNS resources features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "false" features.operators.openshift.io/csi: "false" features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" features.operators.openshift.io/proxy-aware: "false" features.operators.openshift.io/tls-profiles: "false" features.operators.openshift.io/token-auth-aws: "false" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.22/23"],"mac_address":"0a:58:0a:86:00:16","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.22/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.22" ], "mac": "0a:58:0a:86:00:16", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: manager olm.operatorGroup: kuadrant olm.operatorNamespace: kuadrant-system olm.targetNamespaces: "" openshift.io/scc: restricted-v2 operatorframework.io/properties: '{"properties":[{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"DNSHealthCheckProbe","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"DNSRecord","version":"v1alpha1"}},{"type":"olm.package","value":{"packageName":"dns-operator","version":"1.4.0"}}]}' operators.openshift.io/valid-subscription: '["Red Hat Connectivity Link"]' operators.operatorframework.io/builder: operator-sdk-v1.33.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 repository: https://github.com/Kuadrant/dns-operator seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user support: kuadrant creationTimestamp: "2026-06-15T05:58:01Z" generateName: dns-operator-controller-manager-65b49595d7- generation: 1 labels: control-plane: dns-operator-controller-manager pod-template-hash: 65b49595d7 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-128-226 operation: Update subresource: status time: "2026-06-15T05:58:01Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:alm-examples: {} f:capabilities: {} f:categories: {} f:containerImage: {} f:createdAt: {} f:description: {} f:features.operators.openshift.io/cnf: {} f:features.operators.openshift.io/cni: {} f:features.operators.openshift.io/csi: {} f:features.operators.openshift.io/disconnected: {} f:features.operators.openshift.io/fips-compliant: {} f:features.operators.openshift.io/proxy-aware: {} f:features.operators.openshift.io/tls-profiles: {} f:features.operators.openshift.io/token-auth-aws: {} f:features.operators.openshift.io/token-auth-azure: {} f:features.operators.openshift.io/token-auth-gcp: {} f:kubectl.kubernetes.io/default-container: {} f:olm.operatorGroup: {} f:olm.operatorNamespace: {} f:olm.targetNamespaces: {} f:operatorframework.io/properties: {} f:operators.openshift.io/valid-subscription: {} f:operators.operatorframework.io/builder: {} f:operators.operatorframework.io/project_layout: {} f:repository: {} f:support: {} f:generateName: {} f:labels: .: {} f:control-plane: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"bb424c2c-799a-47e1-9941-4dbe536aa2ae"}: {} f:spec: f:containers: k:{"name":"manager"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"CLUSTER_SECRET_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"OPERATOR_CONDITION_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"WATCH_NAMESPACES"}: .: {} f:name: {} f:envFrom: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":8082,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} manager: kube-controller-manager operation: Update time: "2026-06-15T05:58:01Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-15T05:58:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.22"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-15T05:58:15Z" name: dns-operator-controller-manager-65b49595d7-knbkx namespace: kuadrant-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: dns-operator-controller-manager-65b49595d7 uid: bb424c2c-799a-47e1-9941-4dbe536aa2ae resourceVersion: "18893" uid: 6e5a3783-7faf-453d-92d5-cf282e5dc44e spec: containers: - args: - --metrics-bind-address=:8080 - --leader-elect command: - /manager env: - name: WATCH_NAMESPACES - name: CLUSTER_SECRET_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: OPERATOR_CONDITION_NAME value: dns-operator.v1.4.0 envFrom: - configMapRef: name: dns-operator-controller-env image: registry.redhat.io/rhcl-1/dns-rhel9-operator@sha256:ba46f54446ecd3ed1a3d877dcbb7359ff8f2d918827f3411a5cb0781915a65d5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 8081 scheme: HTTP initialDelaySeconds: 15 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 name: manager ports: - containerPort: 8080 name: metrics protocol: TCP - containerPort: 8082 name: pprof protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: 8081 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 200m memory: 128Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000690000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-p687f readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: dns-operator-controller-manager-dockercfg-bbb69 nodeName: ip-10-0-128-226.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000690000 runAsNonRoot: true seLinuxOptions: level: s0:c26,c20 seccompProfile: type: RuntimeDefault serviceAccount: dns-operator-controller-manager serviceAccountName: dns-operator-controller-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: kube-api-access-p687f projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:04Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:01Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:15Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:15Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:01Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 64Mi containerID: cri-o://bf84782c4d5802dc9f989b428fad86194e95e9bd098e25fcff6c4527b628233f image: registry.redhat.io/rhcl-1/dns-rhel9-operator@sha256:ba46f54446ecd3ed1a3d877dcbb7359ff8f2d918827f3411a5cb0781915a65d5 imageID: registry.redhat.io/rhcl-1/dns-rhel9-operator@sha256:9dfcd4ff26063c0b2088bb7b03239a957749d8440a2b27aac959994fb6d185fe lastState: {} name: manager ready: true resources: limits: cpu: 200m memory: 128Mi requests: cpu: 10m memory: 64Mi restartCount: 0 started: true state: running: startedAt: "2026-06-15T05:58:04Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000690000 uid: 1000690000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-p687f readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.128.226 hostIPs: - ip: 10.0.128.226 observedGeneration: 1 phase: Running podIP: 10.134.0.22 podIPs: - ip: 10.134.0.22 qosClass: Burstable startTime: "2026-06-15T05:58:01Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.37/23"],"mac_address":"0a:58:0a:84:00:25","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.37/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.37" ], "mac": "0a:58:0a:84:00:25", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-15T05:58:12Z" generateName: kuadrant-console-plugin-7dbb555447- generation: 1 labels: app: kuadrant-console-plugin app.kubernetes.io/component: kuadrant-console-plugin app.kubernetes.io/instance: kuadrant-console-plugin app.kubernetes.io/managed-by: kuadrant-operator app.kubernetes.io/name: kuadrant-console-plugin app.kubernetes.io/part-of: kuadrant-console-plugin pod-template-hash: 7dbb555447 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-128-243 operation: Update subresource: status time: "2026-06-15T05:58:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"6de83e74-f982-40f7-bfae-bc2bc20de27a"}: {} f:spec: f:containers: k:{"name":"kuadrant-console-plugin"}: .: {} f:env: .: {} k:{"name":"TOPOLOGY_CONFIGMAP_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"TOPOLOGY_CONFIGMAP_NAMESPACE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/nginx/nginx.conf"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/var/serving-cert"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"nginx-conf"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"plugin-serving-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-15T05:58:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-15T05:58:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.37"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-15T05:58:17Z" name: kuadrant-console-plugin-7dbb555447-w6b6b namespace: kuadrant-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kuadrant-console-plugin-7dbb555447 uid: 6de83e74-f982-40f7-bfae-bc2bc20de27a resourceVersion: "19086" uid: e1a93313-40c4-40c9-a035-6066ffed7081 spec: containers: - env: - name: TOPOLOGY_CONFIGMAP_NAME value: topology - name: TOPOLOGY_CONFIGMAP_NAMESPACE value: kuadrant-system image: registry.redhat.io/rhcl-1/rhcl-console-plugin-rhel9@sha256:00e355f0ca6c08ef2866398e0f3d448353f6332ea61eb952c17d3ad41811862b imagePullPolicy: Always name: kuadrant-console-plugin ports: - containerPort: 9443 protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000690000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/serving-cert name: plugin-serving-cert readOnly: true - mountPath: /etc/nginx/nginx.conf name: nginx-conf readOnly: true subPath: nginx.conf - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qtcmm readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: default-dockercfg-dvq6x nodeName: ip-10-0-128-243.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000690000 seLinuxOptions: level: s0:c26,c20 seccompProfile: type: RuntimeDefault serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: plugin-serving-cert secret: defaultMode: 420 secretName: plugin-serving-cert - configMap: defaultMode: 420 name: kuadrant-console-nginx-conf name: nginx-conf - name: kube-api-access-qtcmm projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:17Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:12Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:17Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:17Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:12Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - containerID: cri-o://39d720f9962d8eae1f3a8e81b2bd77577716a773f9b066984b92ade35b06e06f image: registry.redhat.io/rhcl-1/rhcl-console-plugin-rhel9@sha256:00e355f0ca6c08ef2866398e0f3d448353f6332ea61eb952c17d3ad41811862b imageID: registry.redhat.io/rhcl-1/rhcl-console-plugin-rhel9@sha256:00e355f0ca6c08ef2866398e0f3d448353f6332ea61eb952c17d3ad41811862b lastState: {} name: kuadrant-console-plugin ready: true resources: {} restartCount: 0 started: true state: running: startedAt: "2026-06-15T05:58:17Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000690000 uid: 1000690000 volumeMounts: - mountPath: /var/serving-cert name: plugin-serving-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/nginx/nginx.conf name: nginx-conf readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qtcmm readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.128.243 hostIPs: - ip: 10.0.128.243 observedGeneration: 1 phase: Running podIP: 10.132.0.37 podIPs: - ip: 10.132.0.37 qosClass: BestEffort startTime: "2026-06-15T05:58:12Z" - apiVersion: v1 kind: Pod metadata: annotations: alm-examples: |- [ { "apiVersion": "extensions.kuadrant.io/v1alpha1", "kind": "OIDCPolicy", "metadata": { "name": "oidcpolicy-sample" }, "spec": { "provider": { "cliendID": "exampleID", "issuerURL": "https://idp.example.org/" }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "HTTPRoute", "name": "example-route" } } }, { "apiVersion": "extensions.kuadrant.io/v1alpha1", "kind": "PlanPolicy", "metadata": { "labels": { "app.kubernetes.io/created-by": "kuadrant-operator", "app.kubernetes.io/instance": "planpolicy-sample", "app.kubernetes.io/managed-by": "kustomize", "app.kubernetes.io/name": "planpolicy", "app.kubernetes.io/part-of": "kuadrant-operator" }, "name": "planpolicy-sample" }, "spec": { "plans": [ { "limits": { "daily": 5 }, "predicate": "has(auth.identity) \u0026\u0026 auth.identity.metadata.annotations[\"secret.kuadrant.io/plan-id\"] == \"gold\"\n", "tier": "gold" }, { "limits": { "daily": 2 }, "predicate": "has(auth.identity) \u0026\u0026 auth.identity.metadata.annotations[\"secret.kuadrant.io/plan-id\"] == \"silver\"\n", "tier": "silver" }, { "limits": { "daily": 1 }, "predicate": "has(auth.identity) \u0026\u0026 auth.identity.metadata.annotations[\"secret.kuadrant.io/plan-id\"] == \"bronze\"\n", "tier": "bronze" } ], "targetRef": { "group": "gateway.networking.k8s.io", "kind": "HTTPRoute", "name": "example-route" } } }, { "apiVersion": "kuadrant.io/v1", "kind": "AuthPolicy", "metadata": { "name": "authpolicy-sample" }, "spec": { "rules": { "authentication": { "apikey": { "apiKey": { "selector": {} }, "credentials": { "authorizationHeader": { "prefix": "APIKEY" } } } } }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "HTTPRoute", "name": "toystore" } } }, { "apiVersion": "kuadrant.io/v1", "kind": "DNSPolicy", "metadata": { "name": "dnspolicy-sample" }, "spec": { "healthCheck": { "protocol": "HTTP" }, "providerRefs": [ { "name": "provider-ref" } ], "targetRef": { "group": "gateway.networking.k8s.io", "kind": "Gateway", "name": "example-gateway" } } }, { "apiVersion": "kuadrant.io/v1", "kind": "RateLimitPolicy", "metadata": { "name": "ratelimitpolicy-sample" }, "spec": { "limits": { "toys": { "rates": [ { "limit": 50, "window": "1m" } ] } }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "HTTPRoute", "name": "toystore" } } }, { "apiVersion": "kuadrant.io/v1", "kind": "TLSPolicy", "metadata": { "name": "tlspolicy-sample" }, "spec": { "issuerRef": { "group": "cert-manager.io", "kind": "ClusterIssuer", "name": "self-signed-ca" }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "Gateway", "name": "example-gateway" } } }, { "apiVersion": "kuadrant.io/v1alpha1", "kind": "TokenRateLimitPolicy", "metadata": { "name": "token-limit-free", "namespace": "gateway-system" }, "spec": { "limits": { "free": { "counters": [ { "expression": "auth.identity.userid" } ], "rates": [ { "limit": 20000, "window": "1d" } ], "when": [ { "predicate": "request.auth.claims[\"kuadrant.io/groups\"].split(\",\").exists(g, g == \"free\")" } ] }, "gold": { "counters": [ { "expression": "auth.identity.userid" } ], "rates": [ { "limit": 200000, "window": "1d" } ], "when": [ { "predicate": "request.auth.claims[\"kuadrant.io/groups\"].split(\",\").exists(g, g == \"gold\")" } ] } }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "Gateway", "name": "my-llm-gateway" } } }, { "apiVersion": "kuadrant.io/v1beta1", "kind": "Kuadrant", "metadata": { "name": "kuadrant-sample" }, "spec": {} } ] capabilities: Basic Install categories: Integration & Delivery console.openshift.io/plugins: '["kuadrant-console-plugin"]' containerImage: registry.redhat.io/rhcl-1/rhcl-rhel9-operator@sha256:63c62ca2971e5679da2d1e8615448a5653058d3a012ace13c3251ae295792bc5 createdAt: "2026-06-02T08:04:09Z" description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "false" features.operators.openshift.io/csi: "false" features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" features.operators.openshift.io/proxy-aware: "false" features.operators.openshift.io/tls-profiles: "false" features.operators.openshift.io/token-auth-aws: "false" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.23/23"],"mac_address":"0a:58:0a:86:00:17","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.23/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.23" ], "mac": "0a:58:0a:86:00:17", "default": true, "dns": {} }] olm.operatorGroup: kuadrant olm.operatorNamespace: kuadrant-system olm.targetNamespaces: "" openshift.io/scc: restricted-v2 operatorframework.io/properties: '{"properties":[{"type":"olm.gvk","value":{"group":"devportal.kuadrant.io","kind":"APIKey","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"devportal.kuadrant.io","kind":"APIKeyApproval","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"devportal.kuadrant.io","kind":"APIKeyRequest","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"devportal.kuadrant.io","kind":"APIProduct","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"extensions.kuadrant.io","kind":"OIDCPolicy","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"extensions.kuadrant.io","kind":"PlanPolicy","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"extensions.kuadrant.io","kind":"TelemetryPolicy","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"AuthPolicy","version":"v1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"DNSPolicy","version":"v1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"Kuadrant","version":"v1beta1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"RateLimitPolicy","version":"v1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"TLSPolicy","version":"v1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"TokenRateLimitPolicy","version":"v1alpha1"}},{"type":"olm.package","value":{"packageName":"rhcl-operator","version":"1.4.0"}},{"type":"olm.package.required","value":{"packageName":"authorino-operator","versionRange":"1.4.0"}},{"type":"olm.package.required","value":{"packageName":"dns-operator","versionRange":"1.4.0"}},{"type":"olm.package.required","value":{"packageName":"limitador-operator","versionRange":"1.4.0"}},{"type":"olm.package.required","value":{"packageName":"authorino-operator","versionRange":"1.4.0"}},{"type":"olm.package.required","value":{"packageName":"dns-operator","versionRange":"1.4.0"}},{"type":"olm.package.required","value":{"packageName":"limitador-operator","versionRange":"1.4.0"}}]}' operators.openshift.io/valid-subscription: '["Red Hat Connectivity Link"]' operators.operatorframework.io/builder: operator-sdk-v1.33.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 repository: https://github.com/Kuadrant/kuadrant-operator seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user support: kuadrant creationTimestamp: "2026-06-15T05:58:05Z" generateName: kuadrant-operator-controller-manager-5c9bd5678d- generation: 1 labels: app: kuadrant control-plane: controller-manager pod-template-hash: 5c9bd5678d managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-128-226 operation: Update subresource: status time: "2026-06-15T05:58:05Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:alm-examples: {} f:capabilities: {} f:categories: {} f:console.openshift.io/plugins: {} f:containerImage: {} f:createdAt: {} f:description: {} f:features.operators.openshift.io/cnf: {} f:features.operators.openshift.io/cni: {} f:features.operators.openshift.io/csi: {} f:features.operators.openshift.io/disconnected: {} f:features.operators.openshift.io/fips-compliant: {} f:features.operators.openshift.io/proxy-aware: {} f:features.operators.openshift.io/tls-profiles: {} f:features.operators.openshift.io/token-auth-aws: {} f:features.operators.openshift.io/token-auth-azure: {} f:features.operators.openshift.io/token-auth-gcp: {} f:olm.operatorGroup: {} f:olm.operatorNamespace: {} f:olm.targetNamespaces: {} f:operatorframework.io/properties: {} f:operators.openshift.io/valid-subscription: {} f:operators.operatorframework.io/builder: {} f:operators.operatorframework.io/project_layout: {} f:repository: {} f:support: {} f:generateName: {} f:labels: .: {} f:app: {} f:control-plane: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"d7709b8d-a26f-4aa0-b3b4-6f61545bfdbe"}: {} f:spec: f:containers: k:{"name":"manager"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"EXTENSIONS_DESCRIPTOR_SERVICE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"EXTENSIONS_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_GATEWAY_CONTROLLER_NAMES"}: .: {} f:name: {} f:value: {} k:{"name":"OPERATOR_CONDITION_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"OPERATOR_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELATED_IMAGE_CONSOLE_PLUGIN_LATEST"}: .: {} f:name: {} f:value: {} k:{"name":"RELATED_IMAGE_CONSOLE_PLUGIN_PF5"}: .: {} f:name: {} f:value: {} k:{"name":"RELATED_IMAGE_DEVELOPERPORTAL"}: .: {} f:name: {} f:value: {} k:{"name":"RELATED_IMAGE_WASMSHIM"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":8082,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":50051,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/tmp/kuadrant"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"extensions-socket-volume"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-15T05:58:05Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-15T05:58:06Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.23"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-15T05:58:21Z" name: kuadrant-operator-controller-manager-5c9bd5678d-xwtf4 namespace: kuadrant-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kuadrant-operator-controller-manager-5c9bd5678d uid: d7709b8d-a26f-4aa0-b3b4-6f61545bfdbe resourceVersion: "19172" uid: 75fc04a5-2d46-4445-8d6a-6fbb4e3bc41b spec: containers: - args: - --leader-elect command: - /manager env: - name: EXTENSIONS_DIR value: /extensions - name: EXTENSIONS_DESCRIPTOR_SERVICE_PORT value: "50051" - name: RELATED_IMAGE_WASMSHIM value: registry.access.redhat.com/rhcl-1/wasm-shim-rhel9@sha256:db9a00dc230eb8f866a41bbdbaefd0c1b029aee648449eb732e5705f85236336 - name: RELATED_IMAGE_DEVELOPERPORTAL value: registry.redhat.io/rhcl-1/developer-portal-controller-rhel9@sha256:79eee32ab3412ba38e0fe0923f6b0f1eb78fd0d2ed27ac7089ebc2a19755f4dc - name: RELATED_IMAGE_CONSOLE_PLUGIN_LATEST value: registry.redhat.io/rhcl-1/rhcl-console-plugin-rhel9@sha256:00e355f0ca6c08ef2866398e0f3d448353f6332ea61eb952c17d3ad41811862b - name: RELATED_IMAGE_CONSOLE_PLUGIN_PF5 value: registry.redhat.io/rhcl-1/rhcl-console-plugin-rhel9@sha256:a001dec938379c30d9c24b32c85259bb43ad22c18b7a907beaa9445aa14b60c7 - name: OPERATOR_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: ISTIO_GATEWAY_CONTROLLER_NAMES value: openshift.io/gateway-controller/v1 - name: OPERATOR_CONDITION_NAME value: rhcl-operator.v1.4.0 image: registry.redhat.io/rhcl-1/rhcl-rhel9-operator@sha256:63c62ca2971e5679da2d1e8615448a5653058d3a012ace13c3251ae295792bc5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 8081 scheme: HTTP initialDelaySeconds: 15 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 name: manager ports: - containerPort: 8080 name: metrics protocol: TCP - containerPort: 50051 name: grpc protocol: TCP - containerPort: 8082 name: wasm protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: 8081 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 200m memory: 300Mi requests: cpu: 200m memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 1000690000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp/kuadrant name: extensions-socket-volume - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pjr6n readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kuadrant-operator-controller-manager-dockercfg-qd98c nodeName: ip-10-0-128-226.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000690000 runAsNonRoot: true seLinuxOptions: level: s0:c26,c20 seccompProfile: type: RuntimeDefault serviceAccount: kuadrant-operator-controller-manager serviceAccountName: kuadrant-operator-controller-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: extensions-socket-volume - name: kube-api-access-pjr6n projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:10Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:05Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:21Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:21Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:05Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 200m memory: 200Mi containerID: cri-o://4491c17ad54e8cb426715604e3d13811ceed5164ea2873fed8fe86501714d35f image: registry.redhat.io/rhcl-1/rhcl-rhel9-operator@sha256:63c62ca2971e5679da2d1e8615448a5653058d3a012ace13c3251ae295792bc5 imageID: registry.redhat.io/rhcl-1/rhcl-rhel9-operator@sha256:63c62ca2971e5679da2d1e8615448a5653058d3a012ace13c3251ae295792bc5 lastState: {} name: manager ready: true resources: limits: cpu: 200m memory: 300Mi requests: cpu: 200m memory: 200Mi restartCount: 0 started: true state: running: startedAt: "2026-06-15T05:58:10Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000690000 uid: 1000690000 volumeMounts: - mountPath: /tmp/kuadrant name: extensions-socket-volume - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pjr6n readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.128.226 hostIPs: - ip: 10.0.128.226 observedGeneration: 1 phase: Running podIP: 10.134.0.23 podIPs: - ip: 10.134.0.23 qosClass: Burstable startTime: "2026-06-15T05:58:05Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.32/23"],"mac_address":"0a:58:0a:85:00:20","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.32/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.32" ], "mac": "0a:58:0a:85:00:20", "default": true, "dns": {} }] limits-cm-resource-version: "20134" openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-15T05:58:53Z" generateName: limitador-limitador-69574b596d- generation: 1 labels: app: limitador app.kubernetes.io/component: limitador app.kubernetes.io/instance: limitador app.kubernetes.io/managed-by: limitador-operator app.kubernetes.io/name: limitador app.kubernetes.io/part-of: kuadrant kuadrant.io/managed: "true" limitador-resource: limitador pod-template-hash: 69574b596d sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:limits-cm-resource-version: {} f:spec: f:containers: {} manager: limitador-operator operation: Apply time: "2026-06-15T05:58:53Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-141-25 operation: Update subresource: status time: "2026-06-15T05:58:53Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:kuadrant.io/managed: {} f:limitador-resource: {} f:pod-template-hash: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"f52f3713-36cd-4878-a644-5962585715d8"}: {} f:spec: f:containers: k:{"name":"limitador"}: .: {} f:args: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/home/limitador/etc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"config-file"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-15T05:58:53Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-15T05:58:54Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.32"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-15T05:59:09Z" name: limitador-limitador-69574b596d-qnf8x namespace: kuadrant-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: limitador-limitador-69574b596d uid: f52f3713-36cd-4878-a644-5962585715d8 resourceVersion: "20466" uid: ee0e0e76-378b-4fdf-9532-b20ff00fdbaf spec: containers: - args: - --http-port - "8080" - --rls-port - "8081" - --metric-labels-default - descriptors[1] - /home/limitador/etc/limitador-config.yaml - memory command: - limitador-server image: registry.redhat.io/rhcl-1/limitador-rhel9@sha256:0b02c000d9a175235223ec5916345a1ccedeedc25c87cc0638e8554e6c318474 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /status port: 8080 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 name: limitador ports: - containerPort: 8080 name: http protocol: TCP - containerPort: 8081 name: grpc protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /status port: 8080 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: limits: cpu: 500m memory: 64Mi requests: cpu: 250m memory: 32Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000690000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /home/limitador/etc name: config-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6bt6t readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: default-dockercfg-dvq6x nodeName: ip-10-0-141-25.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000690000 seLinuxOptions: level: s0:c26,c20 seccompProfile: type: RuntimeDefault serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 name: limitador-limits-config-limitador name: config-file - name: kube-api-access-6bt6t projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:58Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:53Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-15T05:59:09Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-15T05:59:09Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:53Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 250m memory: 32Mi containerID: cri-o://82348edc169b97572e479b20d1eeb849d61ec1ed445787b62968e3954e764867 image: registry.redhat.io/rhcl-1/limitador-rhel9@sha256:0b02c000d9a175235223ec5916345a1ccedeedc25c87cc0638e8554e6c318474 imageID: registry.redhat.io/rhcl-1/limitador-rhel9@sha256:0b02c000d9a175235223ec5916345a1ccedeedc25c87cc0638e8554e6c318474 lastState: {} name: limitador ready: true resources: limits: cpu: 500m memory: 64Mi requests: cpu: 250m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-15T05:58:57Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000690000 uid: 1000690000 volumeMounts: - mountPath: /home/limitador/etc name: config-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6bt6t readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.141.25 hostIPs: - ip: 10.0.141.25 observedGeneration: 1 phase: Running podIP: 10.133.0.32 podIPs: - ip: 10.133.0.32 qosClass: Burstable startTime: "2026-06-15T05:58:53Z" - apiVersion: v1 kind: Pod metadata: annotations: alm-examples: |- [ { "apiVersion": "limitador.kuadrant.io/v1alpha1", "kind": "Limitador", "metadata": { "name": "limitador-sample" }, "spec": { "limits": [ { "conditions": [ "get_toy == 'yes'" ], "max_value": 2, "name": "toy_get_route", "namespace": "toystore-app", "seconds": 30, "variables": [] } ], "listener": { "grpc": { "port": 8081 }, "http": { "port": 8080 } } } } ] capabilities: Basic Install categories: Integration & Delivery containerImage: registry.redhat.io/rhcl-1/limitador-rhel9-operator@sha256:183bad2a6f5872aea38f54ad507f7e005d6facb02b18769e0407c82799f96a3e createdAt: "2026-06-02T07:35:04Z" description: The Limitador operator installs and maintains limitador instances features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "false" features.operators.openshift.io/csi: "false" features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" features.operators.openshift.io/proxy-aware: "false" features.operators.openshift.io/tls-profiles: "false" features.operators.openshift.io/token-auth-aws: "false" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.31/23"],"mac_address":"0a:58:0a:85:00:1f","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.31/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.31" ], "mac": "0a:58:0a:85:00:1f", "default": true, "dns": {} }] olm.operatorGroup: kuadrant olm.operatorNamespace: kuadrant-system olm.targetNamespaces: "" openshift.io/scc: restricted-v2 operatorframework.io/properties: '{"properties":[{"type":"olm.gvk","value":{"group":"limitador.kuadrant.io","kind":"Limitador","version":"v1alpha1"}},{"type":"olm.package","value":{"packageName":"limitador-operator","version":"1.4.0"}}]}' operators.openshift.io/valid-subscription: '["Red Hat Connectivity Link"]' operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/Kuadrant/limitador-operator seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user support: kuadrant creationTimestamp: "2026-06-15T05:58:07Z" generateName: limitador-operator-controller-manager-6f9f468797- generation: 1 labels: app: limitador-operator control-plane: controller-manager pod-template-hash: 6f9f468797 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-141-25 operation: Update subresource: status time: "2026-06-15T05:58:07Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:alm-examples: {} f:capabilities: {} f:categories: {} f:containerImage: {} f:createdAt: {} f:description: {} f:features.operators.openshift.io/cnf: {} f:features.operators.openshift.io/cni: {} f:features.operators.openshift.io/csi: {} f:features.operators.openshift.io/disconnected: {} f:features.operators.openshift.io/fips-compliant: {} f:features.operators.openshift.io/proxy-aware: {} f:features.operators.openshift.io/tls-profiles: {} f:features.operators.openshift.io/token-auth-aws: {} f:features.operators.openshift.io/token-auth-azure: {} f:features.operators.openshift.io/token-auth-gcp: {} f:olm.operatorGroup: {} f:olm.operatorNamespace: {} f:olm.targetNamespaces: {} f:operatorframework.io/properties: {} f:operators.openshift.io/valid-subscription: {} f:operators.operatorframework.io/builder: {} f:operators.operatorframework.io/project_layout: {} f:repository: {} f:support: {} f:generateName: {} f:labels: .: {} f:app: {} f:control-plane: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"2747c76a-14d5-4cd8-860d-f7bbeb2e5b07"}: {} f:spec: f:containers: k:{"name":"manager"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"OPERATOR_CONDITION_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"RELATED_IMAGE_LIMITADOR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} manager: kube-controller-manager operation: Update time: "2026-06-15T05:58:07Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-15T05:58:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.31"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-15T05:58:21Z" name: limitador-operator-controller-manager-6f9f468797-cgn2h namespace: kuadrant-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: limitador-operator-controller-manager-6f9f468797 uid: 2747c76a-14d5-4cd8-860d-f7bbeb2e5b07 resourceVersion: "19183" uid: c11ebb87-dc2e-473b-8d76-7e645a23a065 spec: containers: - args: - --leader-elect command: - /manager env: - name: RELATED_IMAGE_LIMITADOR value: registry.redhat.io/rhcl-1/limitador-rhel9@sha256:0b02c000d9a175235223ec5916345a1ccedeedc25c87cc0638e8554e6c318474 - name: OPERATOR_CONDITION_NAME value: limitador-operator.v1.4.0 image: registry.redhat.io/rhcl-1/limitador-rhel9-operator@sha256:183bad2a6f5872aea38f54ad507f7e005d6facb02b18769e0407c82799f96a3e imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 8081 scheme: HTTP initialDelaySeconds: 15 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 name: manager ports: - containerPort: 8080 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: 8081 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 200m memory: 300Mi requests: cpu: 200m memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000690000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6gh66 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: limitador-operator-controller-manager-dockercfg-26lw5 nodeName: ip-10-0-141-25.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000690000 runAsNonRoot: true seLinuxOptions: level: s0:c26,c20 seccompProfile: type: RuntimeDefault serviceAccount: limitador-operator-controller-manager serviceAccountName: limitador-operator-controller-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: kube-api-access-6gh66 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:10Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:07Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:21Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:21Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-15T05:58:07Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 200m memory: 200Mi containerID: cri-o://f5b0912f8d59401685bbb1ecce857716f046299afab17646ecc9aabddf71c790 image: registry.redhat.io/rhcl-1/limitador-rhel9-operator@sha256:183bad2a6f5872aea38f54ad507f7e005d6facb02b18769e0407c82799f96a3e imageID: registry.redhat.io/rhcl-1/limitador-rhel9-operator@sha256:13f0385ac3b3bf53a761729ff076338760fbb6a2ac6943d7c4008feadd972296 lastState: {} name: manager ready: true resources: limits: cpu: 200m memory: 300Mi requests: cpu: 200m memory: 200Mi restartCount: 0 started: true state: running: startedAt: "2026-06-15T05:58:09Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000690000 uid: 1000690000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6gh66 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.141.25 hostIPs: - ip: 10.0.141.25 observedGeneration: 1 phase: Running podIP: 10.133.0.31 podIPs: - ip: 10.133.0.31 qosClass: Burstable startTime: "2026-06-15T05:58:07Z" kind: PodList metadata: resourceVersion: "97148"