--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: istio.io/rev: openshift-gateway k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.30/23"],"mac_address":"0a:58:0a:86:00:1e","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.30/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.30" ], "mac": "0a:58:0a:86:00:1e", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 prometheus.io/path: /stats/prometheus prometheus.io/port: "15020" prometheus.io/scrape: "true" seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-16T04:30:30Z" generateName: data-science-gateway-data-science-gateway-class-5cb8b776cf- generation: 1 labels: gateway.istio.io/managed: istio.io-gateway-controller gateway.networking.k8s.io/gateway-name: data-science-gateway pod-template-hash: 5cb8b776cf service.istio.io/canonical-name: data-science-gateway-data-science-gateway-class service.istio.io/canonical-revision: latest sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-133-103 operation: Update subresource: status time: "2026-04-16T04:30:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:istio.io/rev: {} f:prometheus.io/path: {} f:prometheus.io/port: {} f:prometheus.io/scrape: {} f:generateName: {} f:labels: .: {} f:gateway.istio.io/managed: {} f:gateway.networking.k8s.io/gateway-name: {} f:pod-template-hash: {} f:service.istio.io/canonical-name: {} f:service.istio.io/canonical-revision: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"eb1331c0-ea5c-4ef4-b40e-fb21d8fc3699"}: {} f:spec: f:containers: k:{"name":"istio-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"CA_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"GOMAXPROCS"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"GOMEMLIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"HOST_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"INSTANCE_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_CPU_LIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"ISTIO_META_APP_CONTAINERS"}: .: {} f:name: {} k:{"name":"ISTIO_META_CLUSTER_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_INTERCEPTION_MODE"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_MESH_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_NODE_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_META_OWNER"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_POD_PORTS"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_WORKLOAD_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_CERT_PROVIDER"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROXY_CONFIG"}: .: {} f:name: {} f:value: {} k:{"name":"SERVICE_ACCOUNT"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"TRUST_DOMAIN"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":15020,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15021,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/istio/pod"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/istio/proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/istio/data"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/credential-uds"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/istio"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/tokens"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-credentials"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-uds"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:sysctls: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"credential-socket"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-data"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-envoy"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"istio-podinfo"}: .: {} f:downwardAPI: .: {} f:defaultMode: {} f:items: {} f:name: {} k:{"name":"istio-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"istiod-ca-cert"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"workload-certs"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"workload-socket"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-16T04:30:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-16T04:30:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.30"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-16T04:30:36Z" name: data-science-gateway-data-science-gateway-class-5cb8b776cfqkzff namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: data-science-gateway-data-science-gateway-class-5cb8b776cf uid: eb1331c0-ea5c-4ef4-b40e-fb21d8fc3699 resourceVersion: "16073" uid: c86bff4a-b5e8-4159-a34e-9c8bdf20b6b8 spec: containers: - args: - proxy - router - --domain - $(POD_NAMESPACE).svc.cluster.local - --proxyLogLevel - warning - --proxyComponentLogLevel - misc:error - --log_output_level - default:info env: - name: PILOT_CERT_PROVIDER value: istiod - name: CA_ADDR value: istiod-openshift-gateway.openshift-ingress.svc:15012 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: ISTIO_CPU_LIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: PROXY_CONFIG value: | {"discoveryAddress":"istiod-openshift-gateway.openshift-ingress.svc:15012","proxyHeaders":{"server":{"disabled":true},"envoyDebugHeaders":{"disabled":true},"metadataExchangeHeaders":{"mode":"IN_MESH"}}} - name: ISTIO_META_POD_PORTS value: '[]' - name: ISTIO_META_APP_CONTAINERS - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.memory - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: ISTIO_META_CLUSTER_ID value: Kubernetes - name: ISTIO_META_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: ISTIO_META_INTERCEPTION_MODE value: REDIRECT - name: ISTIO_META_WORKLOAD_NAME value: data-science-gateway-data-science-gateway-class - name: ISTIO_META_OWNER value: kubernetes://apis/apps/v1/namespaces/openshift-ingress/deployments/data-science-gateway-data-science-gateway-class - name: ISTIO_META_MESH_ID value: cluster.local - name: TRUST_DOMAIN value: cluster.local image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15020 name: metrics protocol: TCP - containerPort: 15021 name: status-port protocol: TCP - containerPort: 15090 name: http-envoy-prom protocol: TCP readinessProbe: failureThreshold: 4 httpGet: path: /healthz/ready port: 15021 scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1000319999 runAsNonRoot: true runAsUser: 1000319999 startupProbe: failureThreshold: 30 httpGet: path: /healthz/ready port: 15021 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 1 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79mnl readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: data-science-gateway-data-science-gateway-class-dockercfg-5wwvh nodeName: ip-10-0-133-103.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000310000 seLinuxOptions: level: s0:c18,c2 seccompProfile: type: RuntimeDefault sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0" serviceAccount: data-science-gateway-data-science-gateway-class serviceAccountName: data-science-gateway-data-science-gateway-class terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: workload-socket - emptyDir: {} name: credential-socket - emptyDir: {} name: workload-certs - emptyDir: medium: Memory name: istio-envoy - emptyDir: {} name: istio-data - downwardAPI: defaultMode: 420 items: - fieldRef: apiVersion: v1 fieldPath: metadata.labels path: labels - fieldRef: apiVersion: v1 fieldPath: metadata.annotations path: annotations name: istio-podinfo - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - configMap: defaultMode: 420 name: istio-ca-root-cert name: istiod-ca-cert - name: kube-api-access-79mnl projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:34Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:30Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:36Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:36Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:30Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 100m memory: 128Mi containerID: cri-o://8efecf0f3fda1f0e0163fed2ae0a4119a308214953066b9db8527cfd45ae5a70 image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imageID: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0a86de591c0c259464e80a5c01e0c85078263846253cd50ef5ac555bcf1e4fec lastState: {} name: istio-proxy ready: true resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-16T04:30:33Z" user: linux: gid: 1000319999 supplementalGroups: - 1000319999 - 1000310000 uid: 1000319999 volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79mnl readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.133.103 hostIPs: - ip: 10.0.133.103 phase: Running podIP: 10.134.0.30 podIPs: - ip: 10.134.0.30 qosClass: Burstable startTime: "2026-04-16T04:30:30Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.32/23"],"mac_address":"0a:58:0a:84:00:20","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.32/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.32" ], "mac": "0a:58:0a:84:00:20", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 prometheus.io/port: "15014" prometheus.io/scrape: "true" seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user sidecar.istio.io/inject: "false" creationTimestamp: "2026-04-16T04:30:26Z" generateName: istiod-openshift-gateway-55ff986f96- generation: 1 labels: app: istiod app.kubernetes.io/instance: openshift-gateway-istiod app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: istiod app.kubernetes.io/part-of: istio app.kubernetes.io/version: 1.26.2 helm.sh/chart: istiod-1.26.2 istio: istiod istio.io/dataplane-mode: none istio.io/rev: openshift-gateway operator.istio.io/component: Pilot pod-template-hash: 55ff986f96 sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-133-81 operation: Update subresource: status time: "2026-04-16T04:30:26Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:prometheus.io/port: {} f:prometheus.io/scrape: {} f:sidecar.istio.io/inject: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:helm.sh/chart: {} f:istio: {} f:istio.io/dataplane-mode: {} f:istio.io/rev: {} f:operator.istio.io/component: {} f:pod-template-hash: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"4cd4ffcc-5916-4c71-9d12-77e436e18214"}: {} f:spec: f:containers: k:{"name":"discovery"}: .: {} f:args: {} f:env: .: {} k:{"name":"CA_TRUSTED_NODE_ACCOUNTS"}: .: {} f:name: {} f:value: {} k:{"name":"CLUSTER_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ENABLE_GATEWAY_API_INFERENCE_EXTENSION"}: .: {} f:name: {} f:value: {} k:{"name":"ENABLE_GATEWAY_API_MANUAL_DEPLOYMENT"}: .: {} f:name: {} f:value: {} k:{"name":"GOMAXPROCS"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"GOMEMLIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"KUBECONFIG"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_CERT_PROVIDER"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_ALPHA_GATEWAY_API"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_ANALYSIS"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_CA_CERT_ONLY"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_COPY_LABELS_ANNOTATIONS"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_GATEWAYCLASS_CONTROLLER"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_STATUS"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_GATEWAY_API_CONTROLLER_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_GATEWAY_API_DEFAULT_GATEWAYCLASS_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_MULTI_NETWORK_DISCOVER_GATEWAY_API"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_TRACE_SAMPLING"}: .: {} f:name: {} f:value: {} k:{"name":"PLATFORM"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"REVISION"}: .: {} f:name: {} f:value: {} k:{"name":"SERVICE_ACCOUNT"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15010,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15012,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15014,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15017,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cacerts"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/istio-dns"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/istiod/ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/istiod/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/remote"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/tokens"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cacerts"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"istio-csr-ca-configmap"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"istio-csr-dns-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"istio-kubeconfig"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"istio-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"local-certs"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-16T04:30:26Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-16T04:30:27Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.32"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-16T04:30:32Z" name: istiod-openshift-gateway-55ff986f96-fzjjz namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: istiod-openshift-gateway-55ff986f96 uid: 4cd4ffcc-5916-4c71-9d12-77e436e18214 resourceVersion: "16002" uid: aae2b43c-b3a7-419a-8da3-5fd4e1646843 spec: containers: - args: - discovery - --monitoringAddr=:15014 - --log_output_level=default:info - --domain - cluster.local - --keepaliveMaxServerConnectionAge - 30m env: - name: REVISION value: openshift-gateway - name: PILOT_CERT_PROVIDER value: istiod - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: KUBECONFIG value: /var/run/secrets/remote/config - name: CA_TRUSTED_NODE_ACCOUNTS value: kube-system/ztunnel - name: ENABLE_GATEWAY_API_INFERENCE_EXTENSION value: "true" - name: ENABLE_GATEWAY_API_MANUAL_DEPLOYMENT value: "false" - name: PILOT_ENABLE_ALPHA_GATEWAY_API value: "false" - name: PILOT_ENABLE_GATEWAY_API value: "true" - name: PILOT_ENABLE_GATEWAY_API_CA_CERT_ONLY value: "true" - name: PILOT_ENABLE_GATEWAY_API_COPY_LABELS_ANNOTATIONS value: "false" - name: PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER value: "true" - name: PILOT_ENABLE_GATEWAY_API_GATEWAYCLASS_CONTROLLER value: "false" - name: PILOT_ENABLE_GATEWAY_API_STATUS value: "true" - name: PILOT_GATEWAY_API_CONTROLLER_NAME value: openshift.io/gateway-controller/v1 - name: PILOT_GATEWAY_API_DEFAULT_GATEWAYCLASS_NAME value: openshift-default - name: PILOT_MULTI_NETWORK_DISCOVER_GATEWAY_API value: "false" - name: PILOT_TRACE_SAMPLING value: "1" - name: PILOT_ENABLE_ANALYSIS value: "false" - name: CLUSTER_ID value: Kubernetes - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: "1" resource: limits.memory - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: "1" resource: limits.cpu - name: PLATFORM value: openshift image: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:028e10651db0d1ddb769a27c9483c6d41be6ac597f253afd9d599f395d9c82d8 imagePullPolicy: IfNotPresent name: discovery ports: - containerPort: 8080 name: http-debug protocol: TCP - containerPort: 15010 name: grpc-xds protocol: TCP - containerPort: 15012 name: tls-xds protocol: TCP - containerPort: 15017 name: https-webhooks protocol: TCP - containerPort: 15014 name: http-monitoring protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: 8080 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 3 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 500m memory: 2Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000310000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/tokens name: istio-token readOnly: true - mountPath: /var/run/secrets/istio-dns name: local-certs - mountPath: /etc/cacerts name: cacerts readOnly: true - mountPath: /var/run/secrets/remote name: istio-kubeconfig readOnly: true - mountPath: /var/run/secrets/istiod/tls name: istio-csr-dns-cert readOnly: true - mountPath: /var/run/secrets/istiod/ca name: istio-csr-ca-configmap readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tz58r readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: istiod-openshift-gateway-dockercfg-cp8rd nodeName: ip-10-0-133-81.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000310000 seLinuxOptions: level: s0:c18,c2 seccompProfile: type: RuntimeDefault serviceAccount: istiod-openshift-gateway serviceAccountName: istiod-openshift-gateway terminationGracePeriodSeconds: 30 tolerations: - key: cni.istio.io/not-ready operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: medium: Memory name: local-certs - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - name: cacerts secret: defaultMode: 420 optional: true secretName: cacerts - name: istio-kubeconfig secret: defaultMode: 420 optional: true secretName: istio-kubeconfig - name: istio-csr-dns-cert secret: defaultMode: 420 optional: true secretName: istiod-tls - configMap: defaultMode: 420 name: istio-ca-root-cert optional: true name: istio-csr-ca-configmap - name: kube-api-access-tz58r projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:30Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:26Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:31Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:31Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:26Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 500m memory: 2Gi containerID: cri-o://dceda1a961000167504da3308dc4260c0136224e72081fd10b82eb75be900e04 image: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:028e10651db0d1ddb769a27c9483c6d41be6ac597f253afd9d599f395d9c82d8 imageID: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:028e10651db0d1ddb769a27c9483c6d41be6ac597f253afd9d599f395d9c82d8 lastState: {} name: discovery ready: true resources: requests: cpu: 500m memory: 2Gi restartCount: 0 started: true state: running: startedAt: "2026-04-16T04:30:30Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000310000 uid: 1000310000 volumeMounts: - mountPath: /var/run/secrets/tokens name: istio-token readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/istio-dns name: local-certs - mountPath: /etc/cacerts name: cacerts readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/remote name: istio-kubeconfig readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/istiod/tls name: istio-csr-dns-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/istiod/ca name: istio-csr-ca-configmap readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tz58r readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.133.81 hostIPs: - ip: 10.0.133.81 phase: Running podIP: 10.132.0.32 podIPs: - ip: 10.132.0.32 qosClass: Burstable startTime: "2026-04-16T04:30:26Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.28/23"],"mac_address":"0a:58:0a:84:00:1c","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.28/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.28" ], "mac": "0a:58:0a:84:00:1c", "default": true, "dns": {} }] opendatahub.io/secret-hash: 4a9be730f8f8218c98351dce83cf8cf0faa50e4ef99f21434a2743b80acc6c74 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-16T04:29:57Z" generateName: kube-auth-proxy-68d6cc647- generation: 1 labels: app: kube-auth-proxy app.kubernetes.io/component: authentication pod-template-hash: 68d6cc647 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-133-81 operation: Update subresource: status time: "2026-04-16T04:29:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:opendatahub.io/secret-hash: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/component: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"eb9fffe1-0a9e-493b-8308-165e35a01552"}: {} f:spec: f:containers: k:{"name":"kube-auth-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"OAUTH2_PROXY_CLIENT_ID"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_CLIENT_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_COOKIE_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"PROXY_MODE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":4180,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9000,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:limits: .: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tmp"}: .: {} f:emptyDir: .: {} f:medium: {} f:sizeLimit: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-16T04:29:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-16T04:29:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.28"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-16T04:30:01Z" name: kube-auth-proxy-68d6cc647-m6stc namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-auth-proxy-68d6cc647 uid: eb9fffe1-0a9e-493b-8308-165e35a01552 resourceVersion: "14411" uid: a9d9ae6f-6579-4770-98c2-5083dadcb564 spec: containers: - args: - --http-address=0.0.0.0:4180 - --https-address=0.0.0.0:8443 - --metrics-address=0.0.0.0:9000 - --email-domain=* - --upstream=static://200 - --skip-provider-button - --skip-jwt-bearer-tokens=true - --pass-access-token=true - --set-xauthrequest=true - --enable-k8s-token-validation=true - --redirect-url=https://rh-ai.apps.27739f6e-499b-49aa-8cbf-52701e8addec.prod.konfluxeaas.com/oauth2/callback - --tls-cert-file=/etc/tls/private/tls.crt - --tls-key-file=/etc/tls/private/tls.key - --use-system-trust-store=true - --cookie-expire=24h0m0s - --cookie-refresh=1h0m0s - --cookie-secure=true - --cookie-httponly=true - --cookie-samesite=lax - --cookie-name=_oauth2_proxy - --cookie-domain=rh-ai.apps.27739f6e-499b-49aa-8cbf-52701e8addec.prod.konfluxeaas.com - --provider=openshift - --ssl-insecure-skip-verify=false - --scope=user:full env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_ID name: kube-auth-proxy-creds - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_SECRET name: kube-auth-proxy-creds - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_COOKIE_SECRET name: kube-auth-proxy-creds - name: PROXY_MODE value: auth image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imagePullPolicy: IfNotPresent name: kube-auth-proxy ports: - containerPort: 4180 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 9000 name: metrics protocol: TCP resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 1000310000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-jv4pm readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-auth-proxy-dockercfg-5rvrm nodeName: ip-10-0-133-81.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000310000 runAsNonRoot: true seLinuxOptions: level: s0:c18,c2 seccompProfile: type: RuntimeDefault serviceAccount: kube-auth-proxy serviceAccountName: kube-auth-proxy terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certs secret: defaultMode: 420 secretName: kube-auth-proxy-tls - emptyDir: medium: Memory sizeLimit: 10Mi name: tmp - name: kube-api-access-jv4pm projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:01Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-16T04:29:57Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:01Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:01Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-16T04:29:57Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 500m memory: 128Mi containerID: cri-o://601066609a794d27c82f2c0cc822743dc5c42b442e050629c359699997f6171e image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imageID: quay.io/opendatahub/odh-kube-auth-proxy@sha256:67f3167118ee495b68cf87988f404ef41beeca2a1bba3cbd10790736689b49f7 lastState: {} name: kube-auth-proxy ready: true resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-16T04:30:01Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000310000 uid: 1000310000 volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-jv4pm readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.133.81 hostIPs: - ip: 10.0.133.81 phase: Running podIP: 10.132.0.28 podIPs: - ip: 10.132.0.28 qosClass: Burstable startTime: "2026-04-16T04:29:57Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.19/23"],"mac_address":"0a:58:0a:85:00:13","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.19/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.19" ], "mac": "0a:58:0a:85:00:13", "default": true, "dns": {} }] opendatahub.io/secret-hash: 4a9be730f8f8218c98351dce83cf8cf0faa50e4ef99f21434a2743b80acc6c74 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-16T04:29:57Z" generateName: kube-auth-proxy-68d6cc647- generation: 1 labels: app: kube-auth-proxy app.kubernetes.io/component: authentication pod-template-hash: 68d6cc647 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-140-211 operation: Update subresource: status time: "2026-04-16T04:29:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:opendatahub.io/secret-hash: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/component: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"eb9fffe1-0a9e-493b-8308-165e35a01552"}: {} f:spec: f:containers: k:{"name":"kube-auth-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"OAUTH2_PROXY_CLIENT_ID"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_CLIENT_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_COOKIE_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"PROXY_MODE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":4180,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9000,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:limits: .: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tmp"}: .: {} f:emptyDir: .: {} f:medium: {} f:sizeLimit: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-16T04:29:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-16T04:29:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.19"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-16T04:30:01Z" name: kube-auth-proxy-68d6cc647-pv6kd namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-auth-proxy-68d6cc647 uid: eb9fffe1-0a9e-493b-8308-165e35a01552 resourceVersion: "14417" uid: a36c88de-8c4f-430f-8db6-fb29785a0264 spec: containers: - args: - --http-address=0.0.0.0:4180 - --https-address=0.0.0.0:8443 - --metrics-address=0.0.0.0:9000 - --email-domain=* - --upstream=static://200 - --skip-provider-button - --skip-jwt-bearer-tokens=true - --pass-access-token=true - --set-xauthrequest=true - --enable-k8s-token-validation=true - --redirect-url=https://rh-ai.apps.27739f6e-499b-49aa-8cbf-52701e8addec.prod.konfluxeaas.com/oauth2/callback - --tls-cert-file=/etc/tls/private/tls.crt - --tls-key-file=/etc/tls/private/tls.key - --use-system-trust-store=true - --cookie-expire=24h0m0s - --cookie-refresh=1h0m0s - --cookie-secure=true - --cookie-httponly=true - --cookie-samesite=lax - --cookie-name=_oauth2_proxy - --cookie-domain=rh-ai.apps.27739f6e-499b-49aa-8cbf-52701e8addec.prod.konfluxeaas.com - --provider=openshift - --ssl-insecure-skip-verify=false - --scope=user:full env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_ID name: kube-auth-proxy-creds - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_SECRET name: kube-auth-proxy-creds - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_COOKIE_SECRET name: kube-auth-proxy-creds - name: PROXY_MODE value: auth image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imagePullPolicy: IfNotPresent name: kube-auth-proxy ports: - containerPort: 4180 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 9000 name: metrics protocol: TCP resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 1000310000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-gmr4d readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-auth-proxy-dockercfg-5rvrm nodeName: ip-10-0-140-211.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000310000 runAsNonRoot: true seLinuxOptions: level: s0:c18,c2 seccompProfile: type: RuntimeDefault serviceAccount: kube-auth-proxy serviceAccountName: kube-auth-proxy terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certs secret: defaultMode: 420 secretName: kube-auth-proxy-tls - emptyDir: medium: Memory sizeLimit: 10Mi name: tmp - name: kube-api-access-gmr4d projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:01Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-16T04:29:57Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:01Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-16T04:30:01Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-16T04:29:57Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 500m memory: 128Mi containerID: cri-o://1431adb383b6283bbf026b53f868827dc9603e3bb30334281fba06f17a67cb4e image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imageID: quay.io/opendatahub/odh-kube-auth-proxy@sha256:67f3167118ee495b68cf87988f404ef41beeca2a1bba3cbd10790736689b49f7 lastState: {} name: kube-auth-proxy ready: true resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-16T04:30:00Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000310000 uid: 1000310000 volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-gmr4d readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.140.211 hostIPs: - ip: 10.0.140.211 phase: Running podIP: 10.133.0.19 podIPs: - ip: 10.133.0.19 qosClass: Burstable startTime: "2026-04-16T04:29:57Z" - apiVersion: v1 kind: Pod metadata: annotations: istio.io/rev: openshift-gateway k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.36/23"],"mac_address":"0a:58:0a:84:00:24","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.36/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.36" ], "mac": "0a:58:0a:84:00:24", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 prometheus.io/path: /stats/prometheus prometheus.io/port: "15020" prometheus.io/scrape: "true" seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-16T04:32:31Z" generateName: maas-default-gateway-openshift-default-58b6f876- generation: 1 labels: gateway.istio.io/managed: istio.io-gateway-controller gateway.networking.k8s.io/gateway-name: maas-default-gateway pod-template-hash: 58b6f876 service.istio.io/canonical-name: maas-default-gateway-openshift-default service.istio.io/canonical-revision: latest sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-133-81 operation: Update subresource: status time: "2026-04-16T04:32:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:istio.io/rev: {} f:prometheus.io/path: {} f:prometheus.io/port: {} f:prometheus.io/scrape: {} f:generateName: {} f:labels: .: {} f:gateway.istio.io/managed: {} f:gateway.networking.k8s.io/gateway-name: {} f:pod-template-hash: {} f:service.istio.io/canonical-name: {} f:service.istio.io/canonical-revision: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"61637012-50a7-449d-8208-8bfc81b8b763"}: {} f:spec: f:containers: k:{"name":"istio-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"CA_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"GOMAXPROCS"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"GOMEMLIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"HOST_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"INSTANCE_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_CPU_LIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"ISTIO_META_APP_CONTAINERS"}: .: {} f:name: {} k:{"name":"ISTIO_META_CLUSTER_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_INTERCEPTION_MODE"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_MESH_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_NODE_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_META_OWNER"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_POD_PORTS"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_WORKLOAD_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_CERT_PROVIDER"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROXY_CONFIG"}: .: {} f:name: {} f:value: {} k:{"name":"SERVICE_ACCOUNT"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"TRUST_DOMAIN"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":15020,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15021,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/istio/pod"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/istio/proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/istio/data"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/credential-uds"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/istio"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/tokens"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-credentials"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-uds"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:sysctls: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"credential-socket"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-data"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-envoy"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"istio-podinfo"}: .: {} f:downwardAPI: .: {} f:defaultMode: {} f:items: {} f:name: {} k:{"name":"istio-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"istiod-ca-cert"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"workload-certs"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"workload-socket"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-16T04:32:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-16T04:32:32Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.36"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-16T04:32:36Z" name: maas-default-gateway-openshift-default-58b6f876-tp7ww namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: maas-default-gateway-openshift-default-58b6f876 uid: 61637012-50a7-449d-8208-8bfc81b8b763 resourceVersion: "21254" uid: b0f6588a-939a-44db-935c-149b41f7b7ad spec: containers: - args: - proxy - router - --domain - $(POD_NAMESPACE).svc.cluster.local - --proxyLogLevel - warning - --proxyComponentLogLevel - misc:error - --log_output_level - default:info env: - name: PILOT_CERT_PROVIDER value: istiod - name: CA_ADDR value: istiod-openshift-gateway.openshift-ingress.svc:15012 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: ISTIO_CPU_LIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: PROXY_CONFIG value: | {"discoveryAddress":"istiod-openshift-gateway.openshift-ingress.svc:15012","proxyHeaders":{"server":{"disabled":true},"envoyDebugHeaders":{"disabled":true},"metadataExchangeHeaders":{"mode":"IN_MESH"}}} - name: ISTIO_META_POD_PORTS value: '[]' - name: ISTIO_META_APP_CONTAINERS - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.memory - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: ISTIO_META_CLUSTER_ID value: Kubernetes - name: ISTIO_META_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: ISTIO_META_INTERCEPTION_MODE value: REDIRECT - name: ISTIO_META_WORKLOAD_NAME value: maas-default-gateway-openshift-default - name: ISTIO_META_OWNER value: kubernetes://apis/apps/v1/namespaces/openshift-ingress/deployments/maas-default-gateway-openshift-default - name: ISTIO_META_MESH_ID value: cluster.local - name: TRUST_DOMAIN value: cluster.local image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15020 name: metrics protocol: TCP - containerPort: 15021 name: status-port protocol: TCP - containerPort: 15090 name: http-envoy-prom protocol: TCP readinessProbe: failureThreshold: 4 httpGet: path: /healthz/ready port: 15021 scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1000319999 runAsNonRoot: true runAsUser: 1000319999 startupProbe: failureThreshold: 30 httpGet: path: /healthz/ready port: 15021 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 1 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-rpv7v readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: maas-default-gateway-openshift-default-dockercfg-jlr4c nodeName: ip-10-0-133-81.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000310000 seLinuxOptions: level: s0:c18,c2 seccompProfile: type: RuntimeDefault sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0" serviceAccount: maas-default-gateway-openshift-default serviceAccountName: maas-default-gateway-openshift-default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: workload-socket - emptyDir: {} name: credential-socket - emptyDir: {} name: workload-certs - emptyDir: medium: Memory name: istio-envoy - emptyDir: {} name: istio-data - downwardAPI: defaultMode: 420 items: - fieldRef: apiVersion: v1 fieldPath: metadata.labels path: labels - fieldRef: apiVersion: v1 fieldPath: metadata.annotations path: annotations name: istio-podinfo - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - configMap: defaultMode: 420 name: istio-ca-root-cert name: istiod-ca-cert - name: kube-api-access-rpv7v projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-16T04:32:35Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-16T04:32:31Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-16T04:32:36Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-16T04:32:36Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-16T04:32:31Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 100m memory: 128Mi containerID: cri-o://f38e409cb5ef95ec6a9775930136a2e694c110e56646e737574c2adb36116845 image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imageID: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0a86de591c0c259464e80a5c01e0c85078263846253cd50ef5ac555bcf1e4fec lastState: {} name: istio-proxy ready: true resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-16T04:32:34Z" user: linux: gid: 1000319999 supplementalGroups: - 1000319999 - 1000310000 uid: 1000319999 volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-rpv7v readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.133.81 hostIPs: - ip: 10.0.133.81 phase: Running podIP: 10.132.0.36 podIPs: - ip: 10.132.0.36 qosClass: Burstable startTime: "2026-04-16T04:32:31Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.10/23"],"mac_address":"0a:58:0a:86:00:0a","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.10/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.10" ], "mac": "0a:58:0a:86:00:0a", "default": true, "dns": {} }] openshift.io/required-scc: restricted openshift.io/scc: restricted security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-04-16T04:25:33Z" generateName: router-default-5d4bf78676- generation: 1 labels: ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default ingresscontroller.operator.openshift.io/hash: 799578f789 pod-template-hash: 5d4bf78676 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-133-103 operation: Update subresource: status time: "2026-04-16T04:25:33Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:ingresscontroller.operator.openshift.io/deployment-ingresscontroller: {} f:ingresscontroller.operator.openshift.io/hash: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"4f97252a-21ca-4c76-8cd5-b4d12e67c7de"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"router"}: .: {} f:env: .: {} k:{"name":"DEFAULT_CERTIFICATE_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"DEFAULT_DESTINATION_CA_PATH"}: .: {} f:name: {} f:value: {} k:{"name":"RELOAD_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_ALLOW_WILDCARD_ROUTES"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_CANONICAL_HOSTNAME"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_CIPHERS"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_CIPHERSUITES"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_DISABLE_HTTP2"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_DOMAIN"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_ENABLE_EXTERNAL_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_LOAD_BALANCE_ALGORITHM"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_METRICS_TLS_CERT_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_METRICS_TLS_KEY_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_METRICS_TYPE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_SERVICE_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_SERVICE_NAMESPACE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_SET_FORWARDED_HEADERS"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_TCP_BALANCE_SCHEME"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_THREADS"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_USE_PROXY_PROTOCOL"}: .: {} f:name: {} f:value: {} k:{"name":"SSL_MIN_VERSION"}: .: {} f:name: {} f:value: {} k:{"name":"STATS_PASSWORD_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"STATS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"STATS_USERNAME_FILE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:terminationGracePeriodSeconds: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":80,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":1936,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:readOnlyRootFilesystem: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/tls/metrics-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/lib/haproxy/conf/metrics-auth"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/configmaps/service-ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"default-certificate"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"service-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"stats-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-04-16T04:25:33Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-16T04:26:06Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.10"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-16T04:26:08Z" name: router-default-5d4bf78676-l9b55 namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: router-default-5d4bf78676 uid: 4f97252a-21ca-4c76-8cd5-b4d12e67c7de resourceVersion: "8066" uid: a33cde98-e7f0-4bc9-a9e5-1a6136039882 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node.openshift.io/remote-worker operator: NotIn values: - "" containers: - env: - name: DEFAULT_CERTIFICATE_DIR value: /etc/pki/tls/private - name: DEFAULT_DESTINATION_CA_PATH value: /var/run/configmaps/service-ca/service-ca.crt - name: RELOAD_INTERVAL value: 5s - name: ROUTER_ALLOW_WILDCARD_ROUTES value: "false" - name: ROUTER_CANONICAL_HOSTNAME value: router-default.apps.27739f6e-499b-49aa-8cbf-52701e8addec.prod.konfluxeaas.com - name: ROUTER_CIPHERS value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - name: ROUTER_CIPHERSUITES value: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 - name: ROUTER_DISABLE_HTTP2 value: "true" - name: ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK value: "false" - name: ROUTER_DOMAIN value: apps.27739f6e-499b-49aa-8cbf-52701e8addec.prod.konfluxeaas.com - name: ROUTER_ENABLE_EXTERNAL_CERTIFICATE value: "true" - name: ROUTER_LOAD_BALANCE_ALGORITHM value: random - name: ROUTER_METRICS_TLS_CERT_FILE value: /etc/pki/tls/metrics-certs/tls.crt - name: ROUTER_METRICS_TLS_KEY_FILE value: /etc/pki/tls/metrics-certs/tls.key - name: ROUTER_METRICS_TYPE value: haproxy - name: ROUTER_SERVICE_NAME value: default - name: ROUTER_SERVICE_NAMESPACE value: openshift-ingress - name: ROUTER_SET_FORWARDED_HEADERS value: append - name: ROUTER_TCP_BALANCE_SCHEME value: source - name: ROUTER_THREADS value: "4" - name: ROUTER_USE_PROXY_PROTOCOL value: "true" - name: SSL_MIN_VERSION value: TLSv1.2 - name: STATS_PASSWORD_FILE value: /var/lib/haproxy/conf/metrics-auth/statsPassword - name: STATS_PORT value: "1936" - name: STATS_USERNAME_FILE value: /var/lib/haproxy/conf/metrics-auth/statsUsername image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f2e4763905898d3870f64ebc9721d8d43ae2973f4ba295d48f84e36e6f72d013 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 1936 scheme: HTTP periodSeconds: 10 successThreshold: 1 terminationGracePeriodSeconds: 10 timeoutSeconds: 1 name: router ports: - containerPort: 80 name: http protocol: TCP - containerPort: 443 name: https protocol: TCP - containerPort: 1936 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz/ready port: 1936 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 100m memory: 256Mi securityContext: allowPrivilegeEscalation: true capabilities: drop: - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000310000 startupProbe: failureThreshold: 120 httpGet: path: /healthz/ready port: 1936 scheme: HTTP periodSeconds: 1 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/pki/tls/private name: default-certificate readOnly: true - mountPath: /var/run/configmaps/service-ca name: service-ca-bundle readOnly: true - mountPath: /var/lib/haproxy/conf/metrics-auth name: stats-auth readOnly: true - mountPath: /etc/pki/tls/metrics-certs name: metrics-certs readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lgkbk readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: router-dockercfg-kzm5k nodeName: ip-10-0-133-103.ec2.internal nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/worker: "" preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000310000 seLinuxOptions: level: s0:c18,c2 serviceAccount: router serviceAccountName: router terminationGracePeriodSeconds: 3600 tolerations: - effect: NoExecute key: kubernetes.io/e2e-evict-taint-key operator: Equal value: evictTaintVal - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists topologySpreadConstraints: - labelSelector: matchExpressions: - key: ingresscontroller.operator.openshift.io/hash operator: In values: - 799578f789 maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway volumes: - name: default-certificate secret: defaultMode: 420 secretName: default-ingress-cert - configMap: defaultMode: 420 items: - key: service-ca.crt path: service-ca.crt name: service-ca-bundle optional: false name: service-ca-bundle - name: stats-auth secret: defaultMode: 420 secretName: router-stats-default - name: metrics-certs secret: defaultMode: 420 secretName: router-metrics-certs-default - name: kube-api-access-lgkbk projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-16T04:26:07Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-16T04:25:33Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-16T04:26:08Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-16T04:26:08Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-16T04:25:33Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 100m memory: 256Mi containerID: cri-o://23f1b73319aa4ec8e675d048a4941874f0bb7686975e2ff7905fd8be2830e0b4 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f2e4763905898d3870f64ebc9721d8d43ae2973f4ba295d48f84e36e6f72d013 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7534cffb860df8351d4e7c4872551f4238b71f161adb876a5852061455e5eb7e lastState: {} name: router ready: true resources: requests: cpu: 100m memory: 256Mi restartCount: 0 started: true state: running: startedAt: "2026-04-16T04:26:06Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000310000 uid: 1000310000 volumeMounts: - mountPath: /etc/pki/tls/private name: default-certificate readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/configmaps/service-ca name: service-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/lib/haproxy/conf/metrics-auth name: stats-auth readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/tls/metrics-certs name: metrics-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-lgkbk readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.133.103 hostIPs: - ip: 10.0.133.103 phase: Running podIP: 10.134.0.10 podIPs: - ip: 10.134.0.10 qosClass: Burstable startTime: "2026-04-16T04:25:33Z" kind: PodList metadata: resourceVersion: "43731"