--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.19/23"],"mac_address":"0a:58:0a:85:00:13","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.19/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.19" ], "mac": "0a:58:0a:85:00:13", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: alertmanager openshift.io/required-scc: nonroot openshift.io/scc: nonroot security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T15:12:12Z" generateName: alertmanager-main- generation: 1 labels: alertmanager: main app.kubernetes.io/component: alert-router app.kubernetes.io/instance: main app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.29.0 apps.kubernetes.io/pod-index: "0" controller-revision-hash: alertmanager-main-5cc7447f69 statefulset.kubernetes.io/pod-name: alertmanager-main-0 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-131-172 operation: Update subresource: status time: "2026-06-05T15:12:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:alertmanager: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:apps.kubernetes.io/pod-index: {} f:controller-revision-hash: {} f:statefulset.kubernetes.io/pod-name: {} f:ownerReferences: .: {} k:{"uid":"34f3ffdc-53b4-40ad-a239-6dd8b70200f6"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"alertmanager"}: .: {} f:args: {} f:env: .: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9094,"protocol":"UDP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/alertmanager"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metric"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9097,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9095,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostname: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:subdomain: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"alertmanager-main-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"alertmanager-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"cluster-tls-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"config-volume"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-alertmanager-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-metric"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-main-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:15Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.19"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:19Z" name: alertmanager-main-0 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: alertmanager-main uid: 34f3ffdc-53b4-40ad-a239-6dd8b70200f6 resourceVersion: "10206" uid: f269fa0c-27e4-4be9-8451-ef4e59d13f64 spec: automountServiceAccountToken: true containers: - args: - --config.file=/etc/alertmanager/config_out/alertmanager.env.yaml - --storage.path=/alertmanager - --data.retention=120h - --cluster.listen-address= - --web.listen-address=127.0.0.1:9093 - --web.external-url=https://console-openshift-console.apps.ae6c0b73-be9e-4476-b905-09a56e1b25cd.prod.konfluxeaas.com/monitoring - --web.route-prefix=/ - --cluster.label=openshift-monitoring/main - --cluster.peer=alertmanager-main-0.alertmanager-operated:9094 - --cluster.reconnect-timeout=5m - --web.config.file=/etc/alertmanager/web_config/web-config.yaml env: - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 imagePullPolicy: IfNotPresent name: alertmanager ports: - containerPort: 9094 name: mesh-tcp protocol: TCP - containerPort: 9094 name: mesh-udp protocol: UDP resources: requests: cpu: 4m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume - mountPath: /etc/alertmanager/config_out name: config-out readOnly: true - mountPath: /etc/alertmanager/certs name: tls-assets readOnly: true - mountPath: /alertmanager name: alertmanager-main-db - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem/ name: alertmanager-trusted-ca-bundle - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml name: cluster-tls-config readOnly: true subPath: cluster-tls-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true - args: - --listen-address=localhost:8080 - --web-config-file=/etc/alertmanager/web_config/web-config.yaml - --reload-url=http://localhost:9093/-/reload - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true - args: - --secure-listen-address=0.0.0.0:9095 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9095 name: web protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9096 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy - mountPath: /etc/tls/private name: secret-alertmanager-main-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true - args: - --secure-listen-address=0.0.0.0:9097 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metric ports: - containerPort: 9097 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true - args: - --insecure-listen-address=127.0.0.1:9096 - --upstream=http://127.0.0.1:9093 - --label=namespace - --error-on-replace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 20Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: alertmanager-main-0 imagePullSecrets: - name: alertmanager-main-dockercfg-7tjvm initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-init protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true nodeName: ip-10-0-131-172.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c21,c20 serviceAccount: alertmanager-main serviceAccountName: alertmanager-main subdomain: alertmanager-operated terminationGracePeriodSeconds: 120 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: config-volume secret: defaultMode: 420 secretName: alertmanager-main-generated - name: tls-assets projected: defaultMode: 420 sources: - secret: name: alertmanager-main-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-alertmanager-main-tls secret: defaultMode: 420 secretName: alertmanager-main-tls - name: secret-alertmanager-kube-rbac-proxy secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy - name: secret-alertmanager-kube-rbac-proxy-metric secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-metric - name: secret-alertmanager-kube-rbac-proxy-web secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-web - name: web-config secret: defaultMode: 420 secretName: alertmanager-main-web-config - name: cluster-tls-config secret: defaultMode: 420 secretName: alertmanager-main-cluster-tls-config - emptyDir: {} name: alertmanager-main-db - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: alertmanager-trusted-ca-bundle name: alertmanager-trusted-ca-bundle - name: kube-api-access-j5ptt projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:16Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:16Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:19Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:19Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:12Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 4m memory: 40Mi containerID: cri-o://7d43030dec35c1cc3fee17ad294085005a4fe55410a50c5d080922bb93b738b6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 lastState: {} name: alertmanager ready: true resources: requests: cpu: 4m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:18Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume - mountPath: /etc/alertmanager/config_out name: config-out readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/certs name: tls-assets readOnly: true recursiveReadOnly: Disabled - mountPath: /alertmanager name: alertmanager-main-db - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem/ name: alertmanager-trusted-ca-bundle - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml name: cluster-tls-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://4adbc940e6166a2055ddfb3a73e7e7cc36de9a39306195a1447be5bac2601cb5 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:18Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://2d2725487f7247a5c366ea005817580914a3046886429ebb764bf5b046056173 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:18Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy - mountPath: /etc/tls/private name: secret-alertmanager-main-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://2bc429be39f0f4b730f9c9f6adcfdc0933385564138f68f8f02a62246b2520f0 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-metric ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:18Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://9cb361e1859abab05f0e278c17c61faf41430dc2495c18a9252428e7e5aef280 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:18Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://33e916bae51112162117939ece14da7c70f5901132835751fe3572de9becf0fd image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd lastState: {} name: prom-label-proxy ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:19Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.172 hostIPs: - ip: 10.0.131.172 initContainerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://711978080c742cd073d520d715af898e8b9f484f4f13982f7e4c5227335fa63a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: init-config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: false state: terminated: containerID: cri-o://711978080c742cd073d520d715af898e8b9f484f4f13982f7e4c5227335fa63a exitCode: 0 finishedAt: "2026-06-05T15:12:16Z" reason: Completed startedAt: "2026-06-05T15:12:16Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-j5ptt readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.133.0.19 podIPs: - ip: 10.133.0.19 qosClass: Burstable startTime: "2026-06-05T15:12:12Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.9/23"],"mac_address":"0a:58:0a:85:00:09","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.9/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.9" ], "mac": "0a:58:0a:85:00:09", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T15:11:27Z" generateName: cluster-monitoring-operator-74bbf69bbb- generation: 1 labels: app: cluster-monitoring-operator app.kubernetes.io/name: cluster-monitoring-operator app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 74bbf69bbb managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-131-172 operation: Update subresource: status time: "2026-06-05T15:11:27Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"3546f6c0-33e4-402a-aaa5-f347eb1bf868"}: {} f:spec: f:containers: k:{"name":"cluster-monitoring-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-monitoring-operator/telemetry"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cluster-monitoring-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemetry-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:11:27Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:11:59Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.9"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:02Z" name: cluster-monitoring-operator-74bbf69bbb-k7mqx namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-monitoring-operator-74bbf69bbb uid: 3546f6c0-33e4-402a-aaa5-f347eb1bf868 resourceVersion: "9395" uid: 756f1ac0-70c8-408d-a13b-99b415c91791 spec: containers: - args: - -namespace=openshift-monitoring - -namespace-user-workload=openshift-user-workload-monitoring - -configmap=cluster-monitoring-config - -release-version=$(RELEASE_VERSION) - -v=2 - -cert-file=/etc/tls/private/tls.crt - -key-file=/etc/tls/private/tls.key - -images=prometheus-operator=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 - -images=prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 - -images=prometheus-operator-admission-webhook=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 - -images=configmap-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3068d66b76b04572a3ca4be20cbe477525f5191ded00e0b088f7932a17e0b30d - -images=prometheus=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b - -images=alertmanager=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 - -images=node-exporter=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d - -images=kube-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b35a804998bcf5aed75b961bcc669dc7ebb6ecf4ea9fe4fcf81a51780e9659b - -images=openshift-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda - -images=kube-rbac-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea - -images=telemeter-client=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 - -images=prom-label-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd - -images=thanos=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 - -images=monitoring-plugin=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a - -images=kube-metrics-server=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 env: - name: RELEASE_VERSION value: 4.21.19 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:918cf797d0e81470ae4575ebf4df4b189cb24f06173893277d417b74fdd2f83f imagePullPolicy: IfNotPresent name: cluster-monitoring-operator ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 75Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: cluster-monitoring-operator-tls readOnly: true - mountPath: /etc/cluster-monitoring-operator/telemetry name: telemetry-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-9m6bp readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: cluster-monitoring-operator-dockercfg-bhkjc nodeName: ip-10-0-131-172.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000460000 seLinuxOptions: level: s0:c21,c20 seccompProfile: type: RuntimeDefault serviceAccount: cluster-monitoring-operator serviceAccountName: cluster-monitoring-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - configMap: defaultMode: 420 name: telemetry-config name: telemetry-config - name: cluster-monitoring-operator-tls secret: defaultMode: 420 secretName: cluster-monitoring-operator-tls - name: kube-api-access-9m6bp projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:02Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:11:27Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:02Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:02Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:11:27Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 75Mi containerID: cri-o://f994dbd8ecda607b60b050bd24ce17fd1b522b5535cfa519e47fc02f874da30e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:918cf797d0e81470ae4575ebf4df4b189cb24f06173893277d417b74fdd2f83f imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7254a8c04e9f17465009044222270016263daaa27825aa3f0fc3a37876b2567b lastState: {} name: cluster-monitoring-operator ready: true resources: requests: cpu: 10m memory: 75Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:01Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: cluster-monitoring-operator-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cluster-monitoring-operator/telemetry name: telemetry-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-9m6bp readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.172 hostIPs: - ip: 10.0.131.172 observedGeneration: 1 phase: Running podIP: 10.133.0.9 podIPs: - ip: 10.133.0.9 qosClass: Burstable startTime: "2026-06-05T15:11:27Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.20/23"],"mac_address":"0a:58:0a:84:00:14","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.20/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.20" ], "mac": "0a:58:0a:84:00:14", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: kube-state-metrics openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T15:12:11Z" generateName: kube-state-metrics-57bbf8bfb5- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 2.17.0 pod-template-hash: 57bbf8bfb5 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-143-192 operation: Update subresource: status time: "2026-06-05T15:12:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"a466df0f-3f9d-4112-b14f-c204d429b216"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-state-metrics"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"kube-state-metrics-custom-resource-state-configmap"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"kube-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"kube-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"volume-directive-shadow"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.20"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:24Z" name: kube-state-metrics-57bbf8bfb5-xrxxr namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-state-metrics-57bbf8bfb5 uid: a466df0f-3f9d-4112-b14f-c204d429b216 resourceVersion: "10333" uid: 2f214bf3-a820-400d-a501-9fadf037765a spec: automountServiceAccountToken: true containers: - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - --custom-resource-state-config-file=/etc/kube-state-metrics/custom-resource-state-configmap.yaml - | --metric-denylist= ^kube_secret_labels$, ^kube_.+_annotations$, ^kube_customresource_.+_annotations_info$, ^kube_customresource_.+_labels_info$ - --metric-labels-allowlist=pods=[*],nodes=[*],namespaces=[*],persistentvolumes=[*],persistentvolumeclaims=[*],poddisruptionbudgets=[*] - | --metric-denylist= ^kube_.+_created$, ^kube_.+_metadata_resource_version$, ^kube_replicaset_metadata_generation$, ^kube_replicaset_status_observed_generation$, ^kube_pod_restart_policy$, ^kube_pod_init_container_status_terminated$, ^kube_pod_init_container_status_running$, ^kube_pod_container_status_terminated$, ^kube_pod_container_status_running$, ^kube_pod_completion_time$, ^kube_pod_status_scheduled$ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b35a804998bcf5aed75b961bcc669dc7ebb6ecf4ea9fe4fcf81a51780e9659b imagePullPolicy: IfNotPresent name: kube-state-metrics resources: requests: cpu: 2m memory: 80Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp name: volume-directive-shadow - mountPath: /etc/kube-state-metrics name: kube-state-metrics-custom-resource-state-configmap readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-v4r7d readOnly: true - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-v4r7d readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-v4r7d readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-state-metrics-dockercfg-nqzfn nodeName: ip-10-0-143-192.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000460000 seLinuxOptions: level: s0:c21,c20 seccompProfile: type: RuntimeDefault serviceAccount: kube-state-metrics serviceAccountName: kube-state-metrics terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: volume-directive-shadow - name: kube-state-metrics-tls secret: defaultMode: 420 secretName: kube-state-metrics-tls - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: kube-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: kube-state-metrics-custom-resource-state-configmap name: kube-state-metrics-custom-resource-state-configmap - name: kube-api-access-v4r7d projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:11Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:11Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://32181f056574fe3fcc033ab1077cdfda5d968e5d7613fda1459c97268ede80e1 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-main ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-v4r7d readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://9ffb43f5c65972be65e095df396e08148a8f274cdee3279736d5c827f354c6b3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-self ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-v4r7d readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 2m memory: 80Mi containerID: cri-o://e7323229a31793fa99ee7d24430c4d7cde315daaaddc68bc67265ba171e87f46 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b35a804998bcf5aed75b961bcc669dc7ebb6ecf4ea9fe4fcf81a51780e9659b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0fed5ae25f578830f8c74975b5e7a2fc75b362a09231066752cce55854eb9098 lastState: {} name: kube-state-metrics ready: true resources: requests: cpu: 2m memory: 80Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /tmp name: volume-directive-shadow - mountPath: /etc/kube-state-metrics name: kube-state-metrics-custom-resource-state-configmap readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-v4r7d readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.143.192 hostIPs: - ip: 10.0.143.192 observedGeneration: 1 phase: Running podIP: 10.132.0.20 podIPs: - ip: 10.132.0.20 qosClass: Burstable startTime: "2026-06-05T15:12:11Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.20/23"],"mac_address":"0a:58:0a:85:00:14","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.20/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.20" ], "mac": "0a:58:0a:85:00:14", "default": true, "dns": {} }] monitoring.openshift.io/kubelet-serving-ca-bundle-hash: a3n807lsmoo1b monitoring.openshift.io/metrics-server-client-certs-hash: ai59hibgp4pgb monitoring.openshift.io/serving-ca-secret-hash: 1una6vqga1oml openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T15:12:16Z" generateName: metrics-server-7754f9975f- generation: 1 labels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 7754f9975f managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-131-172 operation: Update subresource: status time: "2026-06-05T15:12:16Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:monitoring.openshift.io/kubelet-serving-ca-bundle-hash: {} f:monitoring.openshift.io/metrics-server-client-certs-hash: {} f:monitoring.openshift.io/serving-ca-secret-hash: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"a765e62f-8e97-43fb-9733-44b3d6f4aaa7"}: {} f:spec: f:containers: k:{"name":"metrics-server"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":10250,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/audit"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/client-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/metrics-server-client-certs"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/log/metrics-server"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"audit-log"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"client-ca-bundle"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"metrics-server-audit-profiles"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-metrics-server-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-server-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:16Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:16Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.20"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:56Z" name: metrics-server-7754f9975f-bkz79 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metrics-server-7754f9975f uid: a765e62f-8e97-43fb-9733-44b3d6f4aaa7 resourceVersion: "10708" uid: 922930c5-193d-42ca-bb3f-44a945ffce0a spec: containers: - args: - --secure-port=10250 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-certificate-authority=/etc/tls/kubelet-serving-ca-bundle/ca-bundle.crt - --kubelet-client-certificate=/etc/tls/metrics-server-client-certs/tls.crt - --kubelet-client-key=/etc/tls/metrics-server-client-certs/tls.key - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --shutdown-send-retry-after=true - --shutdown-delay-duration=150s - --disable-http2-serving=true - --tls-min-version=VersionTLS12 - --client-ca-file=/etc/client-ca-bundle/client-ca-file - --requestheader-client-ca-file=/etc/client-ca-bundle/requestheader-client-ca-file - --requestheader-allowed-names=kube-apiserver-proxy,system:kube-apiserver-proxy,system:openshift-aggregator - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --audit-policy-file=/etc/audit/metadata-profile.yaml - --audit-log-path=/var/log/metrics-server/audit.log - --audit-log-maxsize=100 - --audit-log-maxbackup=5 - --audit-log-compress=true image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: metrics-server ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 6 httpGet: path: /livez port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000460000 startupProbe: failureThreshold: 6 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-server-client-certs name: secret-metrics-server-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vc2mr readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: metrics-server-dockercfg-5tlkl nodeName: ip-10-0-131-172.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000460000 seLinuxOptions: level: s0:c21,c20 seccompProfile: type: RuntimeDefault serviceAccount: metrics-server serviceAccountName: metrics-server terminationGracePeriodSeconds: 170 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: secret-metrics-server-client-certs secret: defaultMode: 420 secretName: metrics-server-client-certs - name: secret-metrics-server-tls secret: defaultMode: 420 secretName: metrics-server-tls - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - emptyDir: {} name: audit-log - configMap: defaultMode: 420 name: metrics-server-audit-profiles name: metrics-server-audit-profiles - name: client-ca-bundle secret: defaultMode: 420 secretName: metrics-server-bbdvgl884d3s2 - name: kube-api-access-vc2mr projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:18Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:16Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:56Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:56Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:16Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 40Mi containerID: cri-o://ab8d12eba2fec8719c7b84691789624b562b9133acb4a3941111b82c72a7aa2c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 lastState: {} name: metrics-server ready: true resources: requests: cpu: 1m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-server-client-certs name: secret-metrics-server-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true recursiveReadOnly: Disabled - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vc2mr readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.172 hostIPs: - ip: 10.0.131.172 observedGeneration: 1 phase: Running podIP: 10.133.0.20 podIPs: - ip: 10.133.0.20 qosClass: Burstable startTime: "2026-06-05T15:12:16Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.22/23"],"mac_address":"0a:58:0a:84:00:16","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.22/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.22" ], "mac": "0a:58:0a:84:00:16", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T15:12:16Z" generateName: monitoring-plugin-76b68cc874- generation: 1 labels: app.kubernetes.io/component: monitoring-plugin app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: monitoring-plugin app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 76b68cc874 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-143-192 operation: Update subresource: status time: "2026-06-05T15:12:16Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"02d7e767-4b48-473a-b4b3-582a8206fd40"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"monitoring-plugin"}: .: {} f:args: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/cert"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"monitoring-plugin-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:16Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.22"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:24Z" name: monitoring-plugin-76b68cc874-vkq47 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: monitoring-plugin-76b68cc874 uid: 02d7e767-4b48-473a-b4b3-582a8206fd40 resourceVersion: "10346" uid: d143aef1-344c-42ae-bf38-9c1ac30477c3 spec: automountServiceAccountToken: true containers: - args: - --config-path=/opt/app-root/web/dist - --static-path=/opt/app-root/web/dist - --cert=/var/cert/tls.crt - --key=/var/cert/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 command: - /opt/app-root/plugin-backend image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a imagePullPolicy: IfNotPresent name: monitoring-plugin ports: - containerPort: 9443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /health port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/cert name: monitoring-plugin-cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hkms readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: monitoring-plugin-dockercfg-dswzn nodeName: ip-10-0-143-192.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000460000 runAsNonRoot: true seLinuxOptions: level: s0:c21,c20 seccompProfile: type: RuntimeDefault serviceAccount: monitoring-plugin serviceAccountName: monitoring-plugin terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: monitoring-plugin-cert secret: defaultMode: 420 secretName: monitoring-plugin-cert - name: kube-api-access-2hkms projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:16Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:16Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 50Mi containerID: cri-o://8ad3d42b980a23d8a2297a6a155b7dccf325e861d5ce10aea0f2eaedbd014060 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a lastState: {} name: monitoring-plugin ready: true resources: requests: cpu: 10m memory: 50Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /var/cert name: monitoring-plugin-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hkms readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.143.192 hostIPs: - ip: 10.0.143.192 observedGeneration: 1 phase: Running podIP: 10.132.0.22 podIPs: - ip: 10.132.0.22 qosClass: Burstable startTime: "2026-06-05T15:12:16Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T15:12:11Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"6a07642f-af1c-45b3-a73e-3ac271d3e4a2"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.131.172"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:15Z" name: node-exporter-7w7t8 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: 6a07642f-af1c-45b3-a73e-3ac271d3e4a2 resourceVersion: "9965" uid: 8b560bb0-465d-4e30-9f6b-50fee87ad319 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-131-172.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fxg8b readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fxg8b readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-h5449 initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fxg8b readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-131-172.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-fxg8b projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:14Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:14Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:15Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:15Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:11Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://fe4b1ef2b59d0b71790b4422e606d80a4f36fd16dbf6af5a91a8f1e3facf0f89 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:15Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fxg8b readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://b23720c0f0a61920b58abb0f7cdf58351de59edcd68390288fed5b7855681ebf image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:15Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fxg8b readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.172 hostIPs: - ip: 10.0.131.172 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://2565db0a54a55cc566aefd65d34d38bc1992ae187c0cd148878a847ebcc4a7fb image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://2565db0a54a55cc566aefd65d34d38bc1992ae187c0cd148878a847ebcc4a7fb exitCode: 0 finishedAt: "2026-06-05T15:12:13Z" reason: Completed startedAt: "2026-06-05T15:12:13Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fxg8b readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.131.172 podIPs: - ip: 10.0.131.172 qosClass: Burstable startTime: "2026-06-05T15:12:11Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T15:12:11Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"6a07642f-af1c-45b3-a73e-3ac271d3e4a2"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.143.192"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:24Z" name: node-exporter-92psm namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: 6a07642f-af1c-45b3-a73e-3ac271d3e4a2 resourceVersion: "10350" uid: 3347d301-14af-4768-b141-d0675962b22e spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-143-192.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hvgtx readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hvgtx readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-h5449 initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hvgtx readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-143-192.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-hvgtx projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:20Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:20Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:11Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://e322441b84c7c6d0218dde3ef112edb5f0558b82f8a796f0bf5253639b0c84a2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hvgtx readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://651fcf972ed0aeafd61095f2559adf8d026c6ef0762151ab97722f633ced5386 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hvgtx readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.143.192 hostIPs: - ip: 10.0.143.192 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://0b5192e5cec352e7ce8fc45924066c17ea0fd1b522a18f35f527360252113aef image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://0b5192e5cec352e7ce8fc45924066c17ea0fd1b522a18f35f527360252113aef exitCode: 0 finishedAt: "2026-06-05T15:12:19Z" reason: Completed startedAt: "2026-06-05T15:12:19Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hvgtx readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.143.192 podIPs: - ip: 10.0.143.192 qosClass: Burstable startTime: "2026-06-05T15:12:11Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T15:12:11Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"6a07642f-af1c-45b3-a73e-3ac271d3e4a2"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.138.97"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:15Z" name: node-exporter-c9dst namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: 6a07642f-af1c-45b3-a73e-3ac271d3e4a2 resourceVersion: "9957" uid: 3ecef66d-2f1a-4043-9d84-1b0dac9cb22e spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-138-97.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-72lvs readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-72lvs readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-h5449 initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-72lvs readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-138-97.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-72lvs projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:14Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:14Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:15Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:15Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:11Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://9233813b397f9deda1eefbf4832a55511409c514e159f8496b875ae50801e580 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:14Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-72lvs readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://f31e0b50ef68cc14831f47ac95cb69965ed9a5f790b809a8c3b5274ee4d4df1b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:14Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-72lvs readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.138.97 hostIPs: - ip: 10.0.138.97 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://66707f698716ea500b3ecc06d2e1e929d959b591a0012bc948500cd3ace1354c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://66707f698716ea500b3ecc06d2e1e929d959b591a0012bc948500cd3ace1354c exitCode: 0 finishedAt: "2026-06-05T15:12:13Z" reason: Completed startedAt: "2026-06-05T15:12:13Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-72lvs readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.138.97 podIPs: - ip: 10.0.138.97 qosClass: Burstable startTime: "2026-06-05T15:12:11Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.17/23"],"mac_address":"0a:58:0a:85:00:11","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.17/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.17" ], "mac": "0a:58:0a:85:00:11", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: openshift-state-metrics openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T15:12:11Z" generateName: openshift-state-metrics-65f78d5c66- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: openshift-state-metrics app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 65f78d5c66 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-131-172 operation: Update subresource: status time: "2026-06-05T15:12:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"b2fd9103-6eba-4e7c-a4a7-063e658d3163"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"openshift-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"openshift-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"openshift-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.17"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:13Z" name: openshift-state-metrics-65f78d5c66-fmt8c namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: openshift-state-metrics-65f78d5c66 uid: b2fd9103-6eba-4e7c-a4a7-063e658d3163 resourceVersion: "9871" uid: cfd832be-e4af-4f3b-94a7-95035f46a4cb spec: containers: - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6k777 readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6k777 readOnly: true - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda imagePullPolicy: IfNotPresent name: openshift-state-metrics resources: requests: cpu: 1m memory: 32Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6k777 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: openshift-state-metrics-dockercfg-wpj2c nodeName: ip-10-0-131-172.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000460000 seLinuxOptions: level: s0:c21,c20 seccompProfile: type: RuntimeDefault serviceAccount: openshift-state-metrics serviceAccountName: openshift-state-metrics terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: openshift-state-metrics-tls secret: defaultMode: 420 secretName: openshift-state-metrics-tls - name: openshift-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: openshift-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-api-access-6k777 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:13Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:11Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:13Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:13Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:11Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://75ebf773ececdd8e4f1cfdb7cec9a1a99462fb0626179fe0ec06615c8cc29416 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-main ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:12Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6k777 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://adcd20b5cf58cc5ee878663c927bef759e5d4d90a54898c13b41040eef8f7f1f image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-self ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:12Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6k777 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 32Mi containerID: cri-o://6946bb2c2ff76724f17a8fdbbc301f1aa43983be56cff2acf6f49411b58c7399 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda lastState: {} name: openshift-state-metrics ready: true resources: requests: cpu: 1m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:13Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6k777 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.172 hostIPs: - ip: 10.0.131.172 observedGeneration: 1 phase: Running podIP: 10.133.0.17 podIPs: - ip: 10.133.0.17 qosClass: Burstable startTime: "2026-06-05T15:12:11Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.23/23"],"mac_address":"0a:58:0a:84:00:17","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.23/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.23" ], "mac": "0a:58:0a:84:00:17", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus openshift.io/required-scc: nonroot openshift.io/scc: nonroot security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T15:12:17Z" generateName: prometheus-k8s- generation: 1 labels: app.kubernetes.io/component: prometheus app.kubernetes.io/instance: k8s app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 3.7.3 apps.kubernetes.io/pod-index: "0" controller-revision-hash: prometheus-k8s-795dd986b operator.prometheus.io/name: k8s operator.prometheus.io/shard: "0" prometheus: k8s statefulset.kubernetes.io/pod-name: prometheus-k8s-0 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:apps.kubernetes.io/pod-index: {} f:controller-revision-hash: {} f:operator.prometheus.io/name: {} f:operator.prometheus.io/shard: {} f:prometheus: {} f:statefulset.kubernetes.io/pod-name: {} f:ownerReferences: .: {} k:{"uid":"f9afe089-d4d1-48b6-acf0-e8b1c480bd79"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-thanos"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10903,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prometheus"}: .: {} f:args: {} f:env: .: {} k:{"name":"GOGC"}: .: {} f:name: {} f:value: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:readinessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:startupProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/metrics-client-ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/metrics-client-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/prometheus"}: .: {} f:mountPath: {} f:name: {} k:{"name":"thanos-sidecar"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10901,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":10902,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/thanos/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostname: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:shareProcessNamespace: {} f:subdomain: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-k8s-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-0"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-1"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-2"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-thanos-sidecar-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"thanos-prometheus-http-client-file"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:17Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-143-192 operation: Update subresource: status time: "2026-06-05T15:12:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.23"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:13:18Z" name: prometheus-k8s-0 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: prometheus-k8s uid: f9afe089-d4d1-48b6-acf0-e8b1c480bd79 resourceVersion: "11292" uid: d9efe70a-bc51-4a0a-a3d2-ae2c0bd0ec99 spec: automountServiceAccountToken: true containers: - args: - --config.file=/etc/prometheus/config_out/prometheus.env.yaml - --web.enable-lifecycle - --enable-feature=delayed-compaction,use-uncached-io - --web.external-url=https://console-openshift-console.apps.ae6c0b73-be9e-4476-b905-09a56e1b25cd.prod.konfluxeaas.com/monitoring - --web.route-prefix=/ - --web.listen-address=127.0.0.1:9090 - --storage.tsdb.retention.time=15d - --storage.tsdb.path=/prometheus - --web.config.file=/etc/prometheus/web_config/web-config.yaml - --scrape.timestamp-tolerance=15ms - --no-auto-gomemlimit env: - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY - name: GOGC value: "100" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b imagePullPolicy: IfNotPresent livenessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/healthy; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/healthy; else exit 1; fi failureThreshold: 6 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus readinessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 resources: requests: cpu: 70m memory: 1Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true startupProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 60 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem/ name: prometheus-trusted-ca-bundle - mountPath: /etc/prometheus/config_out name: config-out readOnly: true - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true - mountPath: /prometheus name: prometheus-k8s-db - mountPath: /etc/prometheus/secrets/prometheus-k8s-tls name: secret-prometheus-k8s-tls readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/prometheus/secrets/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web name: secret-prometheus-k8s-kube-rbac-proxy-web readOnly: true - mountPath: /etc/prometheus/secrets/metrics-client-certs name: secret-metrics-client-certs readOnly: true - mountPath: /etc/prometheus/configmaps/serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/metrics-client-ca name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 readOnly: true - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true - args: - --listen-address=localhost:8080 - --web-config-file=/etc/prometheus/web_config/web-config.yaml - --reload-url=http://localhost:9090/-/reload - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true - args: - sidecar - --prometheus.url=http://localhost:9090/ - --tsdb.path=/prometheus - --http-address=127.0.0.1:10902 - --grpc-server-tls-cert=/etc/tls/grpc/server.crt - --grpc-server-tls-key=/etc/tls/grpc/server.key - --grpc-server-tls-client-ca=/etc/tls/grpc/ca.crt image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imagePullPolicy: IfNotPresent name: thanos-sidecar ports: - containerPort: 10902 name: http protocol: TCP - containerPort: 10901 name: grpc protocol: TCP resources: requests: cpu: 1m memory: 25Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /etc/thanos/config name: thanos-prometheus-http-client-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/kube-rbac-proxy name: secret-prometheus-k8s-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9090 - --allow-paths=/metrics,/federate - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true - args: - --secure-listen-address=[$(POD_IP)]:10903 - --upstream=http://127.0.0.1:10902 - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/metrics - --tls-min-version=VersionTLS12 env: - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-thanos ports: - containerPort: 10903 name: thanos-proxy protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: prometheus-k8s-0 imagePullSecrets: - name: prometheus-k8s-dockercfg-bjnq6 initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-init protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true nodeName: ip-10-0-143-192.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c21,c20 serviceAccount: prometheus-k8s serviceAccountName: prometheus-k8s shareProcessNamespace: false subdomain: prometheus-operated terminationGracePeriodSeconds: 600 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: config secret: defaultMode: 420 secretName: prometheus-k8s - name: tls-assets projected: defaultMode: 420 sources: - secret: name: prometheus-k8s-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-prometheus-k8s-tls secret: defaultMode: 420 secretName: prometheus-k8s-tls - name: secret-prometheus-k8s-thanos-sidecar-tls secret: defaultMode: 420 secretName: prometheus-k8s-thanos-sidecar-tls - name: secret-kube-rbac-proxy secret: defaultMode: 420 secretName: kube-rbac-proxy - name: secret-prometheus-k8s-kube-rbac-proxy-web secret: defaultMode: 420 secretName: prometheus-k8s-kube-rbac-proxy-web - name: secret-metrics-client-certs secret: defaultMode: 420 secretName: metrics-client-certs - configMap: defaultMode: 420 name: serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - configMap: defaultMode: 420 name: metrics-client-ca name: configmap-metrics-client-ca - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-0 optional: true name: prometheus-k8s-rulefiles-0 - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-1 optional: true name: prometheus-k8s-rulefiles-1 - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-2 optional: true name: prometheus-k8s-rulefiles-2 - name: web-config secret: defaultMode: 420 secretName: prometheus-k8s-web-config - name: thanos-prometheus-http-client-file secret: defaultMode: 420 secretName: prometheus-k8s-thanos-prometheus-http-client-file - emptyDir: {} name: prometheus-k8s-db - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: prometheus-trusted-ca-bundle name: prometheus-trusted-ca-bundle - name: secret-grpc-tls secret: defaultMode: 420 secretName: prometheus-k8s-grpc-tls-aat610mlq3f53 - name: kube-api-access-s9brc projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:24Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:13:18Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:13:18Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:17Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://2a6ef06cb3d01a5b8503b073637ff382f7d3ddd574c799a0afaba190d41debd6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:29Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://02aefb7ccac91351372958a50ee0b16a290d1806e3018a3d138dba0e73932ce5 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:29Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://1af8612e077e385196cf28a5f0c80e6aea16cf57306f036c934ce6114dc385de image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-thanos ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:29Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://2f6021da4652edd1830c018e5b11f29f11740aecfd4fccbe664d8193e7e1ed82 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:29Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/kube-rbac-proxy name: secret-prometheus-k8s-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 70m memory: 1Gi containerID: cri-o://3362a6d44837cde015165c4fb29e367f6cf0cc136cdfac9a137e88040cc6ccc2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b lastState: {} name: prometheus ready: true resources: requests: cpu: 70m memory: 1Gi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:28Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem/ name: prometheus-trusted-ca-bundle - mountPath: /etc/prometheus/config_out name: config-out readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true recursiveReadOnly: Disabled - mountPath: /prometheus name: prometheus-k8s-db - mountPath: /etc/prometheus/secrets/prometheus-k8s-tls name: secret-prometheus-k8s-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web name: secret-prometheus-k8s-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/metrics-client-certs name: secret-metrics-client-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/metrics-client-ca name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 25Mi containerID: cri-o://b6d3357d18c2fc50c9fd1252511469cdc5a22c8e8fc6f8025eb03bff4900d1f2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:640fefc608be90a772c385f404c6385b035e679a671f1861810ac7d1db805f84 lastState: {} name: thanos-sidecar ready: true resources: requests: cpu: 1m memory: 25Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:29Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /etc/thanos/config name: thanos-prometheus-http-client-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.143.192 hostIPs: - ip: 10.0.143.192 initContainerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://d127065693d1b047ded003d18a2158718db62e0ae81674b1a7b774b789cc301b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: init-config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: false state: terminated: containerID: cri-o://d127065693d1b047ded003d18a2158718db62e0ae81674b1a7b774b789cc301b exitCode: 0 finishedAt: "2026-06-05T15:12:23Z" reason: Completed startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s9brc readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.132.0.23 podIPs: - ip: 10.132.0.23 qosClass: Burstable startTime: "2026-06-05T15:12:18Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.19/23"],"mac_address":"0a:58:0a:84:00:13","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.19/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.19" ], "mac": "0a:58:0a:84:00:13", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T15:12:06Z" generateName: prometheus-operator-7f7d445d84- generation: 1 labels: app.kubernetes.io/component: controller app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.87.0 pod-template-hash: 7f7d445d84 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-143-192 operation: Update subresource: status time: "2026-06-05T15:12:06Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"9a5c34a4-b08e-4518-8764-5bb28027f49a"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prometheus-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"GOGC"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-operator-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"prometheus-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:06Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:07Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.19"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:09Z" name: prometheus-operator-7f7d445d84-hm2dz namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: prometheus-operator-7f7d445d84 uid: 9a5c34a4-b08e-4518-8764-5bb28027f49a resourceVersion: "9495" uid: 35e40e43-5812-40c2-843c-8bfa7639ce49 spec: automountServiceAccountToken: true containers: - args: - --kubelet-service=kube-system/kubelet - --prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 - --kubelet-endpoints=true - --kubelet-endpointslice=true - --watch-referenced-objects-in-all-namespaces=true - --prometheus-instance-namespaces=openshift-monitoring - --thanos-ruler-instance-namespaces=openshift-monitoring - --alertmanager-instance-namespaces=openshift-monitoring - --config-reloader-cpu-limit=0 - --config-reloader-memory-limit=0 - --config-reloader-cpu-request=1m - --config-reloader-memory-request=10Mi - --web.listen-address=127.0.0.1:8080 - --controller-id=openshift-monitoring/prometheus-operator env: - name: GOGC value: "30" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 imagePullPolicy: IfNotPresent name: prometheus-operator resources: requests: cpu: 5m memory: 150Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kgvdw readOnly: true - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: prometheus-operator-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-policy name: prometheus-operator-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kgvdw readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: prometheus-operator-dockercfg-h28dc nodeName: ip-10-0-143-192.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000460000 seLinuxOptions: level: s0:c21,c20 seccompProfile: type: RuntimeDefault serviceAccount: prometheus-operator serviceAccountName: prometheus-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: prometheus-operator-tls secret: defaultMode: 420 secretName: prometheus-operator-tls - name: prometheus-operator-kube-rbac-proxy-config secret: defaultMode: 420 secretName: prometheus-operator-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-api-access-kgvdw projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:09Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:06Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:09Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:09Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:06Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://4fab3164c31b5ba164c371839ad3d58d80ab43cc5d5721f192ce1f0d73487230 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:09Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: prometheus-operator-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-policy name: prometheus-operator-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kgvdw readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 5m memory: 150Mi containerID: cri-o://82552876f044389cf755a7ce7768ad389c6515965a0eec611d9d5c26536f4bb6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b1d74f1177673f5972ed75bc1c4a8362e0cfd29d5a9713b183e573a7827903f3 lastState: {} name: prometheus-operator ready: true resources: requests: cpu: 5m memory: 150Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:09Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-kgvdw readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.143.192 hostIPs: - ip: 10.0.143.192 observedGeneration: 1 phase: Running podIP: 10.132.0.19 podIPs: - ip: 10.132.0.19 qosClass: Burstable startTime: "2026-06-05T15:12:06Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.16/23"],"mac_address":"0a:58:0a:85:00:10","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.16/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.16" ], "mac": "0a:58:0a:85:00:10", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T15:12:02Z" generateName: prometheus-operator-admission-webhook-5b6b8f594- generation: 1 labels: app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator-admission-webhook app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.87.0 pod-template-hash: 5b6b8f594 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-131-172 operation: Update subresource: status time: "2026-06-05T15:12:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"513b4f4b-a195-480f-8523-0b936a75f6b1"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"prometheus-operator-admission-webhook"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certificates"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:04Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.16"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:05Z" name: prometheus-operator-admission-webhook-5b6b8f594-8nrv5 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: prometheus-operator-admission-webhook-5b6b8f594 uid: 513b4f4b-a195-480f-8523-0b936a75f6b1 resourceVersion: "9427" uid: bb08227c-94ba-4cf2-a389-a5bc084f43ae spec: automountServiceAccountToken: false containers: - args: - --web.enable-tls=true - --web.cert-file=/etc/tls/private/tls.crt - --web.key-file=/etc/tls/private/tls.key - --web.tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --web.tls-min-version=VersionTLS12 - --name-validation-scheme=utf8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: prometheus-operator-admission-webhook ports: - containerPort: 8443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 5m memory: 30Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: tls-certificates readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: prometheus-operator-admission-webhook-dockercfg-6n2qb nodeName: ip-10-0-131-172.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000460000 seLinuxOptions: level: s0:c21,c20 seccompProfile: type: RuntimeDefault serviceAccount: prometheus-operator-admission-webhook serviceAccountName: prometheus-operator-admission-webhook terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certificates secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: prometheus-operator-admission-webhook-tls status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:05Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:02Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:05Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:05Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:02Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 5m memory: 30Mi containerID: cri-o://4e12dc47f1fb3a9fdd8e282e37b48edde6e8261eaf43cab9ae473a7344c41aa8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 lastState: {} name: prometheus-operator-admission-webhook ready: true resources: requests: cpu: 5m memory: 30Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:05Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: tls-certificates readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.172 hostIPs: - ip: 10.0.131.172 observedGeneration: 1 phase: Running podIP: 10.133.0.16 podIPs: - ip: 10.133.0.16 qosClass: Burstable startTime: "2026-06-05T15:12:02Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.12/23"],"mac_address":"0a:58:0a:86:00:0c","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.12/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.12" ], "mac": "0a:58:0a:86:00:0c", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user telemeter-token-hash: butacvri7eo95 creationTimestamp: "2026-06-05T15:12:17Z" generateName: telemeter-client-78dc664dbc- generation: 1 labels: app.kubernetes.io/component: telemetry-metrics-collector app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: telemeter-client app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 78dc664dbc managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-138-97 operation: Update subresource: status time: "2026-06-05T15:12:17Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:telemeter-token-hash: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"f2a12bc7-cf65-4972-a4c0-91bf1ae07245"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"reload"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"name":"telemeter-client"}: .: {} f:command: {} f:env: .: {} k:{"name":"ANONYMIZE_LABELS"}: .: {} f:name: {} k:{"name":"FROM"}: .: {} f:name: {} f:value: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"ID"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"TO"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/telemeter"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"federate-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-telemeter-client"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-telemeter-client-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"telemeter-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemeter-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:17Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:17Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.12"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:21Z" name: telemeter-client-78dc664dbc-k47v6 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: telemeter-client-78dc664dbc uid: f2a12bc7-cf65-4972-a4c0-91bf1ae07245 resourceVersion: "10252" uid: ba5ecd83-51b0-41f5-bbfa-a50ffc1f4312 spec: containers: - command: - /usr/bin/telemeter-client - --id=$(ID) - --from=$(FROM) - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --from-ca-file=/etc/serving-certs-ca-bundle/service-ca.crt - --from-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token - --to=$(TO) - --to-token-file=/etc/telemeter/token - --listen=localhost:8080 - --anonymize-salt-file=/etc/telemeter/salt - --anonymize-labels=$(ANONYMIZE_LABELS) - --match={__name__=~"cluster:usage:.*"} - --match={__name__="count:up0"} - --match={__name__="count:up1"} - --match={__name__="cluster_version"} - --match={__name__="cluster_version_available_updates"} - --match={__name__="cluster_version_capability"} - --match={__name__="cluster_operator_up"} - --match={__name__="cluster_operator_conditions"} - --match={__name__="cluster_version_payload"} - --match={__name__="cluster_installer"} - --match={__name__="cluster_infrastructure_provider"} - --match={__name__="cluster_feature_set"} - --match={__name__="instance:etcd_object_counts:sum"} - --match={__name__="ALERTS",alertstate="firing",severity=~"critical|warning|info|none"} - --match={__name__="code:apiserver_request_total:rate:sum"} - --match={__name__="cluster:capacity_cpu_cores:sum"} - --match={__name__="cluster:capacity_memory_bytes:sum"} - --match={__name__="cluster:cpu_usage_cores:sum"} - --match={__name__="cluster:memory_usage_bytes:sum"} - --match={__name__="openshift:cpu_usage_cores:sum"} - --match={__name__="openshift:memory_usage_bytes:sum"} - --match={__name__="workload:cpu_usage_cores:sum"} - --match={__name__="workload:memory_usage_bytes:sum"} - --match={__name__="cluster:virt_platform_nodes:sum"} - --match={__name__="cluster:node_instance_type_count:sum"} - --match={__name__="cnv:vmi_status_running:count"} - --match={__name__="cnv_abnormal", reason=~"memory_working_set_delta_from_request|memory_rss_delta_from_request"} - --match={__name__="cluster:vmi_request_cpu_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_sockets:sum"} - --match={__name__="subscription_sync_total"} - --match={__name__="olm_resolution_duration_seconds"} - --match={__name__="csv_succeeded"} - --match={__name__="csv_abnormal"} - --match={__name__="cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum"} - --match={__name__="cluster:kubelet_volume_stats_used_bytes:provisioner:sum"} - --match={__name__="ceph_cluster_total_bytes"} - --match={__name__="ceph_cluster_total_used_raw_bytes"} - --match={__name__="ceph_health_status"} - --match={__name__="odf_system_raw_capacity_total_bytes"} - --match={__name__="odf_system_raw_capacity_used_bytes"} - --match={__name__="odf_system_health_status"} - --match={__name__="job:ceph_osd_metadata:count"} - --match={__name__="job:kube_pv:count"} - --match={__name__="job:odf_system_pvs:count"} - --match={__name__="job:ceph_pools_iops:total"} - --match={__name__="job:ceph_pools_iops_bytes:total"} - --match={__name__="job:ceph_versions_running:count"} - --match={__name__="job:noobaa_total_unhealthy_buckets:sum"} - --match={__name__="job:noobaa_bucket_count:sum"} - --match={__name__="job:noobaa_total_object_count:sum"} - --match={__name__="odf_system_bucket_count", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="odf_system_objects_total", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="noobaa_accounts_num"} - --match={__name__="noobaa_total_usage"} - --match={__name__="console_url"} - --match={__name__="cluster:console_auth_login_requests_total:sum"} - --match={__name__="cluster:console_auth_login_successes_total:sum"} - --match={__name__="cluster:console_auth_login_failures_total:sum"} - --match={__name__="cluster:console_auth_logout_requests_total:sum"} - --match={__name__="cluster:console_usage_users:max"} - --match={__name__="cluster:console_plugins_info:max"} - --match={__name__="cluster:console_customization_perspectives_info:max"} - --match={__name__="cluster:ovnkube_controller_egress_routing_via_host:max"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Pass|Allow|Deny"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Allow|Deny"} - --match={__name__="cluster:network_attachment_definition_instances:max"} - --match={__name__="cluster:network_attachment_definition_enabled_instance_up:max"} - --match={__name__="cluster:ingress_controller_aws_nlb_active:sum"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:min"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:max"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:avg"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:median"} - --match={__name__="cluster:openshift_route_info:tls_termination:sum"} - --match={__name__="openshift:gateway_api_usage:count",gateway_class_type=~"openshift|not-openshift"} - --match={__name__="insightsclient_request_send_total"} - --match={__name__="cam_app_workload_migrations"} - --match={__name__="cluster:apiserver_current_inflight_requests:sum:max_over_time:2m"} - --match={__name__="cluster:alertmanager_integrations:max"} - --match={__name__="cluster:telemetry_selected_series:count"} - --match={__name__="openshift:prometheus_tsdb_head_series:sum"} - --match={__name__="openshift:prometheus_tsdb_head_samples_appended_total:sum"} - --match={__name__="monitoring:container_memory_working_set_bytes:sum"} - --match={__name__="namespace_job:scrape_series_added:topk3_sum1h"} - --match={__name__="namespace_job:scrape_samples_post_metric_relabeling:topk3"} - --match={__name__="monitoring:haproxy_server_http_responses_total:sum"} - --match={__name__="profile:cluster_monitoring_operator_collection_profile:max"} - --match={__name__="vendor_model:node_accelerator_cards:sum",vendor=~"NVIDIA|AMD|GAUDI|INTEL|QUALCOMM|Marvell|Mellanox"} - --match={__name__="rhmi_status"} - --match={__name__="status:upgrading:version:rhoam_state:max"} - --match={__name__="state:rhoam_critical_alerts:max"} - --match={__name__="state:rhoam_warning_alerts:max"} - --match={__name__="rhoam_7d_slo_percentile:max"} - --match={__name__="rhoam_7d_slo_remaining_error_budget:max"} - --match={__name__="cluster_legacy_scheduler_policy"} - --match={__name__="cluster_master_schedulable"} - --match={__name__="che_workspace_status"} - --match={__name__="che_workspace_started_total"} - --match={__name__="che_workspace_failure_total"} - --match={__name__="che_workspace_start_time_seconds_sum"} - --match={__name__="che_workspace_start_time_seconds_count"} - --match={__name__="cco_credentials_mode"} - --match={__name__="cluster:kube_persistentvolume_plugin_type_counts:sum"} - --match={__name__="acm_managed_cluster_info"} - --match={__name__="acm_managed_cluster_worker_cores:max"} - --match={__name__="acm_console_page_count:sum", page=~"overview-classic|overview-fleet|search|search-details|clusters|application|governance"} - --match={__name__="cluster:vsphere_vcenter_info:sum"} - --match={__name__="cluster:vsphere_esxi_version_total:sum"} - --match={__name__="cluster:vsphere_node_hw_version_total:sum"} - --match={__name__="openshift:build_by_strategy:sum"} - --match={__name__="rhods_aggregate_availability"} - --match={__name__="rhods_total_users"} - --match={__name__="instance:etcd_disk_wal_fsync_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_bytes:sum"} - --match={__name__="instance:etcd_network_peer_round_trip_time_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_use_in_bytes:sum"} - --match={__name__="instance:etcd_disk_backend_commit_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="jaeger_operator_instances_storage_types"} - --match={__name__="jaeger_operator_instances_strategies"} - --match={__name__="jaeger_operator_instances_agent_strategies"} - --match={__name__="type:tempo_operator_tempostack_storage_backend:sum",type=~"azure|gcs|s3"} - --match={__name__="state:tempo_operator_tempostack_managed:sum",state=~"Managed|Unmanaged"} - --match={__name__="type:tempo_operator_tempostack_multi_tenancy:sum",type=~"static|openshift|disabled"} - --match={__name__="enabled:tempo_operator_tempostack_jaeger_ui:sum",enabled=~"true|false"} - --match={__name__="type:opentelemetry_collector_receivers:sum",type=~"jaeger|hostmetrics|opencensus|prometheus|zipkin|kafka|filelog|journald|k8sevents|kubeletstats|k8scluster|k8sobjects|otlp"} - --match={__name__="type:opentelemetry_collector_exporters:sum",type=~"debug|logging|otlp|otlphttp|prometheus|lokiexporter|kafka|awscloudwatchlogs|loadbalancing"} - --match={__name__="type:opentelemetry_collector_processors:sum",type=~"batch|memorylimiter|attributes|resource|span|k8sattributes|resourcedetection|filter|routing|cumulativetodelta|groupbyattrs"} - --match={__name__="type:opentelemetry_collector_extensions:sum",type=~"zpages|ballast|memorylimiter|jaegerremotesampling|healthcheck|pprof|oauth2clientauth|oidcauth|bearertokenauth|filestorage"} - --match={__name__="type:opentelemetry_collector_connectors:sum",type=~"spanmetrics|forward"} - --match={__name__="type:opentelemetry_collector_info:sum",type=~"deployment|daemonset|sidecar|statefulset"} - --match={__name__="appsvcs:cores_by_product:sum"} - --match={__name__="nto_custom_profiles:count"} - --match={__name__="openshift_csi_share_configmap"} - --match={__name__="openshift_csi_share_secret"} - --match={__name__="openshift_csi_share_mount_failures_total"} - --match={__name__="openshift_csi_share_mount_requests_total"} - --match={__name__="eo_es_storage_info"} - --match={__name__="eo_es_redundancy_policy_info"} - --match={__name__="eo_es_defined_delete_namespaces_total"} - --match={__name__="eo_es_misconfigured_memory_resources_info"} - --match={__name__="cluster:eo_es_data_nodes_total:max"} - --match={__name__="cluster:eo_es_documents_created_total:sum"} - --match={__name__="cluster:eo_es_documents_deleted_total:sum"} - --match={__name__="pod:eo_es_shards_total:max"} - --match={__name__="eo_es_cluster_management_state_info"} - --match={__name__="imageregistry:imagestreamtags_count:sum"} - --match={__name__="imageregistry:operations_count:sum"} - --match={__name__="log_logging_info"} - --match={__name__="log_collector_error_count_total"} - --match={__name__="log_forwarder_pipeline_info"} - --match={__name__="log_forwarder_input_info"} - --match={__name__="log_forwarder_output_info"} - --match={__name__="cluster:log_collected_bytes_total:sum"} - --match={__name__="cluster:log_logged_bytes_total:sum"} - --match={__name__="openshift_logging:log_forwarder_pipelines:sum"} - --match={__name__="openshift_logging:log_forwarders:sum"} - --match={__name__="openshift_logging:log_forwarder_input_type:sum"} - --match={__name__="openshift_logging:log_forwarder_output_type:sum"} - --match={__name__="openshift_logging:vector_component_received_bytes_total:rate5m"} - --match={__name__="cluster:kata_monitor_running_shim_count:sum"} - --match={__name__="platform:hypershift_hostedclusters:max"} - --match={__name__="platform:hypershift_nodepools:max"} - --match={__name__="cluster_name:hypershift_nodepools_size:sum"} - --match={__name__="cluster_name:hypershift_nodepools_available_replicas:sum"} - --match={__name__="namespace:noobaa_unhealthy_bucket_claims:max"} - --match={__name__="namespace:noobaa_buckets_claims:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_resources:max"} - --match={__name__="namespace:noobaa_namespace_resources:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_buckets:max"} - --match={__name__="namespace:noobaa_namespace_buckets:max"} - --match={__name__="namespace:noobaa_accounts:max"} - --match={__name__="namespace:noobaa_usage:max"} - --match={__name__="namespace:noobaa_system_health_status:max"} - --match={__name__="ocs_advanced_feature_usage"} - --match={__name__="os_image_url_override:sum"} - --match={__name__="cluster:mcd_nodes_with_unsupported_packages:count"} - --match={__name__="cluster:mcd_total_unsupported_packages:sum"} - --match={__name__="cluster:vsphere_topology_tags:max"} - --match={__name__="cluster:vsphere_infrastructure_failure_domains:max"} - --match={__name__="apiserver_list_watch_request_success_total:rate:sum", verb=~"LIST|WATCH"} - --match={__name__="rhacs:telemetry:rox_central_info"} - --match={__name__="rhacs:telemetry:rox_central_secured_clusters"} - --match={__name__="rhacs:telemetry:rox_central_secured_nodes"} - --match={__name__="rhacs:telemetry:rox_central_secured_vcpus"} - --match={__name__="rhacs:telemetry:rox_sensor_info"} - --match={__name__="cluster:volume_manager_selinux_pod_context_mismatch_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_warnings_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_errors_total"} - --match={__name__="cluster:volume_manager_selinux_volumes_admitted_total"} - --match={__name__="ols:provider_model_configuration"} - --match={__name__="ols:rest_api_query_calls_total:2xx"} - --match={__name__="ols:rest_api_query_calls_total:4xx"} - --match={__name__="ols:rest_api_query_calls_total:5xx"} - --match={__name__="openshift:openshift_network_operator_ipsec_state:info"} - --match={__name__="cluster:health:group_severity:count", severity=~"critical|warning|info|none"} - --match={__name__="cluster:controlplane_topology:info", mode=~"HighlyAvailable|HighlyAvailableArbiter|SingleReplica|DualReplica|External"} - --match={__name__="cluster:infrastructure_topology:info", mode=~"HighlyAvailable|SingleReplica"} - --match={__name__="cluster:selinux_warning_controller_selinux_volume_conflict:count"} - --match={__name__="cluster:mtv_migrations_status_total:sum", provider=~"ova|vsphere|openstack|openshift|ovirt|awsec2", target=~"Local|Remote", mode=~"Cold|Warm|RCM", status=~"Succeeded|Failed|Canceled"} - --limit-bytes=5242880 env: - name: ANONYMIZE_LABELS - name: FROM value: https://prometheus-k8s.openshift-monitoring.svc:9091 - name: ID value: ac509095-a2a5-422d-a9a2-3a217e26441a - name: TO value: https://infogw.api.openshift.com/ - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 imagePullPolicy: IfNotPresent name: telemeter-client ports: - containerPort: 8080 name: http protocol: TCP resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /etc/telemeter name: secret-telemeter-client - mountPath: /etc/tls/private name: federate-client-tls - mountPath: /etc/pki/ca-trust/extracted/pem/ name: telemeter-trusted-ca-bundle readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-r2f62 readOnly: true - args: - --reload-url=http://localhost:8080/-/reload - --watched-dir=/etc/serving-certs-ca-bundle image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: reload resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-r2f62 readOnly: true - args: - --secure-listen-address=:8443 - --upstream=http://127.0.0.1:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: telemeter-client-tls - mountPath: /etc/kube-rbac-policy name: secret-telemeter-client-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-r2f62 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: telemeter-client-dockercfg-nsdf4 nodeName: ip-10-0-138-97.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000460000 seLinuxOptions: level: s0:c21,c20 seccompProfile: type: RuntimeDefault serviceAccount: telemeter-client serviceAccountName: telemeter-client terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 name: telemeter-client-serving-certs-ca-bundle name: serving-certs-ca-bundle - name: secret-telemeter-client secret: defaultMode: 420 secretName: telemeter-client - name: telemeter-client-tls secret: defaultMode: 420 secretName: telemeter-client-tls - name: federate-client-tls secret: defaultMode: 420 secretName: federate-client-certs - name: secret-telemeter-client-kube-rbac-proxy-config secret: defaultMode: 420 secretName: telemeter-client-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: telemeter-trusted-ca-bundle-8i12ta5c71j38 optional: true name: telemeter-trusted-ca-bundle - name: kube-api-access-r2f62 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:21Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:17Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:21Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:21Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:17Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://a7e1368fd16b731f47fd3b1b0e4ff682b15321092901f20fb92060ce522e33ae image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:21Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: telemeter-client-tls - mountPath: /etc/kube-rbac-policy name: secret-telemeter-client-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-r2f62 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://d27aed2bab8cecb815449bf0937edd5fb58994b506afef7adaaa7518c5547b67 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: reload ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:21Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-r2f62 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 40Mi containerID: cri-o://796460bf6926dd66ef511397ba22b3c43a40751c9d623ef3cb863a260cca1191 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:35da2ec719f2e4e8e93b0fc2b4727287aa13298d1731d73ce391d556f153e027 lastState: {} name: telemeter-client ready: true resources: requests: cpu: 1m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:20Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /etc/telemeter name: secret-telemeter-client - mountPath: /etc/tls/private name: federate-client-tls - mountPath: /etc/pki/ca-trust/extracted/pem/ name: telemeter-trusted-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-r2f62 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.138.97 hostIPs: - ip: 10.0.138.97 observedGeneration: 1 phase: Running podIP: 10.134.0.12 podIPs: - ip: 10.134.0.12 qosClass: Burstable startTime: "2026-06-05T15:12:17Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.21/23"],"mac_address":"0a:58:0a:84:00:15","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.21/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.21" ], "mac": "0a:58:0a:84:00:15", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T15:12:13Z" generateName: thanos-querier-586bcbf598- generation: 1 labels: app.kubernetes.io/component: query-layer app.kubernetes.io/instance: thanos-querier app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: thanos-query app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.39.2 pod-template-hash: 586bcbf598 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-143-192 operation: Update subresource: status time: "2026-06-05T15:12:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"45bc1c57-25be-40c1-8a38-fa934669c0d6"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-rules"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9093,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} k:{"name":"thanos-query"}: .: {} f:args: {} f:env: .: {} k:{"name":"HOST_IP_ADDRESS"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-metrics"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-rules"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:12:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T15:12:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.21"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T15:12:28Z" name: thanos-querier-586bcbf598-jd4lm namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: thanos-querier-586bcbf598 uid: 45bc1c57-25be-40c1-8a38-fa934669c0d6 resourceVersion: "10435" uid: 24c6858b-4be2-4ed0-a028-faa6c64071fb spec: containers: - args: - query - --grpc-address=127.0.0.1:10901 - --http-address=127.0.0.1:9090 - --log.format=logfmt - --query.replica-label=prometheus_replica - --query.replica-label=thanos_ruler_replica - --endpoint=dnssrv+_grpc._tcp.prometheus-operated.openshift-monitoring.svc.cluster.local - --query.auto-downsampling - --store.sd-dns-resolver=miekgdns - --grpc-client-tls-secure - --grpc-client-tls-cert=/etc/tls/grpc/client.crt - --grpc-client-tls-key=/etc/tls/grpc/client.key - --grpc-client-tls-ca=/etc/tls/grpc/ca.crt - --grpc-client-server-name=prometheus-grpc - --web.disable-cors env: - name: HOST_IP_ADDRESS valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imagePullPolicy: IfNotPresent name: thanos-query ports: - containerPort: 9090 name: http protocol: TCP resources: requests: cpu: 10m memory: 12Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000460000 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 4 httpGet: path: /-/healthy port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP readinessProbe: failureThreshold: 20 httpGet: path: /-/ready port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/query,/api/v1/query_range,/api/v1/labels,/api/v1/label/*/values,/api/v1/series - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true - args: - --insecure-listen-address=127.0.0.1:9095 - --upstream=http://127.0.0.1:9090 - --label=namespace - --enable-label-apis - --error-on-replace - --rules-with-active-alerts - --enable-label-matchers-for-rules-api image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true - args: - --secure-listen-address=0.0.0.0:9093 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/rules,/api/v1/alerts - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-rules ports: - containerPort: 9093 name: tenancy-rules protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-rules - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true - args: - --secure-listen-address=0.0.0.0:9094 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metrics ports: - containerPort: 9094 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000460000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-metrics - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: thanos-querier-dockercfg-4xd5p nodeName: ip-10-0-143-192.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000460000 runAsNonRoot: true seLinuxOptions: level: s0:c21,c20 seccompProfile: type: RuntimeDefault serviceAccount: thanos-querier serviceAccountName: thanos-querier terminationGracePeriodSeconds: 120 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: secret-thanos-querier-tls secret: defaultMode: 420 secretName: thanos-querier-tls - name: secret-thanos-querier-kube-rbac-proxy secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy - name: secret-thanos-querier-kube-rbac-proxy-web secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-web - name: secret-thanos-querier-kube-rbac-proxy-rules secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-rules - name: secret-thanos-querier-kube-rbac-proxy-metrics secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-metrics - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: secret-grpc-tls secret: defaultMode: 420 secretName: thanos-querier-grpc-tls-b7thu30nrtsh2 - name: kube-api-access-pp8vh projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:26Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:13Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:28Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:28Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T15:12:13Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://f5959a11b7c82aa7f7599212e24b1ef810df0d80ef4b4180a7ce56ab4c7e36cd image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://2393e7aaddd6ff834c50e9eef446ff3e9b4075445a3227d1140536a0eb804fbf image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-metrics ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:25Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-metrics - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://52fc9b434ef6c13b045f7964184657fd7f30cba783ba47147af03e84ef534b4a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-rules ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:25Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-rules - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://ebbc95fd57c27772a00d09bf9b5b806926472c9369fc53914d0cf884b1aaa7f8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://df1f8b00cbb8224b3002f674abbd83afc23d49fb4736c175383a348a25a8c379 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd lastState: {} name: prom-label-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:25Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 10m memory: 12Mi containerID: cri-o://2691a379026633da8e7f0a13cb5fd8cee55c14756c607c9f2e24fef56196d48b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:640fefc608be90a772c385f404c6385b035e679a671f1861810ac7d1db805f84 lastState: {} name: thanos-query ready: true resources: requests: cpu: 10m memory: 12Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T15:12:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000460000 uid: 1000460000 volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pp8vh readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.143.192 hostIPs: - ip: 10.0.143.192 observedGeneration: 1 phase: Running podIP: 10.132.0.21 podIPs: - ip: 10.132.0.21 qosClass: Burstable startTime: "2026-06-05T15:12:13Z" kind: PodList metadata: resourceVersion: "51038"