--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: istio.io/rev: openshift-gateway k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.40/23"],"mac_address":"0a:58:0a:86:00:28","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.40/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.40" ], "mac": "0a:58:0a:86:00:28", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 prometheus.io/path: /stats/prometheus prometheus.io/port: "15020" prometheus.io/scrape: "true" seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-21T02:48:26Z" generateName: data-science-gateway-data-science-gateway-class-55cc67557f- generation: 1 labels: gateway.istio.io/managed: istio.io-gateway-controller gateway.networking.k8s.io/gateway-name: data-science-gateway pod-template-hash: 55cc67557f service.istio.io/canonical-name: data-science-gateway-data-science-gateway-class service.istio.io/canonical-revision: latest sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-131-170 operation: Update subresource: status time: "2026-04-21T02:48:26Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:istio.io/rev: {} f:prometheus.io/path: {} f:prometheus.io/port: {} f:prometheus.io/scrape: {} f:generateName: {} f:labels: .: {} f:gateway.istio.io/managed: {} f:gateway.networking.k8s.io/gateway-name: {} f:pod-template-hash: {} f:service.istio.io/canonical-name: {} f:service.istio.io/canonical-revision: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"53648899-5ce8-4cf4-be03-c78a3781eb4f"}: {} f:spec: f:containers: k:{"name":"istio-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"CA_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"GOMAXPROCS"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"GOMEMLIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"HOST_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"INSTANCE_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_CPU_LIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"ISTIO_META_APP_CONTAINERS"}: .: {} f:name: {} k:{"name":"ISTIO_META_CLUSTER_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_INTERCEPTION_MODE"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_MESH_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_NODE_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_META_OWNER"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_POD_PORTS"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_WORKLOAD_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_CERT_PROVIDER"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROXY_CONFIG"}: .: {} f:name: {} f:value: {} k:{"name":"SERVICE_ACCOUNT"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"TRUST_DOMAIN"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":15020,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15021,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/istio/pod"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/istio/proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/istio/data"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/credential-uds"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/istio"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/tokens"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-credentials"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-uds"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:sysctls: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"credential-socket"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-data"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-envoy"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"istio-podinfo"}: .: {} f:downwardAPI: .: {} f:defaultMode: {} f:items: {} f:name: {} k:{"name":"istio-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"istiod-ca-cert"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"workload-certs"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"workload-socket"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-21T02:48:26Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-21T02:48:27Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.40"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-21T02:48:31Z" name: data-science-gateway-data-science-gateway-class-55cc67557fgw7wh namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: data-science-gateway-data-science-gateway-class-55cc67557f uid: 53648899-5ce8-4cf4-be03-c78a3781eb4f resourceVersion: "16554" uid: 57b32747-a408-4d12-b996-fc025af345f9 spec: containers: - args: - proxy - router - --domain - $(POD_NAMESPACE).svc.cluster.local - --proxyLogLevel - warning - --proxyComponentLogLevel - misc:error - --log_output_level - default:info env: - name: PILOT_CERT_PROVIDER value: istiod - name: CA_ADDR value: istiod-openshift-gateway.openshift-ingress.svc:15012 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: ISTIO_CPU_LIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: PROXY_CONFIG value: | {"discoveryAddress":"istiod-openshift-gateway.openshift-ingress.svc:15012","proxyHeaders":{"server":{"disabled":true},"envoyDebugHeaders":{"disabled":true},"metadataExchangeHeaders":{"mode":"IN_MESH"}}} - name: ISTIO_META_POD_PORTS value: '[]' - name: ISTIO_META_APP_CONTAINERS - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.memory - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: ISTIO_META_CLUSTER_ID value: Kubernetes - name: ISTIO_META_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: ISTIO_META_INTERCEPTION_MODE value: REDIRECT - name: ISTIO_META_WORKLOAD_NAME value: data-science-gateway-data-science-gateway-class - name: ISTIO_META_OWNER value: kubernetes://apis/apps/v1/namespaces/openshift-ingress/deployments/data-science-gateway-data-science-gateway-class - name: ISTIO_META_MESH_ID value: cluster.local - name: TRUST_DOMAIN value: cluster.local image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15020 name: metrics protocol: TCP - containerPort: 15021 name: status-port protocol: TCP - containerPort: 15090 name: http-envoy-prom protocol: TCP readinessProbe: failureThreshold: 4 httpGet: path: /healthz/ready port: 15021 scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1000329999 runAsNonRoot: true runAsUser: 1000329999 startupProbe: failureThreshold: 30 httpGet: path: /healthz/ready port: 15021 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 1 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-rtcdf readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: data-science-gateway-data-science-gateway-class-dockercfg-smvh2 nodeName: ip-10-0-131-170.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0" serviceAccount: data-science-gateway-data-science-gateway-class serviceAccountName: data-science-gateway-data-science-gateway-class terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: workload-socket - emptyDir: {} name: credential-socket - emptyDir: {} name: workload-certs - emptyDir: medium: Memory name: istio-envoy - emptyDir: {} name: istio-data - downwardAPI: defaultMode: 420 items: - fieldRef: apiVersion: v1 fieldPath: metadata.labels path: labels - fieldRef: apiVersion: v1 fieldPath: metadata.annotations path: annotations name: istio-podinfo - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - configMap: defaultMode: 420 name: istio-ca-root-cert name: istiod-ca-cert - name: kube-api-access-rtcdf projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:30Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:27Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:31Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:31Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:26Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 100m memory: 128Mi containerID: cri-o://6a6208597cc07526c8aaf00a8ed93d04bd7f2c66fce1fb8f2e692d5e79b14853 image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imageID: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0a86de591c0c259464e80a5c01e0c85078263846253cd50ef5ac555bcf1e4fec lastState: {} name: istio-proxy ready: true resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-21T02:48:29Z" user: linux: gid: 1000329999 supplementalGroups: - 1000329999 - 1000320000 uid: 1000329999 volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-rtcdf readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.131.170 hostIPs: - ip: 10.0.131.170 phase: Running podIP: 10.134.0.40 podIPs: - ip: 10.134.0.40 qosClass: Burstable startTime: "2026-04-21T02:48:27Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.19/23"],"mac_address":"0a:58:0a:84:00:13","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.19/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.19" ], "mac": "0a:58:0a:84:00:13", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 prometheus.io/port: "15014" prometheus.io/scrape: "true" seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user sidecar.istio.io/inject: "false" creationTimestamp: "2026-04-21T02:48:23Z" generateName: istiod-openshift-gateway-55ff986f96- generation: 1 labels: app: istiod app.kubernetes.io/instance: openshift-gateway-istiod app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: istiod app.kubernetes.io/part-of: istio app.kubernetes.io/version: 1.26.2 helm.sh/chart: istiod-1.26.2 istio: istiod istio.io/dataplane-mode: none istio.io/rev: openshift-gateway operator.istio.io/component: Pilot pod-template-hash: 55ff986f96 sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-137-147 operation: Update subresource: status time: "2026-04-21T02:48:23Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:prometheus.io/port: {} f:prometheus.io/scrape: {} f:sidecar.istio.io/inject: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:helm.sh/chart: {} f:istio: {} f:istio.io/dataplane-mode: {} f:istio.io/rev: {} f:operator.istio.io/component: {} f:pod-template-hash: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"a36dd5bd-eccd-4ff1-8968-a4d727a2717e"}: {} f:spec: f:containers: k:{"name":"discovery"}: .: {} f:args: {} f:env: .: {} k:{"name":"CA_TRUSTED_NODE_ACCOUNTS"}: .: {} f:name: {} f:value: {} k:{"name":"CLUSTER_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ENABLE_GATEWAY_API_INFERENCE_EXTENSION"}: .: {} f:name: {} f:value: {} k:{"name":"ENABLE_GATEWAY_API_MANUAL_DEPLOYMENT"}: .: {} f:name: {} f:value: {} k:{"name":"GOMAXPROCS"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"GOMEMLIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"KUBECONFIG"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_CERT_PROVIDER"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_ALPHA_GATEWAY_API"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_ANALYSIS"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_CA_CERT_ONLY"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_COPY_LABELS_ANNOTATIONS"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_GATEWAYCLASS_CONTROLLER"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_STATUS"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_GATEWAY_API_CONTROLLER_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_GATEWAY_API_DEFAULT_GATEWAYCLASS_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_MULTI_NETWORK_DISCOVER_GATEWAY_API"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_TRACE_SAMPLING"}: .: {} f:name: {} f:value: {} k:{"name":"PLATFORM"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"REVISION"}: .: {} f:name: {} f:value: {} k:{"name":"SERVICE_ACCOUNT"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15010,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15012,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15014,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15017,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cacerts"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/istio-dns"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/istiod/ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/istiod/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/remote"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/tokens"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cacerts"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"istio-csr-ca-configmap"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"istio-csr-dns-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"istio-kubeconfig"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"istio-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"local-certs"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-21T02:48:23Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-21T02:48:23Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.19"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-21T02:48:27Z" name: istiod-openshift-gateway-55ff986f96-cclxf namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: istiod-openshift-gateway-55ff986f96 uid: a36dd5bd-eccd-4ff1-8968-a4d727a2717e resourceVersion: "16469" uid: 861f6e92-414d-4fcb-ad9f-07d80cc5e5d2 spec: containers: - args: - discovery - --monitoringAddr=:15014 - --log_output_level=default:info - --domain - cluster.local - --keepaliveMaxServerConnectionAge - 30m env: - name: REVISION value: openshift-gateway - name: PILOT_CERT_PROVIDER value: istiod - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: KUBECONFIG value: /var/run/secrets/remote/config - name: CA_TRUSTED_NODE_ACCOUNTS value: kube-system/ztunnel - name: ENABLE_GATEWAY_API_INFERENCE_EXTENSION value: "true" - name: ENABLE_GATEWAY_API_MANUAL_DEPLOYMENT value: "false" - name: PILOT_ENABLE_ALPHA_GATEWAY_API value: "false" - name: PILOT_ENABLE_GATEWAY_API value: "true" - name: PILOT_ENABLE_GATEWAY_API_CA_CERT_ONLY value: "true" - name: PILOT_ENABLE_GATEWAY_API_COPY_LABELS_ANNOTATIONS value: "false" - name: PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER value: "true" - name: PILOT_ENABLE_GATEWAY_API_GATEWAYCLASS_CONTROLLER value: "false" - name: PILOT_ENABLE_GATEWAY_API_STATUS value: "true" - name: PILOT_GATEWAY_API_CONTROLLER_NAME value: openshift.io/gateway-controller/v1 - name: PILOT_GATEWAY_API_DEFAULT_GATEWAYCLASS_NAME value: openshift-default - name: PILOT_MULTI_NETWORK_DISCOVER_GATEWAY_API value: "false" - name: PILOT_TRACE_SAMPLING value: "1" - name: PILOT_ENABLE_ANALYSIS value: "false" - name: CLUSTER_ID value: Kubernetes - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: "1" resource: limits.memory - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: "1" resource: limits.cpu - name: PLATFORM value: openshift image: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:028e10651db0d1ddb769a27c9483c6d41be6ac597f253afd9d599f395d9c82d8 imagePullPolicy: IfNotPresent name: discovery ports: - containerPort: 8080 name: http-debug protocol: TCP - containerPort: 15010 name: grpc-xds protocol: TCP - containerPort: 15012 name: tls-xds protocol: TCP - containerPort: 15017 name: https-webhooks protocol: TCP - containerPort: 15014 name: http-monitoring protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: 8080 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 3 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 500m memory: 2Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000320000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/tokens name: istio-token readOnly: true - mountPath: /var/run/secrets/istio-dns name: local-certs - mountPath: /etc/cacerts name: cacerts readOnly: true - mountPath: /var/run/secrets/remote name: istio-kubeconfig readOnly: true - mountPath: /var/run/secrets/istiod/tls name: istio-csr-dns-cert readOnly: true - mountPath: /var/run/secrets/istiod/ca name: istio-csr-ca-configmap readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mxsg8 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: istiod-openshift-gateway-dockercfg-6qwf9 nodeName: ip-10-0-137-147.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault serviceAccount: istiod-openshift-gateway serviceAccountName: istiod-openshift-gateway terminationGracePeriodSeconds: 30 tolerations: - key: cni.istio.io/not-ready operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: medium: Memory name: local-certs - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - name: cacerts secret: defaultMode: 420 optional: true secretName: cacerts - name: istio-kubeconfig secret: defaultMode: 420 optional: true secretName: istio-kubeconfig - name: istio-csr-dns-cert secret: defaultMode: 420 optional: true secretName: istiod-tls - configMap: defaultMode: 420 name: istio-ca-root-cert optional: true name: istio-csr-ca-configmap - name: kube-api-access-mxsg8 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:26Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:23Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:27Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:27Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-21T02:48:23Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 500m memory: 2Gi containerID: cri-o://fd5f8597a02bf6387cfe6059ee03571b57643f06a4c882bde318bc26fa075e4a image: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:028e10651db0d1ddb769a27c9483c6d41be6ac597f253afd9d599f395d9c82d8 imageID: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:028e10651db0d1ddb769a27c9483c6d41be6ac597f253afd9d599f395d9c82d8 lastState: {} name: discovery ready: true resources: requests: cpu: 500m memory: 2Gi restartCount: 0 started: true state: running: startedAt: "2026-04-21T02:48:26Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000320000 uid: 1000320000 volumeMounts: - mountPath: /var/run/secrets/tokens name: istio-token readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/istio-dns name: local-certs - mountPath: /etc/cacerts name: cacerts readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/remote name: istio-kubeconfig readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/istiod/tls name: istio-csr-dns-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/istiod/ca name: istio-csr-ca-configmap readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mxsg8 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.137.147 hostIPs: - ip: 10.0.137.147 phase: Running podIP: 10.132.0.19 podIPs: - ip: 10.132.0.19 qosClass: Burstable startTime: "2026-04-21T02:48:23Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.23/23"],"mac_address":"0a:58:0a:85:00:17","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.23/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.23" ], "mac": "0a:58:0a:85:00:17", "default": true, "dns": {} }] opendatahub.io/secret-hash: fcf7353a2bfde170f3e3ea8bbb3c9e757adb4b95547fcd9c38e29c8e83c50936 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-21T02:47:50Z" generateName: kube-auth-proxy-55fc66fcf7- generation: 1 labels: app: kube-auth-proxy app.kubernetes.io/component: authentication pod-template-hash: 55fc66fcf7 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-134-66 operation: Update subresource: status time: "2026-04-21T02:47:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:opendatahub.io/secret-hash: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/component: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"57971105-d87e-4c25-a3db-82559da295b0"}: {} f:spec: f:containers: k:{"name":"kube-auth-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"OAUTH2_PROXY_CLIENT_ID"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_CLIENT_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_COOKIE_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"PROXY_MODE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":4180,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9000,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:limits: .: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tmp"}: .: {} f:emptyDir: .: {} f:medium: {} f:sizeLimit: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-21T02:47:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-21T02:47:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.23"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-21T02:47:53Z" name: kube-auth-proxy-55fc66fcf7-rd6z5 namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-auth-proxy-55fc66fcf7 uid: 57971105-d87e-4c25-a3db-82559da295b0 resourceVersion: "14885" uid: a90ecd6e-461f-481a-9742-b405e68ba59e spec: containers: - args: - --http-address=0.0.0.0:4180 - --https-address=0.0.0.0:8443 - --metrics-address=0.0.0.0:9000 - --email-domain=* - --upstream=static://200 - --skip-provider-button - --skip-jwt-bearer-tokens=true - --pass-access-token=true - --set-xauthrequest=true - --enable-k8s-token-validation=true - --redirect-url=https://rh-ai.apps.ed445c61-d152-4989-9015-8a2641264289.prod.konfluxeaas.com/oauth2/callback - --tls-cert-file=/etc/tls/private/tls.crt - --tls-key-file=/etc/tls/private/tls.key - --use-system-trust-store=true - --cookie-expire=24h0m0s - --cookie-refresh=1h0m0s - --cookie-secure=true - --cookie-httponly=true - --cookie-samesite=lax - --cookie-name=_oauth2_proxy - --cookie-domain=rh-ai.apps.ed445c61-d152-4989-9015-8a2641264289.prod.konfluxeaas.com - --provider=openshift - --ssl-insecure-skip-verify=false - --scope=user:full env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_ID name: kube-auth-proxy-creds - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_SECRET name: kube-auth-proxy-creds - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_COOKIE_SECRET name: kube-auth-proxy-creds - name: PROXY_MODE value: auth image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imagePullPolicy: IfNotPresent name: kube-auth-proxy ports: - containerPort: 4180 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 9000 name: metrics protocol: TCP resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 1000320000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ntk7r readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-auth-proxy-dockercfg-2526x nodeName: ip-10-0-134-66.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 runAsNonRoot: true seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault serviceAccount: kube-auth-proxy serviceAccountName: kube-auth-proxy terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certs secret: defaultMode: 420 secretName: kube-auth-proxy-tls - emptyDir: medium: Memory sizeLimit: 10Mi name: tmp - name: kube-api-access-ntk7r projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:53Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:50Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:53Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:53Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:50Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 500m memory: 128Mi containerID: cri-o://cb2b5d99127ac5dd84ea82a971d28aa361f15c88f2dabda7facfddfdec2ab311 image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imageID: quay.io/opendatahub/odh-kube-auth-proxy@sha256:67f3167118ee495b68cf87988f404ef41beeca2a1bba3cbd10790736689b49f7 lastState: {} name: kube-auth-proxy ready: true resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-21T02:47:53Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000320000 uid: 1000320000 volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ntk7r readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.134.66 hostIPs: - ip: 10.0.134.66 phase: Running podIP: 10.133.0.23 podIPs: - ip: 10.133.0.23 qosClass: Burstable startTime: "2026-04-21T02:47:50Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.15/23"],"mac_address":"0a:58:0a:84:00:0f","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.15/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.15" ], "mac": "0a:58:0a:84:00:0f", "default": true, "dns": {} }] opendatahub.io/secret-hash: fcf7353a2bfde170f3e3ea8bbb3c9e757adb4b95547fcd9c38e29c8e83c50936 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-21T02:47:50Z" generateName: kube-auth-proxy-55fc66fcf7- generation: 1 labels: app: kube-auth-proxy app.kubernetes.io/component: authentication pod-template-hash: 55fc66fcf7 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-137-147 operation: Update subresource: status time: "2026-04-21T02:47:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:opendatahub.io/secret-hash: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/component: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"57971105-d87e-4c25-a3db-82559da295b0"}: {} f:spec: f:containers: k:{"name":"kube-auth-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"OAUTH2_PROXY_CLIENT_ID"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_CLIENT_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_COOKIE_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"PROXY_MODE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":4180,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9000,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:limits: .: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tmp"}: .: {} f:emptyDir: .: {} f:medium: {} f:sizeLimit: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-21T02:47:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-21T02:47:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.15"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-21T02:47:54Z" name: kube-auth-proxy-55fc66fcf7-wdh67 namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-auth-proxy-55fc66fcf7 uid: 57971105-d87e-4c25-a3db-82559da295b0 resourceVersion: "14894" uid: 838a4b2c-71ad-43cc-ad01-797dad3a3ecf spec: containers: - args: - --http-address=0.0.0.0:4180 - --https-address=0.0.0.0:8443 - --metrics-address=0.0.0.0:9000 - --email-domain=* - --upstream=static://200 - --skip-provider-button - --skip-jwt-bearer-tokens=true - --pass-access-token=true - --set-xauthrequest=true - --enable-k8s-token-validation=true - --redirect-url=https://rh-ai.apps.ed445c61-d152-4989-9015-8a2641264289.prod.konfluxeaas.com/oauth2/callback - --tls-cert-file=/etc/tls/private/tls.crt - --tls-key-file=/etc/tls/private/tls.key - --use-system-trust-store=true - --cookie-expire=24h0m0s - --cookie-refresh=1h0m0s - --cookie-secure=true - --cookie-httponly=true - --cookie-samesite=lax - --cookie-name=_oauth2_proxy - --cookie-domain=rh-ai.apps.ed445c61-d152-4989-9015-8a2641264289.prod.konfluxeaas.com - --provider=openshift - --ssl-insecure-skip-verify=false - --scope=user:full env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_ID name: kube-auth-proxy-creds - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_SECRET name: kube-auth-proxy-creds - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_COOKIE_SECRET name: kube-auth-proxy-creds - name: PROXY_MODE value: auth image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imagePullPolicy: IfNotPresent name: kube-auth-proxy ports: - containerPort: 4180 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 9000 name: metrics protocol: TCP resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 1000320000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ptstm readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-auth-proxy-dockercfg-2526x nodeName: ip-10-0-137-147.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 runAsNonRoot: true seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault serviceAccount: kube-auth-proxy serviceAccountName: kube-auth-proxy terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certs secret: defaultMode: 420 secretName: kube-auth-proxy-tls - emptyDir: medium: Memory sizeLimit: 10Mi name: tmp - name: kube-api-access-ptstm projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:54Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:50Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:54Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:54Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-21T02:47:50Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 500m memory: 128Mi containerID: cri-o://cfe5b59f4a0e18dbb7859e6cf8a32e36b5ecb181f533008efc61829d7ae497a5 image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imageID: quay.io/opendatahub/odh-kube-auth-proxy@sha256:67f3167118ee495b68cf87988f404ef41beeca2a1bba3cbd10790736689b49f7 lastState: {} name: kube-auth-proxy ready: true resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-21T02:47:54Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000320000 uid: 1000320000 volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ptstm readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.137.147 hostIPs: - ip: 10.0.137.147 phase: Running podIP: 10.132.0.15 podIPs: - ip: 10.132.0.15 qosClass: Burstable startTime: "2026-04-21T02:47:50Z" - apiVersion: v1 kind: Pod metadata: annotations: istio.io/rev: openshift-gateway k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.24/23"],"mac_address":"0a:58:0a:84:00:18","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.24/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.24" ], "mac": "0a:58:0a:84:00:18", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 prometheus.io/path: /stats/prometheus prometheus.io/port: "15020" prometheus.io/scrape: "true" seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-21T02:50:12Z" generateName: maas-default-gateway-openshift-default-845c6b4b48- generation: 1 labels: gateway.istio.io/managed: istio.io-gateway-controller gateway.networking.k8s.io/gateway-name: maas-default-gateway pod-template-hash: 845c6b4b48 service.istio.io/canonical-name: maas-default-gateway-openshift-default service.istio.io/canonical-revision: latest sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-137-147 operation: Update subresource: status time: "2026-04-21T02:50:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:istio.io/rev: {} f:prometheus.io/path: {} f:prometheus.io/port: {} f:prometheus.io/scrape: {} f:generateName: {} f:labels: .: {} f:gateway.istio.io/managed: {} f:gateway.networking.k8s.io/gateway-name: {} f:pod-template-hash: {} f:service.istio.io/canonical-name: {} f:service.istio.io/canonical-revision: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"0b6ee71b-0c3a-49df-9345-8a52a19842b5"}: {} f:spec: f:containers: k:{"name":"istio-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"CA_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"GOMAXPROCS"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"GOMEMLIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"HOST_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"INSTANCE_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_CPU_LIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"ISTIO_META_APP_CONTAINERS"}: .: {} f:name: {} k:{"name":"ISTIO_META_CLUSTER_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_INTERCEPTION_MODE"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_MESH_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_NODE_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_META_OWNER"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_POD_PORTS"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_WORKLOAD_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_CERT_PROVIDER"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROXY_CONFIG"}: .: {} f:name: {} f:value: {} k:{"name":"SERVICE_ACCOUNT"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"TRUST_DOMAIN"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":15020,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15021,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/istio/pod"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/istio/proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/istio/data"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/credential-uds"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/istio"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/tokens"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-credentials"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-uds"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:sysctls: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"credential-socket"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-data"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-envoy"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"istio-podinfo"}: .: {} f:downwardAPI: .: {} f:defaultMode: {} f:items: {} f:name: {} k:{"name":"istio-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"istiod-ca-cert"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"workload-certs"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"workload-socket"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-21T02:50:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-21T02:50:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.24"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-21T02:50:32Z" name: maas-default-gateway-openshift-default-845c6b4b48-m5n8z namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: maas-default-gateway-openshift-default-845c6b4b48 uid: 0b6ee71b-0c3a-49df-9345-8a52a19842b5 resourceVersion: "21700" uid: 0918a43b-f702-44ce-ad65-0d11bcadfd54 spec: containers: - args: - proxy - router - --domain - $(POD_NAMESPACE).svc.cluster.local - --proxyLogLevel - warning - --proxyComponentLogLevel - misc:error - --log_output_level - default:info env: - name: PILOT_CERT_PROVIDER value: istiod - name: CA_ADDR value: istiod-openshift-gateway.openshift-ingress.svc:15012 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: ISTIO_CPU_LIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: PROXY_CONFIG value: | {"discoveryAddress":"istiod-openshift-gateway.openshift-ingress.svc:15012","proxyHeaders":{"server":{"disabled":true},"envoyDebugHeaders":{"disabled":true},"metadataExchangeHeaders":{"mode":"IN_MESH"}}} - name: ISTIO_META_POD_PORTS value: '[]' - name: ISTIO_META_APP_CONTAINERS - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.memory - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: ISTIO_META_CLUSTER_ID value: Kubernetes - name: ISTIO_META_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: ISTIO_META_INTERCEPTION_MODE value: REDIRECT - name: ISTIO_META_WORKLOAD_NAME value: maas-default-gateway-openshift-default - name: ISTIO_META_OWNER value: kubernetes://apis/apps/v1/namespaces/openshift-ingress/deployments/maas-default-gateway-openshift-default - name: ISTIO_META_MESH_ID value: cluster.local - name: TRUST_DOMAIN value: cluster.local image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15020 name: metrics protocol: TCP - containerPort: 15021 name: status-port protocol: TCP - containerPort: 15090 name: http-envoy-prom protocol: TCP readinessProbe: failureThreshold: 4 httpGet: path: /healthz/ready port: 15021 scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1000329999 runAsNonRoot: true runAsUser: 1000329999 startupProbe: failureThreshold: 30 httpGet: path: /healthz/ready port: 15021 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 1 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-nlz4b readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: maas-default-gateway-openshift-default-dockercfg-2544j nodeName: ip-10-0-137-147.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0" serviceAccount: maas-default-gateway-openshift-default serviceAccountName: maas-default-gateway-openshift-default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: workload-socket - emptyDir: {} name: credential-socket - emptyDir: {} name: workload-certs - emptyDir: medium: Memory name: istio-envoy - emptyDir: {} name: istio-data - downwardAPI: defaultMode: 420 items: - fieldRef: apiVersion: v1 fieldPath: metadata.labels path: labels - fieldRef: apiVersion: v1 fieldPath: metadata.annotations path: annotations name: istio-podinfo - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - configMap: defaultMode: 420 name: istio-ca-root-cert name: istiod-ca-cert - name: kube-api-access-nlz4b projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-21T02:50:31Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-21T02:50:12Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-21T02:50:32Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-21T02:50:32Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-21T02:50:12Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 100m memory: 128Mi containerID: cri-o://7dda23970d277e5528541b8c2d5ca4f34627feed256a9cebb644985dc6c9a579 image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imageID: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0a86de591c0c259464e80a5c01e0c85078263846253cd50ef5ac555bcf1e4fec lastState: {} name: istio-proxy ready: true resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-21T02:50:31Z" user: linux: gid: 1000329999 supplementalGroups: - 1000329999 - 1000320000 uid: 1000329999 volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-nlz4b readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.137.147 hostIPs: - ip: 10.0.137.147 phase: Running podIP: 10.132.0.24 podIPs: - ip: 10.132.0.24 qosClass: Burstable startTime: "2026-04-21T02:50:12Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.8/23"],"mac_address":"0a:58:0a:85:00:08","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.8/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.8" ], "mac": "0a:58:0a:85:00:08", "default": true, "dns": {} }] openshift.io/required-scc: restricted openshift.io/scc: restricted security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-04-21T02:42:16Z" generateName: router-default-7bc899fb4- generation: 1 labels: ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default ingresscontroller.operator.openshift.io/hash: bc48dbcd9 pod-template-hash: 7bc899fb4 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-134-66 operation: Update subresource: status time: "2026-04-21T02:42:16Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:ingresscontroller.operator.openshift.io/deployment-ingresscontroller: {} f:ingresscontroller.operator.openshift.io/hash: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"2473bde2-adbb-49f7-ac4d-f0b22d89940d"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"router"}: .: {} f:env: .: {} k:{"name":"DEFAULT_CERTIFICATE_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"DEFAULT_DESTINATION_CA_PATH"}: .: {} f:name: {} f:value: {} k:{"name":"RELOAD_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_ALLOW_WILDCARD_ROUTES"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_CANONICAL_HOSTNAME"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_CIPHERS"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_CIPHERSUITES"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_DISABLE_HTTP2"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_DOMAIN"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_ENABLE_EXTERNAL_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_LOAD_BALANCE_ALGORITHM"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_METRICS_TLS_CERT_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_METRICS_TLS_KEY_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_METRICS_TYPE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_SERVICE_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_SERVICE_NAMESPACE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_SET_FORWARDED_HEADERS"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_TCP_BALANCE_SCHEME"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_THREADS"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_USE_PROXY_PROTOCOL"}: .: {} f:name: {} f:value: {} k:{"name":"SSL_MIN_VERSION"}: .: {} f:name: {} f:value: {} k:{"name":"STATS_PASSWORD_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"STATS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"STATS_USERNAME_FILE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:terminationGracePeriodSeconds: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":80,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":1936,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:readOnlyRootFilesystem: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/tls/metrics-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/lib/haproxy/conf/metrics-auth"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/configmaps/service-ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"default-certificate"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"service-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"stats-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-04-21T02:42:16Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-21T02:42:49Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.8"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-21T02:42:50Z" name: router-default-7bc899fb4-fbmpx namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: router-default-7bc899fb4 uid: 2473bde2-adbb-49f7-ac4d-f0b22d89940d resourceVersion: "7862" uid: c8b0f00e-ebfb-4a3b-b87d-ccdff2c64c2b spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node.openshift.io/remote-worker operator: NotIn values: - "" containers: - env: - name: DEFAULT_CERTIFICATE_DIR value: /etc/pki/tls/private - name: DEFAULT_DESTINATION_CA_PATH value: /var/run/configmaps/service-ca/service-ca.crt - name: RELOAD_INTERVAL value: 5s - name: ROUTER_ALLOW_WILDCARD_ROUTES value: "false" - name: ROUTER_CANONICAL_HOSTNAME value: router-default.apps.ed445c61-d152-4989-9015-8a2641264289.prod.konfluxeaas.com - name: ROUTER_CIPHERS value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - name: ROUTER_CIPHERSUITES value: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 - name: ROUTER_DISABLE_HTTP2 value: "true" - name: ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK value: "false" - name: ROUTER_DOMAIN value: apps.ed445c61-d152-4989-9015-8a2641264289.prod.konfluxeaas.com - name: ROUTER_ENABLE_EXTERNAL_CERTIFICATE value: "true" - name: ROUTER_LOAD_BALANCE_ALGORITHM value: random - name: ROUTER_METRICS_TLS_CERT_FILE value: /etc/pki/tls/metrics-certs/tls.crt - name: ROUTER_METRICS_TLS_KEY_FILE value: /etc/pki/tls/metrics-certs/tls.key - name: ROUTER_METRICS_TYPE value: haproxy - name: ROUTER_SERVICE_NAME value: default - name: ROUTER_SERVICE_NAMESPACE value: openshift-ingress - name: ROUTER_SET_FORWARDED_HEADERS value: append - name: ROUTER_TCP_BALANCE_SCHEME value: source - name: ROUTER_THREADS value: "4" - name: ROUTER_USE_PROXY_PROTOCOL value: "true" - name: SSL_MIN_VERSION value: TLSv1.2 - name: STATS_PASSWORD_FILE value: /var/lib/haproxy/conf/metrics-auth/statsPassword - name: STATS_PORT value: "1936" - name: STATS_USERNAME_FILE value: /var/lib/haproxy/conf/metrics-auth/statsUsername image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:294af5c64228434d1ed6ee8ea3ac802e3c999aa847223e3b2efa18425a9fe421 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 1936 scheme: HTTP periodSeconds: 10 successThreshold: 1 terminationGracePeriodSeconds: 10 timeoutSeconds: 1 name: router ports: - containerPort: 80 name: http protocol: TCP - containerPort: 443 name: https protocol: TCP - containerPort: 1936 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz/ready port: 1936 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 100m memory: 256Mi securityContext: allowPrivilegeEscalation: true capabilities: drop: - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000320000 startupProbe: failureThreshold: 120 httpGet: path: /healthz/ready port: 1936 scheme: HTTP periodSeconds: 1 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/pki/tls/private name: default-certificate readOnly: true - mountPath: /var/run/configmaps/service-ca name: service-ca-bundle readOnly: true - mountPath: /var/lib/haproxy/conf/metrics-auth name: stats-auth readOnly: true - mountPath: /etc/pki/tls/metrics-certs name: metrics-certs readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bkhzq readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: router-dockercfg-4dfs2 nodeName: ip-10-0-134-66.ec2.internal nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/worker: "" preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 seLinuxOptions: level: s0:c18,c7 serviceAccount: router serviceAccountName: router terminationGracePeriodSeconds: 3600 tolerations: - effect: NoExecute key: kubernetes.io/e2e-evict-taint-key operator: Equal value: evictTaintVal - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists topologySpreadConstraints: - labelSelector: matchExpressions: - key: ingresscontroller.operator.openshift.io/hash operator: In values: - bc48dbcd9 maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway volumes: - name: default-certificate secret: defaultMode: 420 secretName: default-ingress-cert - configMap: defaultMode: 420 items: - key: service-ca.crt path: service-ca.crt name: service-ca-bundle optional: false name: service-ca-bundle - name: stats-auth secret: defaultMode: 420 secretName: router-stats-default - name: metrics-certs secret: defaultMode: 420 secretName: router-metrics-certs-default - name: kube-api-access-bkhzq projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-21T02:42:49Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-21T02:42:16Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-21T02:42:50Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-21T02:42:50Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-21T02:42:16Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 100m memory: 256Mi containerID: cri-o://8f491178f10ff2001e9a2631d2ab28245116e09a11c04dcf96543fb5b8ab14b7 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:294af5c64228434d1ed6ee8ea3ac802e3c999aa847223e3b2efa18425a9fe421 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:294af5c64228434d1ed6ee8ea3ac802e3c999aa847223e3b2efa18425a9fe421 lastState: {} name: router ready: true resources: requests: cpu: 100m memory: 256Mi restartCount: 0 started: true state: running: startedAt: "2026-04-21T02:42:49Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000320000 uid: 1000320000 volumeMounts: - mountPath: /etc/pki/tls/private name: default-certificate readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/configmaps/service-ca name: service-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/lib/haproxy/conf/metrics-auth name: stats-auth readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/tls/metrics-certs name: metrics-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-bkhzq readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.134.66 hostIPs: - ip: 10.0.134.66 phase: Running podIP: 10.133.0.8 podIPs: - ip: 10.133.0.8 qosClass: Burstable startTime: "2026-04-21T02:42:16Z" kind: PodList metadata: resourceVersion: "27515"