--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.23/23"],"mac_address":"0a:58:0a:84:00:17","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.23/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.23" ], "mac": "0a:58:0a:84:00:17", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: alertmanager openshift.io/required-scc: nonroot openshift.io/scc: nonroot security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-11T15:23:30Z" generateName: alertmanager-main- generation: 1 labels: alertmanager: main app.kubernetes.io/component: alert-router app.kubernetes.io/instance: main app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.29.0 apps.kubernetes.io/pod-index: "0" controller-revision-hash: alertmanager-main-7bb6dd5d84 statefulset.kubernetes.io/pod-name: alertmanager-main-0 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-142-103 operation: Update subresource: status time: "2026-06-11T15:23:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:alertmanager: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:apps.kubernetes.io/pod-index: {} f:controller-revision-hash: {} f:statefulset.kubernetes.io/pod-name: {} f:ownerReferences: .: {} k:{"uid":"e828a79c-c647-4205-bedb-b65213df7426"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"alertmanager"}: .: {} f:args: {} f:env: .: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9094,"protocol":"UDP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/alertmanager"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metric"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9097,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9095,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostname: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:subdomain: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"alertmanager-main-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"alertmanager-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"cluster-tls-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"config-volume"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-alertmanager-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-metric"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-main-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:23:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:23:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.23"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:23:32Z" name: alertmanager-main-0 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: alertmanager-main uid: e828a79c-c647-4205-bedb-b65213df7426 resourceVersion: "11572" uid: 3046e6a7-e53c-4e70-b9e0-ae5c9dd229bf spec: automountServiceAccountToken: true containers: - args: - --config.file=/etc/alertmanager/config_out/alertmanager.env.yaml - --storage.path=/alertmanager - --data.retention=120h - --cluster.listen-address= - --web.listen-address=127.0.0.1:9093 - --web.external-url=https://console-openshift-console.apps.0fa2c7de-5e3d-4367-9d71-0b0771b1c7ed.prod.konfluxeaas.com/monitoring - --web.route-prefix=/ - --cluster.label=openshift-monitoring/main - --cluster.peer=alertmanager-main-0.alertmanager-operated:9094 - --cluster.reconnect-timeout=5m - --web.config.file=/etc/alertmanager/web_config/web-config.yaml env: - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 imagePullPolicy: IfNotPresent name: alertmanager ports: - containerPort: 9094 name: mesh-tcp protocol: TCP - containerPort: 9094 name: mesh-udp protocol: UDP resources: requests: cpu: 4m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume - mountPath: /etc/alertmanager/config_out name: config-out readOnly: true - mountPath: /etc/alertmanager/certs name: tls-assets readOnly: true - mountPath: /alertmanager name: alertmanager-main-db - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem/ name: alertmanager-trusted-ca-bundle - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml name: cluster-tls-config readOnly: true subPath: cluster-tls-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true - args: - --listen-address=localhost:8080 - --web-config-file=/etc/alertmanager/web_config/web-config.yaml - --reload-url=http://localhost:9093/-/reload - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true - args: - --secure-listen-address=0.0.0.0:9095 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9095 name: web protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9096 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy - mountPath: /etc/tls/private name: secret-alertmanager-main-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true - args: - --secure-listen-address=0.0.0.0:9097 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metric ports: - containerPort: 9097 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true - args: - --insecure-listen-address=127.0.0.1:9096 - --upstream=http://127.0.0.1:9093 - --label=namespace - --error-on-replace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 20Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: alertmanager-main-0 imagePullSecrets: - name: alertmanager-main-dockercfg-ddwbg initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-init protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true nodeName: ip-10-0-142-103.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c21,c15 serviceAccount: alertmanager-main serviceAccountName: alertmanager-main subdomain: alertmanager-operated terminationGracePeriodSeconds: 120 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: config-volume secret: defaultMode: 420 secretName: alertmanager-main-generated - name: tls-assets projected: defaultMode: 420 sources: - secret: name: alertmanager-main-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-alertmanager-main-tls secret: defaultMode: 420 secretName: alertmanager-main-tls - name: secret-alertmanager-kube-rbac-proxy secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy - name: secret-alertmanager-kube-rbac-proxy-metric secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-metric - name: secret-alertmanager-kube-rbac-proxy-web secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-web - name: web-config secret: defaultMode: 420 secretName: alertmanager-main-web-config - name: cluster-tls-config secret: defaultMode: 420 secretName: alertmanager-main-cluster-tls-config - emptyDir: {} name: alertmanager-main-db - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: alertmanager-trusted-ca-bundle name: alertmanager-trusted-ca-bundle - name: kube-api-access-mfxjr projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:23:31Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:23:31Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:23:32Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:23:32Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:23:30Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 4m memory: 40Mi containerID: cri-o://986fecd00ef950aab477cdae21fbd2bf8d699880ada57b99834a56cc58b75b44 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 lastState: {} name: alertmanager ready: true resources: requests: cpu: 4m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume - mountPath: /etc/alertmanager/config_out name: config-out readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/certs name: tls-assets readOnly: true recursiveReadOnly: Disabled - mountPath: /alertmanager name: alertmanager-main-db - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem/ name: alertmanager-trusted-ca-bundle - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml name: cluster-tls-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://6aacbca9070dafaf23f0d6bba8e37e72d400c44cb0ed38fc5d6d3ed12bef17a5 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://73c504d42e4de165bf818f71934b41eec2623b41d5327438f649868fb7f56695 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy - mountPath: /etc/tls/private name: secret-alertmanager-main-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://2045c3d4b644ec78882c0bde246a0779b55260321c0843478f786b1514d43228 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-metric ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://a6269bc28da38b0fe192603459e966abb10f02b890d9023580d8f588accd5952 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://b1d1b70ef22644d6d65e9725d6cd648fde97f59a69427dd13e1985784341dc57 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd lastState: {} name: prom-label-proxy ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:32Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.142.103 hostIPs: - ip: 10.0.142.103 initContainerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://af8f6f14872470d7c2c86eed24821e6537237c9590be7f286c26e50cfa7705bc image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: init-config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: false state: terminated: containerID: cri-o://af8f6f14872470d7c2c86eed24821e6537237c9590be7f286c26e50cfa7705bc exitCode: 0 finishedAt: "2026-06-11T15:23:31Z" reason: Completed startedAt: "2026-06-11T15:23:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mfxjr readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.132.0.23 podIPs: - ip: 10.132.0.23 qosClass: Burstable startTime: "2026-06-11T15:23:30Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.10/23"],"mac_address":"0a:58:0a:85:00:0a","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.10/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.10" ], "mac": "0a:58:0a:85:00:0a", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-11T15:21:31Z" generateName: cluster-monitoring-operator-74bbf69bbb- generation: 1 labels: app: cluster-monitoring-operator app.kubernetes.io/name: cluster-monitoring-operator app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 74bbf69bbb managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-130-159 operation: Update subresource: status time: "2026-06-11T15:21:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"ecaab83a-c68f-418a-ac05-239be8582cc0"}: {} f:spec: f:containers: k:{"name":"cluster-monitoring-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-monitoring-operator/telemetry"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cluster-monitoring-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemetry-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:21:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:21:47Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.10"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:21:48Z" name: cluster-monitoring-operator-74bbf69bbb-gmz4n namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-monitoring-operator-74bbf69bbb uid: ecaab83a-c68f-418a-ac05-239be8582cc0 resourceVersion: "8893" uid: 9a4dff88-fca9-4c48-a242-75b2c18c2502 spec: containers: - args: - -namespace=openshift-monitoring - -namespace-user-workload=openshift-user-workload-monitoring - -configmap=cluster-monitoring-config - -release-version=$(RELEASE_VERSION) - -v=2 - -cert-file=/etc/tls/private/tls.crt - -key-file=/etc/tls/private/tls.key - -images=prometheus-operator=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 - -images=prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 - -images=prometheus-operator-admission-webhook=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 - -images=configmap-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3068d66b76b04572a3ca4be20cbe477525f5191ded00e0b088f7932a17e0b30d - -images=prometheus=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b - -images=alertmanager=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 - -images=node-exporter=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d - -images=kube-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b35a804998bcf5aed75b961bcc669dc7ebb6ecf4ea9fe4fcf81a51780e9659b - -images=openshift-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda - -images=kube-rbac-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea - -images=telemeter-client=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 - -images=prom-label-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd - -images=thanos=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 - -images=monitoring-plugin=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a - -images=kube-metrics-server=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 env: - name: RELEASE_VERSION value: 4.21.19 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:918cf797d0e81470ae4575ebf4df4b189cb24f06173893277d417b74fdd2f83f imagePullPolicy: IfNotPresent name: cluster-monitoring-operator ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 75Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: cluster-monitoring-operator-tls readOnly: true - mountPath: /etc/cluster-monitoring-operator/telemetry name: telemetry-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7mmqg readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: cluster-monitoring-operator-dockercfg-9qcdb nodeName: ip-10-0-130-159.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: cluster-monitoring-operator serviceAccountName: cluster-monitoring-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - configMap: defaultMode: 420 name: telemetry-config name: telemetry-config - name: cluster-monitoring-operator-tls secret: defaultMode: 420 secretName: cluster-monitoring-operator-tls - name: kube-api-access-7mmqg projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:21:48Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:21:31Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:21:48Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:21:48Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:21:31Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 75Mi containerID: cri-o://a31703da2ff7dec84e41bbd77fd1f0855c9ec2a8e03f0a7f3d1a2b8cc37e9088 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:918cf797d0e81470ae4575ebf4df4b189cb24f06173893277d417b74fdd2f83f imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7254a8c04e9f17465009044222270016263daaa27825aa3f0fc3a37876b2567b lastState: {} name: cluster-monitoring-operator ready: true resources: requests: cpu: 10m memory: 75Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:21:48Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: cluster-monitoring-operator-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cluster-monitoring-operator/telemetry name: telemetry-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7mmqg readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.130.159 hostIPs: - ip: 10.0.130.159 observedGeneration: 1 phase: Running podIP: 10.133.0.10 podIPs: - ip: 10.133.0.10 qosClass: Burstable startTime: "2026-06-11T15:21:31Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.19/23"],"mac_address":"0a:58:0a:85:00:13","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.19/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.19" ], "mac": "0a:58:0a:85:00:13", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: kube-state-metrics openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-11T15:22:08Z" generateName: kube-state-metrics-57bbf8bfb5- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 2.17.0 pod-template-hash: 57bbf8bfb5 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-130-159 operation: Update subresource: status time: "2026-06-11T15:22:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"123a2376-49d0-4eb9-bede-5c76cbb3726d"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-state-metrics"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"kube-state-metrics-custom-resource-state-configmap"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"kube-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"kube-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"volume-directive-shadow"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:22:09Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.19"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:19Z" name: kube-state-metrics-57bbf8bfb5-7574c namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-state-metrics-57bbf8bfb5 uid: 123a2376-49d0-4eb9-bede-5c76cbb3726d resourceVersion: "10222" uid: f822839e-6337-42bc-9ac8-4e8f499b60ad spec: automountServiceAccountToken: true containers: - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - --custom-resource-state-config-file=/etc/kube-state-metrics/custom-resource-state-configmap.yaml - | --metric-denylist= ^kube_secret_labels$, ^kube_.+_annotations$, ^kube_customresource_.+_annotations_info$, ^kube_customresource_.+_labels_info$ - --metric-labels-allowlist=pods=[*],nodes=[*],namespaces=[*],persistentvolumes=[*],persistentvolumeclaims=[*],poddisruptionbudgets=[*] - | --metric-denylist= ^kube_.+_created$, ^kube_.+_metadata_resource_version$, ^kube_replicaset_metadata_generation$, ^kube_replicaset_status_observed_generation$, ^kube_pod_restart_policy$, ^kube_pod_init_container_status_terminated$, ^kube_pod_init_container_status_running$, ^kube_pod_container_status_terminated$, ^kube_pod_container_status_running$, ^kube_pod_completion_time$, ^kube_pod_status_scheduled$ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b35a804998bcf5aed75b961bcc669dc7ebb6ecf4ea9fe4fcf81a51780e9659b imagePullPolicy: IfNotPresent name: kube-state-metrics resources: requests: cpu: 2m memory: 80Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp name: volume-directive-shadow - mountPath: /etc/kube-state-metrics name: kube-state-metrics-custom-resource-state-configmap readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s8jd9 readOnly: true - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s8jd9 readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s8jd9 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-state-metrics-dockercfg-26gvt nodeName: ip-10-0-130-159.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: kube-state-metrics serviceAccountName: kube-state-metrics terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: volume-directive-shadow - name: kube-state-metrics-tls secret: defaultMode: 420 secretName: kube-state-metrics-tls - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: kube-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: kube-state-metrics-custom-resource-state-configmap name: kube-state-metrics-custom-resource-state-configmap - name: kube-api-access-s8jd9 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:19Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:08Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:19Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:19Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://fa4fa22065a8744c84e51ad7a16c68968aa3197522a296c44ebdc25896580300 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-main ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s8jd9 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://6ae9c6fed7e18f125a9e02f8c1171adb3d30d98a6a07ddd8f13e4053e03edca2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-self ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s8jd9 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 2m memory: 80Mi containerID: cri-o://982a8fd6345ce71bc114cb8afddfd1f06288bac8993125382155af4d1a715103 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b35a804998bcf5aed75b961bcc669dc7ebb6ecf4ea9fe4fcf81a51780e9659b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0fed5ae25f578830f8c74975b5e7a2fc75b362a09231066752cce55854eb9098 lastState: {} name: kube-state-metrics ready: true resources: requests: cpu: 2m memory: 80Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /tmp name: volume-directive-shadow - mountPath: /etc/kube-state-metrics name: kube-state-metrics-custom-resource-state-configmap readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s8jd9 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.130.159 hostIPs: - ip: 10.0.130.159 observedGeneration: 1 phase: Running podIP: 10.133.0.19 podIPs: - ip: 10.133.0.19 qosClass: Burstable startTime: "2026-06-11T15:22:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.20/23"],"mac_address":"0a:58:0a:84:00:14","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.20/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.20" ], "mac": "0a:58:0a:84:00:14", "default": true, "dns": {} }] monitoring.openshift.io/kubelet-serving-ca-bundle-hash: a6cvqmum26qnt monitoring.openshift.io/metrics-server-client-certs-hash: 805r4s1l0vr5u monitoring.openshift.io/serving-ca-secret-hash: cndvc4kipca0u openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-11T15:22:13Z" generateName: metrics-server-5ff99777bd- generation: 1 labels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 5ff99777bd managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-142-103 operation: Update subresource: status time: "2026-06-11T15:22:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:monitoring.openshift.io/kubelet-serving-ca-bundle-hash: {} f:monitoring.openshift.io/metrics-server-client-certs-hash: {} f:monitoring.openshift.io/serving-ca-secret-hash: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"335b400d-1af5-4523-b349-e64fb901da32"}: {} f:spec: f:containers: k:{"name":"metrics-server"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":10250,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/audit"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/client-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/metrics-server-client-certs"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/log/metrics-server"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"audit-log"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"client-ca-bundle"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"metrics-server-audit-profiles"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-metrics-server-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-server-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:22:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.20"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:53Z" name: metrics-server-5ff99777bd-vnhwf namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metrics-server-5ff99777bd uid: 335b400d-1af5-4523-b349-e64fb901da32 resourceVersion: "11265" uid: aee30fb5-015d-4369-95f6-7a163e3cdb1d spec: containers: - args: - --secure-port=10250 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-certificate-authority=/etc/tls/kubelet-serving-ca-bundle/ca-bundle.crt - --kubelet-client-certificate=/etc/tls/metrics-server-client-certs/tls.crt - --kubelet-client-key=/etc/tls/metrics-server-client-certs/tls.key - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --shutdown-send-retry-after=true - --shutdown-delay-duration=150s - --disable-http2-serving=true - --tls-min-version=VersionTLS12 - --client-ca-file=/etc/client-ca-bundle/client-ca-file - --requestheader-client-ca-file=/etc/client-ca-bundle/requestheader-client-ca-file - --requestheader-allowed-names=kube-apiserver-proxy,system:kube-apiserver-proxy,system:openshift-aggregator - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --audit-policy-file=/etc/audit/metadata-profile.yaml - --audit-log-path=/var/log/metrics-server/audit.log - --audit-log-maxsize=100 - --audit-log-maxbackup=5 - --audit-log-compress=true image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: metrics-server ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 6 httpGet: path: /livez port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000450000 startupProbe: failureThreshold: 6 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-server-client-certs name: secret-metrics-server-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-gwpgf readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: metrics-server-dockercfg-g5s6j nodeName: ip-10-0-142-103.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: metrics-server serviceAccountName: metrics-server terminationGracePeriodSeconds: 170 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: secret-metrics-server-client-certs secret: defaultMode: 420 secretName: metrics-server-client-certs - name: secret-metrics-server-tls secret: defaultMode: 420 secretName: metrics-server-tls - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - emptyDir: {} name: audit-log - configMap: defaultMode: 420 name: metrics-server-audit-profiles name: metrics-server-audit-profiles - name: client-ca-bundle secret: defaultMode: 420 secretName: metrics-server-er7b7mr8i921p - name: kube-api-access-gwpgf projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:15Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:13Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:53Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:53Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:13Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 40Mi containerID: cri-o://aff274628547ee9528a5be66af9bfeafb22b79bbd768a390a0ce85892936f6d2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 lastState: {} name: metrics-server ready: true resources: requests: cpu: 1m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:15Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-server-client-certs name: secret-metrics-server-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true recursiveReadOnly: Disabled - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-gwpgf readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.142.103 hostIPs: - ip: 10.0.142.103 observedGeneration: 1 phase: Running podIP: 10.132.0.20 podIPs: - ip: 10.132.0.20 qosClass: Burstable startTime: "2026-06-11T15:22:13Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.13/23"],"mac_address":"0a:58:0a:86:00:0d","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.13/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.13" ], "mac": "0a:58:0a:86:00:0d", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-11T15:22:13Z" generateName: monitoring-plugin-76b68cc874- generation: 1 labels: app.kubernetes.io/component: monitoring-plugin app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: monitoring-plugin app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 76b68cc874 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-131-203 operation: Update subresource: status time: "2026-06-11T15:22:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"77a66ca0-dfdd-4d03-aa01-ba52123eef81"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"monitoring-plugin"}: .: {} f:args: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/cert"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"monitoring-plugin-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:22:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.13"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:17Z" name: monitoring-plugin-76b68cc874-scnc4 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: monitoring-plugin-76b68cc874 uid: 77a66ca0-dfdd-4d03-aa01-ba52123eef81 resourceVersion: "10150" uid: f2d4b856-4ff8-4066-b807-8b9728a3d227 spec: automountServiceAccountToken: true containers: - args: - --config-path=/opt/app-root/web/dist - --static-path=/opt/app-root/web/dist - --cert=/var/cert/tls.crt - --key=/var/cert/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 command: - /opt/app-root/plugin-backend image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a imagePullPolicy: IfNotPresent name: monitoring-plugin ports: - containerPort: 9443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /health port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/cert name: monitoring-plugin-cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-z87nd readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: monitoring-plugin-dockercfg-xh8d8 nodeName: ip-10-0-131-203.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 runAsNonRoot: true seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: monitoring-plugin serviceAccountName: monitoring-plugin terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: monitoring-plugin-cert secret: defaultMode: 420 secretName: monitoring-plugin-cert - name: kube-api-access-z87nd projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:17Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:13Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:17Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:17Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:13Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 50Mi containerID: cri-o://0efacf3cf8c7bc1565f39c54eb87171cbc1a968a510df6e06b4e0fb17b7311d2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a lastState: {} name: monitoring-plugin ready: true resources: requests: cpu: 10m memory: 50Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:16Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/cert name: monitoring-plugin-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-z87nd readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.203 hostIPs: - ip: 10.0.131.203 observedGeneration: 1 phase: Running podIP: 10.134.0.13 podIPs: - ip: 10.134.0.13 qosClass: Burstable startTime: "2026-06-11T15:22:13Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-11T15:22:08Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"9947bb4c-bd7b-41c4-b1d2-c97f386afa68"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.130.159"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:20Z" name: node-exporter-gst2p namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: 9947bb4c-bd7b-41c4-b1d2-c97f386afa68 resourceVersion: "10264" uid: 54737ca6-14c2-42a7-ae0a-009d594ba15e spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-130-159.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-sppmg readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-sppmg readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-b7xsk initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-sppmg readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-130-159.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-sppmg projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:11Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:19Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:20Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:20Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://0ada5b6714aeb5e894526f009d5c1d546c49afc8133b3003ddee18597666a235 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:19Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-sppmg readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://60c23fbb374b381beb9ab33901d2e03e2c08bbd692ae263d6641cc7232e93648 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:19Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-sppmg readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.130.159 hostIPs: - ip: 10.0.130.159 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://51fef59efdb2c6fc668a20f88712912bb5dd713502ac09464576328733c69b88 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://51fef59efdb2c6fc668a20f88712912bb5dd713502ac09464576328733c69b88 exitCode: 0 finishedAt: "2026-06-11T15:22:10Z" reason: Completed startedAt: "2026-06-11T15:22:10Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-sppmg readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.130.159 podIPs: - ip: 10.0.130.159 qosClass: Burstable startTime: "2026-06-11T15:22:08Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-11T15:22:08Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"9947bb4c-bd7b-41c4-b1d2-c97f386afa68"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.131.203"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:12Z" name: node-exporter-jrxqq namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: 9947bb4c-bd7b-41c4-b1d2-c97f386afa68 resourceVersion: "9914" uid: bc716dcd-ff09-455b-b2a8-73809d3ca6f1 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-131-203.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnfkj readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnfkj readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-b7xsk initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnfkj readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-131-203.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-fnfkj projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:11Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:11Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:12Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:12Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://78c35b909e86be5acf3fe1f0dafe4e1ee38f762a04deaf82a812f90d187f6f0a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:11Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnfkj readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://82415eb448e92a85129019311d01a6273291f3751c2e5a6288ecf0c6ec12a0e0 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:11Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnfkj readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.203 hostIPs: - ip: 10.0.131.203 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://a46232701d49ff0438729768f30ec3c8673308735529b871066118bc109c535e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://a46232701d49ff0438729768f30ec3c8673308735529b871066118bc109c535e exitCode: 0 finishedAt: "2026-06-11T15:22:10Z" reason: Completed startedAt: "2026-06-11T15:22:10Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnfkj readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.131.203 podIPs: - ip: 10.0.131.203 qosClass: Burstable startTime: "2026-06-11T15:22:08Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-11T15:22:08Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"9947bb4c-bd7b-41c4-b1d2-c97f386afa68"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.142.103"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:11Z" name: node-exporter-l5ht2 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: 9947bb4c-bd7b-41c4-b1d2-c97f386afa68 resourceVersion: "9867" uid: ff833a9b-8ea3-4443-93f6-55d352977f46 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-142-103.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tbccl readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tbccl readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-b7xsk initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tbccl readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-142-103.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-tbccl projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:10Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:10Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:11Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:11Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://a5d967b435716efc4b474cc6dcb18c5510518be0fab72288639ddc0b367909b8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:10Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tbccl readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://c2c2b9ab8836473c75d0a6a4aedfbc95a700e8788da09c9a490a9f56e41bdf42 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:10Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tbccl readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.142.103 hostIPs: - ip: 10.0.142.103 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://f0a7f230e1666abfcd2336b9d71aa70ca43a4c570f2ae5acb826c525cda21fc3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://f0a7f230e1666abfcd2336b9d71aa70ca43a4c570f2ae5acb826c525cda21fc3 exitCode: 0 finishedAt: "2026-06-11T15:22:10Z" reason: Completed startedAt: "2026-06-11T15:22:10Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tbccl readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.142.103 podIPs: - ip: 10.0.142.103 qosClass: Burstable startTime: "2026-06-11T15:22:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.11/23"],"mac_address":"0a:58:0a:86:00:0b","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.11/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.11" ], "mac": "0a:58:0a:86:00:0b", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: openshift-state-metrics openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-11T15:22:08Z" generateName: openshift-state-metrics-65f78d5c66- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: openshift-state-metrics app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 65f78d5c66 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-131-203 operation: Update subresource: status time: "2026-06-11T15:22:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"d9f91d18-719e-45c0-bf39-fe7c090f2bdc"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"openshift-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"openshift-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"openshift-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:22:09Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.11"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:12Z" name: openshift-state-metrics-65f78d5c66-ggjrf namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: openshift-state-metrics-65f78d5c66 uid: d9f91d18-719e-45c0-bf39-fe7c090f2bdc resourceVersion: "9910" uid: 14091220-37dd-4abf-a2be-67f6abd54b64 spec: containers: - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n2nlc readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n2nlc readOnly: true - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda imagePullPolicy: IfNotPresent name: openshift-state-metrics resources: requests: cpu: 1m memory: 32Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n2nlc readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: openshift-state-metrics-dockercfg-d4xhh nodeName: ip-10-0-131-203.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: openshift-state-metrics serviceAccountName: openshift-state-metrics terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: openshift-state-metrics-tls secret: defaultMode: 420 secretName: openshift-state-metrics-tls - name: openshift-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: openshift-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-api-access-n2nlc projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:12Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:08Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:12Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:12Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://7c5049069a322f9e60d63498ef8bdcd52bc0ba522a19fa4432611fef6a2d4c6c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-main ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:09Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n2nlc readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://60c5edfc7e4d7927a170eb19bd476332d18bc232050ca358ba317ca1e5dcca34 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-self ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:09Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n2nlc readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 32Mi containerID: cri-o://51b3209152a8f052f5cdb6909caa0661161805bfa37cea62003b0f7d8fb18d97 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda lastState: {} name: openshift-state-metrics ready: true resources: requests: cpu: 1m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:11Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n2nlc readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.203 hostIPs: - ip: 10.0.131.203 observedGeneration: 1 phase: Running podIP: 10.134.0.11 podIPs: - ip: 10.134.0.11 qosClass: Burstable startTime: "2026-06-11T15:22:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.24/23"],"mac_address":"0a:58:0a:84:00:18","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.24/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.24" ], "mac": "0a:58:0a:84:00:18", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus openshift.io/required-scc: nonroot openshift.io/scc: nonroot security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-11T15:23:35Z" generateName: prometheus-k8s- generation: 1 labels: app.kubernetes.io/component: prometheus app.kubernetes.io/instance: k8s app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 3.7.3 apps.kubernetes.io/pod-index: "0" controller-revision-hash: prometheus-k8s-64988859c6 operator.prometheus.io/name: k8s operator.prometheus.io/shard: "0" prometheus: k8s statefulset.kubernetes.io/pod-name: prometheus-k8s-0 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-142-103 operation: Update subresource: status time: "2026-06-11T15:23:35Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:apps.kubernetes.io/pod-index: {} f:controller-revision-hash: {} f:operator.prometheus.io/name: {} f:operator.prometheus.io/shard: {} f:prometheus: {} f:statefulset.kubernetes.io/pod-name: {} f:ownerReferences: .: {} k:{"uid":"53f63a13-75b2-4ea1-b560-450089e245fd"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-thanos"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10903,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prometheus"}: .: {} f:args: {} f:env: .: {} k:{"name":"GOGC"}: .: {} f:name: {} f:value: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:readinessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:startupProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/metrics-client-ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/metrics-client-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/prometheus"}: .: {} f:mountPath: {} f:name: {} k:{"name":"thanos-sidecar"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10901,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":10902,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/thanos/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostname: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:shareProcessNamespace: {} f:subdomain: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-k8s-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-0"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-1"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-2"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-thanos-sidecar-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"thanos-prometheus-http-client-file"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:23:35Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:23:36Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.24"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:24:36Z" name: prometheus-k8s-0 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: prometheus-k8s uid: 53f63a13-75b2-4ea1-b560-450089e245fd resourceVersion: "12028" uid: f75517f1-a9cc-498f-800b-d73d1d2bcde4 spec: automountServiceAccountToken: true containers: - args: - --config.file=/etc/prometheus/config_out/prometheus.env.yaml - --web.enable-lifecycle - --enable-feature=delayed-compaction,use-uncached-io - --web.external-url=https://console-openshift-console.apps.0fa2c7de-5e3d-4367-9d71-0b0771b1c7ed.prod.konfluxeaas.com/monitoring - --web.route-prefix=/ - --web.listen-address=127.0.0.1:9090 - --storage.tsdb.retention.time=15d - --storage.tsdb.path=/prometheus - --web.config.file=/etc/prometheus/web_config/web-config.yaml - --scrape.timestamp-tolerance=15ms - --no-auto-gomemlimit env: - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY - name: GOGC value: "100" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b imagePullPolicy: IfNotPresent livenessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/healthy; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/healthy; else exit 1; fi failureThreshold: 6 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus readinessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 resources: requests: cpu: 70m memory: 1Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true startupProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 60 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem/ name: prometheus-trusted-ca-bundle - mountPath: /etc/prometheus/config_out name: config-out readOnly: true - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true - mountPath: /prometheus name: prometheus-k8s-db - mountPath: /etc/prometheus/secrets/prometheus-k8s-tls name: secret-prometheus-k8s-tls readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/prometheus/secrets/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web name: secret-prometheus-k8s-kube-rbac-proxy-web readOnly: true - mountPath: /etc/prometheus/secrets/metrics-client-certs name: secret-metrics-client-certs readOnly: true - mountPath: /etc/prometheus/configmaps/serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/metrics-client-ca name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 readOnly: true - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true - args: - --listen-address=localhost:8080 - --web-config-file=/etc/prometheus/web_config/web-config.yaml - --reload-url=http://localhost:9090/-/reload - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true - args: - sidecar - --prometheus.url=http://localhost:9090/ - --tsdb.path=/prometheus - --http-address=127.0.0.1:10902 - --grpc-server-tls-cert=/etc/tls/grpc/server.crt - --grpc-server-tls-key=/etc/tls/grpc/server.key - --grpc-server-tls-client-ca=/etc/tls/grpc/ca.crt image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imagePullPolicy: IfNotPresent name: thanos-sidecar ports: - containerPort: 10902 name: http protocol: TCP - containerPort: 10901 name: grpc protocol: TCP resources: requests: cpu: 1m memory: 25Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /etc/thanos/config name: thanos-prometheus-http-client-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/kube-rbac-proxy name: secret-prometheus-k8s-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9090 - --allow-paths=/metrics,/federate - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true - args: - --secure-listen-address=[$(POD_IP)]:10903 - --upstream=http://127.0.0.1:10902 - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/metrics - --tls-min-version=VersionTLS12 env: - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-thanos ports: - containerPort: 10903 name: thanos-proxy protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: prometheus-k8s-0 imagePullSecrets: - name: prometheus-k8s-dockercfg-66d5t initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-init protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true nodeName: ip-10-0-142-103.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c21,c15 serviceAccount: prometheus-k8s serviceAccountName: prometheus-k8s shareProcessNamespace: false subdomain: prometheus-operated terminationGracePeriodSeconds: 600 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: config secret: defaultMode: 420 secretName: prometheus-k8s - name: tls-assets projected: defaultMode: 420 sources: - secret: name: prometheus-k8s-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-prometheus-k8s-tls secret: defaultMode: 420 secretName: prometheus-k8s-tls - name: secret-prometheus-k8s-thanos-sidecar-tls secret: defaultMode: 420 secretName: prometheus-k8s-thanos-sidecar-tls - name: secret-kube-rbac-proxy secret: defaultMode: 420 secretName: kube-rbac-proxy - name: secret-prometheus-k8s-kube-rbac-proxy-web secret: defaultMode: 420 secretName: prometheus-k8s-kube-rbac-proxy-web - name: secret-metrics-client-certs secret: defaultMode: 420 secretName: metrics-client-certs - configMap: defaultMode: 420 name: serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - configMap: defaultMode: 420 name: metrics-client-ca name: configmap-metrics-client-ca - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-0 optional: true name: prometheus-k8s-rulefiles-0 - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-1 optional: true name: prometheus-k8s-rulefiles-1 - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-2 optional: true name: prometheus-k8s-rulefiles-2 - name: web-config secret: defaultMode: 420 secretName: prometheus-k8s-web-config - name: thanos-prometheus-http-client-file secret: defaultMode: 420 secretName: prometheus-k8s-thanos-prometheus-http-client-file - emptyDir: {} name: prometheus-k8s-db - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: prometheus-trusted-ca-bundle name: prometheus-trusted-ca-bundle - name: secret-grpc-tls secret: defaultMode: 420 secretName: prometheus-k8s-grpc-tls-3jsspjddjeadv - name: kube-api-access-vlzfn projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:23:36Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:23:36Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:24:36Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:24:36Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:23:35Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://2e414ed99d36e92ae4ee8b65e87606d3ab5f69cda2cd2728b2f5eadbc0026368 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://d05c513748e25e2b90e18d5bab6d02b5e153ea4d828f06cbf54220279562ec60 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:37Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://956b61c88de615b17e21eaefaa21388af48fd55b70ce07a209e1ec054fb02447 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-thanos ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:37Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://29527a1a9aa5dfaef443250b3f83c1597495f52b554475b186e95b9d673d17a7 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/kube-rbac-proxy name: secret-prometheus-k8s-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 70m memory: 1Gi containerID: cri-o://c62db1da146ee47c2e374afb4761a9b1f0da86a1bd96a69fca51810f1a4de11c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b lastState: {} name: prometheus ready: true resources: requests: cpu: 70m memory: 1Gi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem/ name: prometheus-trusted-ca-bundle - mountPath: /etc/prometheus/config_out name: config-out readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true recursiveReadOnly: Disabled - mountPath: /prometheus name: prometheus-k8s-db - mountPath: /etc/prometheus/secrets/prometheus-k8s-tls name: secret-prometheus-k8s-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web name: secret-prometheus-k8s-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/metrics-client-certs name: secret-metrics-client-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/metrics-client-ca name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 25Mi containerID: cri-o://cb4ac29ced8243ba16efc81c46b135c317732be95a94e9c02c37eb76a968a7db image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:640fefc608be90a772c385f404c6385b035e679a671f1861810ac7d1db805f84 lastState: {} name: thanos-sidecar ready: true resources: requests: cpu: 1m memory: 25Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:23:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /etc/thanos/config name: thanos-prometheus-http-client-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.142.103 hostIPs: - ip: 10.0.142.103 initContainerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://fb1e65dec73f23b29f29e911a06d42f347a86deae9d2bcadba36001d5eac554a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: init-config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: false state: terminated: containerID: cri-o://fb1e65dec73f23b29f29e911a06d42f347a86deae9d2bcadba36001d5eac554a exitCode: 0 finishedAt: "2026-06-11T15:23:36Z" reason: Completed startedAt: "2026-06-11T15:23:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vlzfn readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.132.0.24 podIPs: - ip: 10.132.0.24 qosClass: Burstable startTime: "2026-06-11T15:23:35Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.18/23"],"mac_address":"0a:58:0a:84:00:12","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.18/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.18" ], "mac": "0a:58:0a:84:00:12", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-11T15:22:02Z" generateName: prometheus-operator-7f7d445d84- generation: 1 labels: app.kubernetes.io/component: controller app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.87.0 pod-template-hash: 7f7d445d84 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-142-103 operation: Update subresource: status time: "2026-06-11T15:22:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"fe49aabf-50e1-49c9-9172-bdd41ecaff4a"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prometheus-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"GOGC"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-operator-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"prometheus-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:22:04Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.18"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:07Z" name: prometheus-operator-7f7d445d84-gbbv9 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: prometheus-operator-7f7d445d84 uid: fe49aabf-50e1-49c9-9172-bdd41ecaff4a resourceVersion: "9488" uid: 66b484ea-bec9-4827-98ab-a4d55ea83c6e spec: automountServiceAccountToken: true containers: - args: - --kubelet-service=kube-system/kubelet - --prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 - --kubelet-endpoints=true - --kubelet-endpointslice=true - --watch-referenced-objects-in-all-namespaces=true - --prometheus-instance-namespaces=openshift-monitoring - --thanos-ruler-instance-namespaces=openshift-monitoring - --alertmanager-instance-namespaces=openshift-monitoring - --config-reloader-cpu-limit=0 - --config-reloader-memory-limit=0 - --config-reloader-cpu-request=1m - --config-reloader-memory-request=10Mi - --web.listen-address=127.0.0.1:8080 - --controller-id=openshift-monitoring/prometheus-operator env: - name: GOGC value: "30" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 imagePullPolicy: IfNotPresent name: prometheus-operator resources: requests: cpu: 5m memory: 150Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2wvpb readOnly: true - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: prometheus-operator-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-policy name: prometheus-operator-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2wvpb readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: prometheus-operator-dockercfg-rzvbs nodeName: ip-10-0-142-103.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: prometheus-operator serviceAccountName: prometheus-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: prometheus-operator-tls secret: defaultMode: 420 secretName: prometheus-operator-tls - name: prometheus-operator-kube-rbac-proxy-config secret: defaultMode: 420 secretName: prometheus-operator-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-api-access-2wvpb projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:07Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:02Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:07Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:07Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:02Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://9db5847e412587d7073f74ca7f02dc70bf084e7a644e6b4bf04fddc4d4d784f9 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:06Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: prometheus-operator-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-policy name: prometheus-operator-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2wvpb readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 5m memory: 150Mi containerID: cri-o://6062ab756aa878b14f1407327b12f2860ec17e79ba053adf1b38151aabcdd957 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b1d74f1177673f5972ed75bc1c4a8362e0cfd29d5a9713b183e573a7827903f3 lastState: {} name: prometheus-operator ready: true resources: requests: cpu: 5m memory: 150Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:06Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2wvpb readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.142.103 hostIPs: - ip: 10.0.142.103 observedGeneration: 1 phase: Running podIP: 10.132.0.18 podIPs: - ip: 10.132.0.18 qosClass: Burstable startTime: "2026-06-11T15:22:02Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.14/23"],"mac_address":"0a:58:0a:85:00:0e","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.14/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.14" ], "mac": "0a:58:0a:85:00:0e", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-11T15:21:59Z" generateName: prometheus-operator-admission-webhook-5b6b8f594- generation: 1 labels: app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator-admission-webhook app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.87.0 pod-template-hash: 5b6b8f594 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-130-159 operation: Update subresource: status time: "2026-06-11T15:21:59Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"5e717b48-95d5-46de-8666-e492eb1daef2"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"prometheus-operator-admission-webhook"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certificates"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:21:59Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:22:00Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.14"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:02Z" name: prometheus-operator-admission-webhook-5b6b8f594-87zdz namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: prometheus-operator-admission-webhook-5b6b8f594 uid: 5e717b48-95d5-46de-8666-e492eb1daef2 resourceVersion: "9361" uid: f45b1668-528a-4e96-8cde-7d68ce60ef3d spec: automountServiceAccountToken: false containers: - args: - --web.enable-tls=true - --web.cert-file=/etc/tls/private/tls.crt - --web.key-file=/etc/tls/private/tls.key - --web.tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --web.tls-min-version=VersionTLS12 - --name-validation-scheme=utf8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: prometheus-operator-admission-webhook ports: - containerPort: 8443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 5m memory: 30Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: tls-certificates readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: prometheus-operator-admission-webhook-dockercfg-m77mb nodeName: ip-10-0-130-159.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: prometheus-operator-admission-webhook serviceAccountName: prometheus-operator-admission-webhook terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certificates secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: prometheus-operator-admission-webhook-tls status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:02Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:21:59Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:02Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:02Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:21:59Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 5m memory: 30Mi containerID: cri-o://4d5129ba0c797946f22c1a7d90b237284741d897b989280cedde7a5cc45ac2ac image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 lastState: {} name: prometheus-operator-admission-webhook ready: true resources: requests: cpu: 5m memory: 30Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:01Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: tls-certificates readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.130.159 hostIPs: - ip: 10.0.130.159 observedGeneration: 1 phase: Running podIP: 10.133.0.14 podIPs: - ip: 10.133.0.14 qosClass: Burstable startTime: "2026-06-11T15:21:59Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.21/23"],"mac_address":"0a:58:0a:84:00:15","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.21/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.21" ], "mac": "0a:58:0a:84:00:15", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user telemeter-token-hash: butacvri7eo95 creationTimestamp: "2026-06-11T15:22:14Z" generateName: telemeter-client-6c6dcbf54d- generation: 1 labels: app.kubernetes.io/component: telemetry-metrics-collector app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: telemeter-client app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 6c6dcbf54d managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-142-103 operation: Update subresource: status time: "2026-06-11T15:22:14Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:telemeter-token-hash: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"dcfae192-37f7-46f7-b7c0-4917cebd12c1"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"reload"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"name":"telemeter-client"}: .: {} f:command: {} f:env: .: {} k:{"name":"ANONYMIZE_LABELS"}: .: {} f:name: {} k:{"name":"FROM"}: .: {} f:name: {} f:value: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"ID"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"TO"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/telemeter"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"federate-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-telemeter-client"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-telemeter-client-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"telemeter-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemeter-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:14Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:22:14Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.21"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:17Z" name: telemeter-client-6c6dcbf54d-95v5m namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: telemeter-client-6c6dcbf54d uid: dcfae192-37f7-46f7-b7c0-4917cebd12c1 resourceVersion: "10161" uid: d3b0bd9f-22fb-478c-9412-680d67d8eef0 spec: containers: - command: - /usr/bin/telemeter-client - --id=$(ID) - --from=$(FROM) - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --from-ca-file=/etc/serving-certs-ca-bundle/service-ca.crt - --from-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token - --to=$(TO) - --to-token-file=/etc/telemeter/token - --listen=localhost:8080 - --anonymize-salt-file=/etc/telemeter/salt - --anonymize-labels=$(ANONYMIZE_LABELS) - --match={__name__=~"cluster:usage:.*"} - --match={__name__="count:up0"} - --match={__name__="count:up1"} - --match={__name__="cluster_version"} - --match={__name__="cluster_version_available_updates"} - --match={__name__="cluster_version_capability"} - --match={__name__="cluster_operator_up"} - --match={__name__="cluster_operator_conditions"} - --match={__name__="cluster_version_payload"} - --match={__name__="cluster_installer"} - --match={__name__="cluster_infrastructure_provider"} - --match={__name__="cluster_feature_set"} - --match={__name__="instance:etcd_object_counts:sum"} - --match={__name__="ALERTS",alertstate="firing",severity=~"critical|warning|info|none"} - --match={__name__="code:apiserver_request_total:rate:sum"} - --match={__name__="cluster:capacity_cpu_cores:sum"} - --match={__name__="cluster:capacity_memory_bytes:sum"} - --match={__name__="cluster:cpu_usage_cores:sum"} - --match={__name__="cluster:memory_usage_bytes:sum"} - --match={__name__="openshift:cpu_usage_cores:sum"} - --match={__name__="openshift:memory_usage_bytes:sum"} - --match={__name__="workload:cpu_usage_cores:sum"} - --match={__name__="workload:memory_usage_bytes:sum"} - --match={__name__="cluster:virt_platform_nodes:sum"} - --match={__name__="cluster:node_instance_type_count:sum"} - --match={__name__="cnv:vmi_status_running:count"} - --match={__name__="cnv_abnormal", reason=~"memory_working_set_delta_from_request|memory_rss_delta_from_request"} - --match={__name__="cluster:vmi_request_cpu_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_sockets:sum"} - --match={__name__="subscription_sync_total"} - --match={__name__="olm_resolution_duration_seconds"} - --match={__name__="csv_succeeded"} - --match={__name__="csv_abnormal"} - --match={__name__="cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum"} - --match={__name__="cluster:kubelet_volume_stats_used_bytes:provisioner:sum"} - --match={__name__="ceph_cluster_total_bytes"} - --match={__name__="ceph_cluster_total_used_raw_bytes"} - --match={__name__="ceph_health_status"} - --match={__name__="odf_system_raw_capacity_total_bytes"} - --match={__name__="odf_system_raw_capacity_used_bytes"} - --match={__name__="odf_system_health_status"} - --match={__name__="job:ceph_osd_metadata:count"} - --match={__name__="job:kube_pv:count"} - --match={__name__="job:odf_system_pvs:count"} - --match={__name__="job:ceph_pools_iops:total"} - --match={__name__="job:ceph_pools_iops_bytes:total"} - --match={__name__="job:ceph_versions_running:count"} - --match={__name__="job:noobaa_total_unhealthy_buckets:sum"} - --match={__name__="job:noobaa_bucket_count:sum"} - --match={__name__="job:noobaa_total_object_count:sum"} - --match={__name__="odf_system_bucket_count", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="odf_system_objects_total", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="noobaa_accounts_num"} - --match={__name__="noobaa_total_usage"} - --match={__name__="console_url"} - --match={__name__="cluster:console_auth_login_requests_total:sum"} - --match={__name__="cluster:console_auth_login_successes_total:sum"} - --match={__name__="cluster:console_auth_login_failures_total:sum"} - --match={__name__="cluster:console_auth_logout_requests_total:sum"} - --match={__name__="cluster:console_usage_users:max"} - --match={__name__="cluster:console_plugins_info:max"} - --match={__name__="cluster:console_customization_perspectives_info:max"} - --match={__name__="cluster:ovnkube_controller_egress_routing_via_host:max"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Pass|Allow|Deny"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Allow|Deny"} - --match={__name__="cluster:network_attachment_definition_instances:max"} - --match={__name__="cluster:network_attachment_definition_enabled_instance_up:max"} - --match={__name__="cluster:ingress_controller_aws_nlb_active:sum"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:min"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:max"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:avg"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:median"} - --match={__name__="cluster:openshift_route_info:tls_termination:sum"} - --match={__name__="openshift:gateway_api_usage:count",gateway_class_type=~"openshift|not-openshift"} - --match={__name__="insightsclient_request_send_total"} - --match={__name__="cam_app_workload_migrations"} - --match={__name__="cluster:apiserver_current_inflight_requests:sum:max_over_time:2m"} - --match={__name__="cluster:alertmanager_integrations:max"} - --match={__name__="cluster:telemetry_selected_series:count"} - --match={__name__="openshift:prometheus_tsdb_head_series:sum"} - --match={__name__="openshift:prometheus_tsdb_head_samples_appended_total:sum"} - --match={__name__="monitoring:container_memory_working_set_bytes:sum"} - --match={__name__="namespace_job:scrape_series_added:topk3_sum1h"} - --match={__name__="namespace_job:scrape_samples_post_metric_relabeling:topk3"} - --match={__name__="monitoring:haproxy_server_http_responses_total:sum"} - --match={__name__="profile:cluster_monitoring_operator_collection_profile:max"} - --match={__name__="vendor_model:node_accelerator_cards:sum",vendor=~"NVIDIA|AMD|GAUDI|INTEL|QUALCOMM|Marvell|Mellanox"} - --match={__name__="rhmi_status"} - --match={__name__="status:upgrading:version:rhoam_state:max"} - --match={__name__="state:rhoam_critical_alerts:max"} - --match={__name__="state:rhoam_warning_alerts:max"} - --match={__name__="rhoam_7d_slo_percentile:max"} - --match={__name__="rhoam_7d_slo_remaining_error_budget:max"} - --match={__name__="cluster_legacy_scheduler_policy"} - --match={__name__="cluster_master_schedulable"} - --match={__name__="che_workspace_status"} - --match={__name__="che_workspace_started_total"} - --match={__name__="che_workspace_failure_total"} - --match={__name__="che_workspace_start_time_seconds_sum"} - --match={__name__="che_workspace_start_time_seconds_count"} - --match={__name__="cco_credentials_mode"} - --match={__name__="cluster:kube_persistentvolume_plugin_type_counts:sum"} - --match={__name__="acm_managed_cluster_info"} - --match={__name__="acm_managed_cluster_worker_cores:max"} - --match={__name__="acm_console_page_count:sum", page=~"overview-classic|overview-fleet|search|search-details|clusters|application|governance"} - --match={__name__="cluster:vsphere_vcenter_info:sum"} - --match={__name__="cluster:vsphere_esxi_version_total:sum"} - --match={__name__="cluster:vsphere_node_hw_version_total:sum"} - --match={__name__="openshift:build_by_strategy:sum"} - --match={__name__="rhods_aggregate_availability"} - --match={__name__="rhods_total_users"} - --match={__name__="instance:etcd_disk_wal_fsync_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_bytes:sum"} - --match={__name__="instance:etcd_network_peer_round_trip_time_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_use_in_bytes:sum"} - --match={__name__="instance:etcd_disk_backend_commit_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="jaeger_operator_instances_storage_types"} - --match={__name__="jaeger_operator_instances_strategies"} - --match={__name__="jaeger_operator_instances_agent_strategies"} - --match={__name__="type:tempo_operator_tempostack_storage_backend:sum",type=~"azure|gcs|s3"} - --match={__name__="state:tempo_operator_tempostack_managed:sum",state=~"Managed|Unmanaged"} - --match={__name__="type:tempo_operator_tempostack_multi_tenancy:sum",type=~"static|openshift|disabled"} - --match={__name__="enabled:tempo_operator_tempostack_jaeger_ui:sum",enabled=~"true|false"} - --match={__name__="type:opentelemetry_collector_receivers:sum",type=~"jaeger|hostmetrics|opencensus|prometheus|zipkin|kafka|filelog|journald|k8sevents|kubeletstats|k8scluster|k8sobjects|otlp"} - --match={__name__="type:opentelemetry_collector_exporters:sum",type=~"debug|logging|otlp|otlphttp|prometheus|lokiexporter|kafka|awscloudwatchlogs|loadbalancing"} - --match={__name__="type:opentelemetry_collector_processors:sum",type=~"batch|memorylimiter|attributes|resource|span|k8sattributes|resourcedetection|filter|routing|cumulativetodelta|groupbyattrs"} - --match={__name__="type:opentelemetry_collector_extensions:sum",type=~"zpages|ballast|memorylimiter|jaegerremotesampling|healthcheck|pprof|oauth2clientauth|oidcauth|bearertokenauth|filestorage"} - --match={__name__="type:opentelemetry_collector_connectors:sum",type=~"spanmetrics|forward"} - --match={__name__="type:opentelemetry_collector_info:sum",type=~"deployment|daemonset|sidecar|statefulset"} - --match={__name__="appsvcs:cores_by_product:sum"} - --match={__name__="nto_custom_profiles:count"} - --match={__name__="openshift_csi_share_configmap"} - --match={__name__="openshift_csi_share_secret"} - --match={__name__="openshift_csi_share_mount_failures_total"} - --match={__name__="openshift_csi_share_mount_requests_total"} - --match={__name__="eo_es_storage_info"} - --match={__name__="eo_es_redundancy_policy_info"} - --match={__name__="eo_es_defined_delete_namespaces_total"} - --match={__name__="eo_es_misconfigured_memory_resources_info"} - --match={__name__="cluster:eo_es_data_nodes_total:max"} - --match={__name__="cluster:eo_es_documents_created_total:sum"} - --match={__name__="cluster:eo_es_documents_deleted_total:sum"} - --match={__name__="pod:eo_es_shards_total:max"} - --match={__name__="eo_es_cluster_management_state_info"} - --match={__name__="imageregistry:imagestreamtags_count:sum"} - --match={__name__="imageregistry:operations_count:sum"} - --match={__name__="log_logging_info"} - --match={__name__="log_collector_error_count_total"} - --match={__name__="log_forwarder_pipeline_info"} - --match={__name__="log_forwarder_input_info"} - --match={__name__="log_forwarder_output_info"} - --match={__name__="cluster:log_collected_bytes_total:sum"} - --match={__name__="cluster:log_logged_bytes_total:sum"} - --match={__name__="openshift_logging:log_forwarder_pipelines:sum"} - --match={__name__="openshift_logging:log_forwarders:sum"} - --match={__name__="openshift_logging:log_forwarder_input_type:sum"} - --match={__name__="openshift_logging:log_forwarder_output_type:sum"} - --match={__name__="openshift_logging:vector_component_received_bytes_total:rate5m"} - --match={__name__="cluster:kata_monitor_running_shim_count:sum"} - --match={__name__="platform:hypershift_hostedclusters:max"} - --match={__name__="platform:hypershift_nodepools:max"} - --match={__name__="cluster_name:hypershift_nodepools_size:sum"} - --match={__name__="cluster_name:hypershift_nodepools_available_replicas:sum"} - --match={__name__="namespace:noobaa_unhealthy_bucket_claims:max"} - --match={__name__="namespace:noobaa_buckets_claims:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_resources:max"} - --match={__name__="namespace:noobaa_namespace_resources:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_buckets:max"} - --match={__name__="namespace:noobaa_namespace_buckets:max"} - --match={__name__="namespace:noobaa_accounts:max"} - --match={__name__="namespace:noobaa_usage:max"} - --match={__name__="namespace:noobaa_system_health_status:max"} - --match={__name__="ocs_advanced_feature_usage"} - --match={__name__="os_image_url_override:sum"} - --match={__name__="cluster:mcd_nodes_with_unsupported_packages:count"} - --match={__name__="cluster:mcd_total_unsupported_packages:sum"} - --match={__name__="cluster:vsphere_topology_tags:max"} - --match={__name__="cluster:vsphere_infrastructure_failure_domains:max"} - --match={__name__="apiserver_list_watch_request_success_total:rate:sum", verb=~"LIST|WATCH"} - --match={__name__="rhacs:telemetry:rox_central_info"} - --match={__name__="rhacs:telemetry:rox_central_secured_clusters"} - --match={__name__="rhacs:telemetry:rox_central_secured_nodes"} - --match={__name__="rhacs:telemetry:rox_central_secured_vcpus"} - --match={__name__="rhacs:telemetry:rox_sensor_info"} - --match={__name__="cluster:volume_manager_selinux_pod_context_mismatch_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_warnings_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_errors_total"} - --match={__name__="cluster:volume_manager_selinux_volumes_admitted_total"} - --match={__name__="ols:provider_model_configuration"} - --match={__name__="ols:rest_api_query_calls_total:2xx"} - --match={__name__="ols:rest_api_query_calls_total:4xx"} - --match={__name__="ols:rest_api_query_calls_total:5xx"} - --match={__name__="openshift:openshift_network_operator_ipsec_state:info"} - --match={__name__="cluster:health:group_severity:count", severity=~"critical|warning|info|none"} - --match={__name__="cluster:controlplane_topology:info", mode=~"HighlyAvailable|HighlyAvailableArbiter|SingleReplica|DualReplica|External"} - --match={__name__="cluster:infrastructure_topology:info", mode=~"HighlyAvailable|SingleReplica"} - --match={__name__="cluster:selinux_warning_controller_selinux_volume_conflict:count"} - --match={__name__="cluster:mtv_migrations_status_total:sum", provider=~"ova|vsphere|openstack|openshift|ovirt|awsec2", target=~"Local|Remote", mode=~"Cold|Warm|RCM", status=~"Succeeded|Failed|Canceled"} - --limit-bytes=5242880 env: - name: ANONYMIZE_LABELS - name: FROM value: https://prometheus-k8s.openshift-monitoring.svc:9091 - name: ID value: 12b25cae-52bc-4cb1-87fd-3e38d44bfa6d - name: TO value: https://infogw.api.openshift.com/ - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 imagePullPolicy: IfNotPresent name: telemeter-client ports: - containerPort: 8080 name: http protocol: TCP resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /etc/telemeter name: secret-telemeter-client - mountPath: /etc/tls/private name: federate-client-tls - mountPath: /etc/pki/ca-trust/extracted/pem/ name: telemeter-trusted-ca-bundle readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zth2n readOnly: true - args: - --reload-url=http://localhost:8080/-/reload - --watched-dir=/etc/serving-certs-ca-bundle image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: reload resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zth2n readOnly: true - args: - --secure-listen-address=:8443 - --upstream=http://127.0.0.1:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: telemeter-client-tls - mountPath: /etc/kube-rbac-policy name: secret-telemeter-client-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zth2n readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: telemeter-client-dockercfg-kc9ld nodeName: ip-10-0-142-103.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: telemeter-client serviceAccountName: telemeter-client terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 name: telemeter-client-serving-certs-ca-bundle name: serving-certs-ca-bundle - name: secret-telemeter-client secret: defaultMode: 420 secretName: telemeter-client - name: telemeter-client-tls secret: defaultMode: 420 secretName: telemeter-client-tls - name: federate-client-tls secret: defaultMode: 420 secretName: federate-client-certs - name: secret-telemeter-client-kube-rbac-proxy-config secret: defaultMode: 420 secretName: telemeter-client-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: telemeter-trusted-ca-bundle-8i12ta5c71j38 optional: true name: telemeter-trusted-ca-bundle - name: kube-api-access-zth2n projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:17Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:14Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:17Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:17Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:14Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://44d0d4a997b19ff4612b7638a20cffa963057858b5fec4e665a8517c0bc02996 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:17Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: telemeter-client-tls - mountPath: /etc/kube-rbac-policy name: secret-telemeter-client-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zth2n readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://6012e68f66bbd3e5151dfda71fdf938e67a61ebbf517787617a7d7a603058024 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: reload ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:16Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zth2n readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 40Mi containerID: cri-o://f4d457f0edfc10365fa6fa358797de065bd51e219e7e842f81b178a9b6d4e2ab image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:35da2ec719f2e4e8e93b0fc2b4727287aa13298d1731d73ce391d556f153e027 lastState: {} name: telemeter-client ready: true resources: requests: cpu: 1m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:16Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /etc/telemeter name: secret-telemeter-client - mountPath: /etc/tls/private name: federate-client-tls - mountPath: /etc/pki/ca-trust/extracted/pem/ name: telemeter-trusted-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zth2n readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.142.103 hostIPs: - ip: 10.0.142.103 observedGeneration: 1 phase: Running podIP: 10.132.0.21 podIPs: - ip: 10.132.0.21 qosClass: Burstable startTime: "2026-06-11T15:22:14Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.20/23"],"mac_address":"0a:58:0a:85:00:14","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.20/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.20" ], "mac": "0a:58:0a:85:00:14", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-11T15:22:11Z" generateName: thanos-querier-7d8ddd7b78- generation: 1 labels: app.kubernetes.io/component: query-layer app.kubernetes.io/instance: thanos-querier app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: thanos-query app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.39.2 pod-template-hash: 7d8ddd7b78 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-130-159 operation: Update subresource: status time: "2026-06-11T15:22:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"b3b267cc-120c-4208-aec8-45c010e95f97"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-rules"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9093,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} k:{"name":"thanos-query"}: .: {} f:args: {} f:env: .: {} k:{"name":"HOST_IP_ADDRESS"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-metrics"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-rules"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-11T15:22:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-11T15:22:18Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.20"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-11T15:22:30Z" name: thanos-querier-7d8ddd7b78-8j82p namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: thanos-querier-7d8ddd7b78 uid: b3b267cc-120c-4208-aec8-45c010e95f97 resourceVersion: "10428" uid: 4e250541-4221-4a5f-b1fc-6d5504700671 spec: containers: - args: - query - --grpc-address=127.0.0.1:10901 - --http-address=127.0.0.1:9090 - --log.format=logfmt - --query.replica-label=prometheus_replica - --query.replica-label=thanos_ruler_replica - --endpoint=dnssrv+_grpc._tcp.prometheus-operated.openshift-monitoring.svc.cluster.local - --query.auto-downsampling - --store.sd-dns-resolver=miekgdns - --grpc-client-tls-secure - --grpc-client-tls-cert=/etc/tls/grpc/client.crt - --grpc-client-tls-key=/etc/tls/grpc/client.key - --grpc-client-tls-ca=/etc/tls/grpc/ca.crt - --grpc-client-server-name=prometheus-grpc - --web.disable-cors env: - name: HOST_IP_ADDRESS valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imagePullPolicy: IfNotPresent name: thanos-query ports: - containerPort: 9090 name: http protocol: TCP resources: requests: cpu: 10m memory: 12Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000450000 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 4 httpGet: path: /-/healthy port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP readinessProbe: failureThreshold: 20 httpGet: path: /-/ready port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/query,/api/v1/query_range,/api/v1/labels,/api/v1/label/*/values,/api/v1/series - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true - args: - --insecure-listen-address=127.0.0.1:9095 - --upstream=http://127.0.0.1:9090 - --label=namespace - --enable-label-apis - --error-on-replace - --rules-with-active-alerts - --enable-label-matchers-for-rules-api image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true - args: - --secure-listen-address=0.0.0.0:9093 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/rules,/api/v1/alerts - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-rules ports: - containerPort: 9093 name: tenancy-rules protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-rules - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true - args: - --secure-listen-address=0.0.0.0:9094 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metrics ports: - containerPort: 9094 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-metrics - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: thanos-querier-dockercfg-9twxj nodeName: ip-10-0-130-159.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 runAsNonRoot: true seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: thanos-querier serviceAccountName: thanos-querier terminationGracePeriodSeconds: 120 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: secret-thanos-querier-tls secret: defaultMode: 420 secretName: thanos-querier-tls - name: secret-thanos-querier-kube-rbac-proxy secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy - name: secret-thanos-querier-kube-rbac-proxy-web secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-web - name: secret-thanos-querier-kube-rbac-proxy-rules secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-rules - name: secret-thanos-querier-kube-rbac-proxy-metrics secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-metrics - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: secret-grpc-tls secret: defaultMode: 420 secretName: thanos-querier-grpc-tls-71ab9iiueam55 - name: kube-api-access-fnknk projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:24Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:11Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:30Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:30Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-11T15:22:11Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://f0c447d5215f9337a19c689b995bf8e9b65a97e4ceec3ab2bcec36087e943865 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:22Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://74f55a53ec2d55111e2f825a80b41f960e9d36af1f2e4a4dd3909c72e0a5ed48 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-metrics ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-metrics - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://1b55c857f1c39be55e73a82d71d999b8a5bead6f7442808e18b639c29442557c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-rules ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-rules - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://a159676bbb4ece63d7ffcf1b95f44819a6bb6aa42c560a25d48f308a6394a255 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:21Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://a3d0317b2bf0c8aac4809a4b1ad4d4a51588a8fa6036c4f209a37c0a6154825f image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd lastState: {} name: prom-label-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:23Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 10m memory: 12Mi containerID: cri-o://765c80071af8cb4914bc38f35fce4234ece9201d5d54a1d28234dbf21ce4b9aa image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:640fefc608be90a772c385f404c6385b035e679a671f1861810ac7d1db805f84 lastState: {} name: thanos-query ready: true resources: requests: cpu: 10m memory: 12Mi restartCount: 0 started: true state: running: startedAt: "2026-06-11T15:22:21Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-fnknk readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.130.159 hostIPs: - ip: 10.0.130.159 observedGeneration: 1 phase: Running podIP: 10.133.0.20 podIPs: - ip: 10.133.0.20 qosClass: Burstable startTime: "2026-06-11T15:22:11Z" kind: PodList metadata: resourceVersion: "52820"