--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.25/23"],"mac_address":"0a:58:0a:84:00:19","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.25/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.25" ], "mac": "0a:58:0a:84:00:19", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: alertmanager openshift.io/required-scc: nonroot openshift.io/scc: nonroot security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-03T21:35:30Z" generateName: alertmanager-main- generation: 1 labels: alertmanager: main app.kubernetes.io/component: alert-router app.kubernetes.io/instance: main app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.29.0 apps.kubernetes.io/pod-index: "0" controller-revision-hash: alertmanager-main-5559576b85 statefulset.kubernetes.io/pod-name: alertmanager-main-0 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-141-134 operation: Update subresource: status time: "2026-06-03T21:35:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:alertmanager: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:apps.kubernetes.io/pod-index: {} f:controller-revision-hash: {} f:statefulset.kubernetes.io/pod-name: {} f:ownerReferences: .: {} k:{"uid":"8ba07a51-339a-4eb5-8725-442781fb1387"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"alertmanager"}: .: {} f:args: {} f:env: .: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9094,"protocol":"UDP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/alertmanager"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metric"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9097,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9095,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostname: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:subdomain: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"alertmanager-main-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"alertmanager-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"cluster-tls-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"config-volume"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-alertmanager-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-metric"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-main-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:35:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:35:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.25"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:35:32Z" name: alertmanager-main-0 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: alertmanager-main uid: 8ba07a51-339a-4eb5-8725-442781fb1387 resourceVersion: "11620" uid: 47ed2b92-cd7f-4203-aa2b-c38daf13b620 spec: automountServiceAccountToken: true containers: - args: - --config.file=/etc/alertmanager/config_out/alertmanager.env.yaml - --storage.path=/alertmanager - --data.retention=120h - --cluster.listen-address= - --web.listen-address=127.0.0.1:9093 - --web.external-url=https://console-openshift-console.apps.35321189-559f-4b7f-a3c0-81d94b1ff141.prod.konfluxeaas.com/monitoring - --web.route-prefix=/ - --cluster.label=openshift-monitoring/main - --cluster.peer=alertmanager-main-0.alertmanager-operated:9094 - --cluster.reconnect-timeout=5m - --web.config.file=/etc/alertmanager/web_config/web-config.yaml env: - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 imagePullPolicy: IfNotPresent name: alertmanager ports: - containerPort: 9094 name: mesh-tcp protocol: TCP - containerPort: 9094 name: mesh-udp protocol: UDP resources: requests: cpu: 4m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume - mountPath: /etc/alertmanager/config_out name: config-out readOnly: true - mountPath: /etc/alertmanager/certs name: tls-assets readOnly: true - mountPath: /alertmanager name: alertmanager-main-db - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem/ name: alertmanager-trusted-ca-bundle - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml name: cluster-tls-config readOnly: true subPath: cluster-tls-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true - args: - --listen-address=localhost:8080 - --web-config-file=/etc/alertmanager/web_config/web-config.yaml - --reload-url=http://localhost:9093/-/reload - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true - args: - --secure-listen-address=0.0.0.0:9095 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9095 name: web protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9096 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy - mountPath: /etc/tls/private name: secret-alertmanager-main-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true - args: - --secure-listen-address=0.0.0.0:9097 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metric ports: - containerPort: 9097 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true - args: - --insecure-listen-address=127.0.0.1:9096 - --upstream=http://127.0.0.1:9093 - --label=namespace - --error-on-replace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 20Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: alertmanager-main-0 imagePullSecrets: - name: alertmanager-main-dockercfg-r4zqb initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-init protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true nodeName: ip-10-0-141-134.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c21,c15 serviceAccount: alertmanager-main serviceAccountName: alertmanager-main subdomain: alertmanager-operated terminationGracePeriodSeconds: 120 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: config-volume secret: defaultMode: 420 secretName: alertmanager-main-generated - name: tls-assets projected: defaultMode: 420 sources: - secret: name: alertmanager-main-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-alertmanager-main-tls secret: defaultMode: 420 secretName: alertmanager-main-tls - name: secret-alertmanager-kube-rbac-proxy secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy - name: secret-alertmanager-kube-rbac-proxy-metric secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-metric - name: secret-alertmanager-kube-rbac-proxy-web secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-web - name: web-config secret: defaultMode: 420 secretName: alertmanager-main-web-config - name: cluster-tls-config secret: defaultMode: 420 secretName: alertmanager-main-cluster-tls-config - emptyDir: {} name: alertmanager-main-db - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: alertmanager-trusted-ca-bundle name: alertmanager-trusted-ca-bundle - name: kube-api-access-hkwkw projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:35:31Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:35:31Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:35:32Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:35:32Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:35:30Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 4m memory: 40Mi containerID: cri-o://cd270673d3a6bdf3d9f5a349d3a1e4c79572f619dfb839d4ebef5435f4cb977d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 lastState: {} name: alertmanager ready: true resources: requests: cpu: 4m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume - mountPath: /etc/alertmanager/config_out name: config-out readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/certs name: tls-assets readOnly: true recursiveReadOnly: Disabled - mountPath: /alertmanager name: alertmanager-main-db - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem/ name: alertmanager-trusted-ca-bundle - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml name: cluster-tls-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://290638a563f5b4581a640fbcdb82f9496f8a8843d9c106dd98cadedcedbc9b8b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://2ebebae797774528da5a4d3ffd026610a198b6278789d602c01161f90cad7fc6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy - mountPath: /etc/tls/private name: secret-alertmanager-main-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://402f39ed9289681789edfd78cafe8c6d12526f1b7f626ff4f03897ea7dace185 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-metric ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://4a35934167590702cadb9b210f6ee7b93edc184448aa71845b9f8695d29ccea3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://d48440ded10aae74c059d8a050e3a2eda50b4e7619f39c6f46b50c15eca58b05 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd lastState: {} name: prom-label-proxy ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.141.134 hostIPs: - ip: 10.0.141.134 initContainerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://737d444252e20f86f9422c0e083e76f943fada2e4bb0297ab0be665d174366bb image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: init-config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: false state: terminated: containerID: cri-o://737d444252e20f86f9422c0e083e76f943fada2e4bb0297ab0be665d174366bb exitCode: 0 finishedAt: "2026-06-03T21:35:31Z" reason: Completed startedAt: "2026-06-03T21:35:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hkwkw readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.132.0.25 podIPs: - ip: 10.132.0.25 qosClass: Burstable startTime: "2026-06-03T21:35:30Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.11/23"],"mac_address":"0a:58:0a:86:00:0b","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.11/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.11" ], "mac": "0a:58:0a:86:00:0b", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-03T21:33:24Z" generateName: cluster-monitoring-operator-57769895dd- generation: 1 labels: app: cluster-monitoring-operator app.kubernetes.io/name: cluster-monitoring-operator app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 57769895dd managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-140-77 operation: Update subresource: status time: "2026-06-03T21:33:24Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"4f66e118-eb75-40c2-99fa-89a930c8d7d4"}: {} f:spec: f:containers: k:{"name":"cluster-monitoring-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-monitoring-operator/telemetry"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cluster-monitoring-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemetry-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:33:24Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:33:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.11"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:00Z" name: cluster-monitoring-operator-57769895dd-k2542 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-monitoring-operator-57769895dd uid: 4f66e118-eb75-40c2-99fa-89a930c8d7d4 resourceVersion: "9361" uid: 76bd295a-c44e-4253-8edb-42f4b787d6f1 spec: containers: - args: - -namespace=openshift-monitoring - -namespace-user-workload=openshift-user-workload-monitoring - -configmap=cluster-monitoring-config - -release-version=$(RELEASE_VERSION) - -v=2 - -cert-file=/etc/tls/private/tls.crt - -key-file=/etc/tls/private/tls.key - -images=prometheus-operator=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 - -images=prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 - -images=prometheus-operator-admission-webhook=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 - -images=configmap-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3068d66b76b04572a3ca4be20cbe477525f5191ded00e0b088f7932a17e0b30d - -images=prometheus=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b - -images=alertmanager=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 - -images=node-exporter=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d - -images=kube-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:68134b24e302fa0d3990468b4f24af450f65bc039bd1a1717653b5bfc6a39201 - -images=openshift-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda - -images=kube-rbac-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea - -images=telemeter-client=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 - -images=prom-label-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd - -images=thanos=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 - -images=monitoring-plugin=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a353813c64c18b3a31cd4a8864d298ff7850e13f992bc17b20ed7fe09d49457f - -images=kube-metrics-server=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 env: - name: RELEASE_VERSION value: 4.21.18 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:918cf797d0e81470ae4575ebf4df4b189cb24f06173893277d417b74fdd2f83f imagePullPolicy: IfNotPresent name: cluster-monitoring-operator ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 75Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: cluster-monitoring-operator-tls readOnly: true - mountPath: /etc/cluster-monitoring-operator/telemetry name: telemetry-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dtmn6 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: cluster-monitoring-operator-dockercfg-5nvh7 nodeName: ip-10-0-140-77.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: cluster-monitoring-operator serviceAccountName: cluster-monitoring-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - configMap: defaultMode: 420 name: telemetry-config name: telemetry-config - name: cluster-monitoring-operator-tls secret: defaultMode: 420 secretName: cluster-monitoring-operator-tls - name: kube-api-access-dtmn6 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:00Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:33:24Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:00Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:00Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:33:24Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 75Mi containerID: cri-o://0e95f58c70c90dc584477dc6005377f4f400106a1ff9c5681a1e25657065ce0d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:918cf797d0e81470ae4575ebf4df4b189cb24f06173893277d417b74fdd2f83f imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7254a8c04e9f17465009044222270016263daaa27825aa3f0fc3a37876b2567b lastState: {} name: cluster-monitoring-operator ready: true resources: requests: cpu: 10m memory: 75Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:33:59Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: cluster-monitoring-operator-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cluster-monitoring-operator/telemetry name: telemetry-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dtmn6 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.140.77 hostIPs: - ip: 10.0.140.77 observedGeneration: 1 phase: Running podIP: 10.134.0.11 podIPs: - ip: 10.134.0.11 qosClass: Burstable startTime: "2026-06-03T21:33:24Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.21/23"],"mac_address":"0a:58:0a:84:00:15","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.21/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.21" ], "mac": "0a:58:0a:84:00:15", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: kube-state-metrics openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-03T21:34:08Z" generateName: kube-state-metrics-79fb7d47d4- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 2.17.0 pod-template-hash: 79fb7d47d4 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-141-134 operation: Update subresource: status time: "2026-06-03T21:34:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"ccb01ef4-26f8-43d5-9222-f5eb14764fc5"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-state-metrics"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"kube-state-metrics-custom-resource-state-configmap"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"kube-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"kube-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"volume-directive-shadow"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:34:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.21"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:19Z" name: kube-state-metrics-79fb7d47d4-2skcf namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-state-metrics-79fb7d47d4 uid: ccb01ef4-26f8-43d5-9222-f5eb14764fc5 resourceVersion: "10209" uid: b447e02b-3c42-464a-a5df-6dbad584f70e spec: automountServiceAccountToken: true containers: - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - --custom-resource-state-config-file=/etc/kube-state-metrics/custom-resource-state-configmap.yaml - | --metric-denylist= ^kube_secret_labels$, ^kube_.+_annotations$, ^kube_customresource_.+_annotations_info$, ^kube_customresource_.+_labels_info$ - --metric-labels-allowlist=pods=[*],nodes=[*],namespaces=[*],persistentvolumes=[*],persistentvolumeclaims=[*],poddisruptionbudgets=[*] - | --metric-denylist= ^kube_.+_created$, ^kube_.+_metadata_resource_version$, ^kube_replicaset_metadata_generation$, ^kube_replicaset_status_observed_generation$, ^kube_pod_restart_policy$, ^kube_pod_init_container_status_terminated$, ^kube_pod_init_container_status_running$, ^kube_pod_container_status_terminated$, ^kube_pod_container_status_running$, ^kube_pod_completion_time$, ^kube_pod_status_scheduled$ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:68134b24e302fa0d3990468b4f24af450f65bc039bd1a1717653b5bfc6a39201 imagePullPolicy: IfNotPresent name: kube-state-metrics resources: requests: cpu: 2m memory: 80Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp name: volume-directive-shadow - mountPath: /etc/kube-state-metrics name: kube-state-metrics-custom-resource-state-configmap readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t5zb2 readOnly: true - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t5zb2 readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t5zb2 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-state-metrics-dockercfg-lb879 nodeName: ip-10-0-141-134.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: kube-state-metrics serviceAccountName: kube-state-metrics terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: volume-directive-shadow - name: kube-state-metrics-tls secret: defaultMode: 420 secretName: kube-state-metrics-tls - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: kube-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: kube-state-metrics-custom-resource-state-configmap name: kube-state-metrics-custom-resource-state-configmap - name: kube-api-access-t5zb2 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:19Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:08Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:19Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:19Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://dc490da99b8cfc46796f4a4b5ab27463b909499cf0e407740e67a8cd6a71c4b8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-main ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t5zb2 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://6a535f5e86b649220c75ab74ac05234bf4a09d96a75df3516f209d0ded9e0004 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-self ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t5zb2 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 2m memory: 80Mi containerID: cri-o://b4178920993b003c215fc8665e966a26876aa0a7cb77a6597a10ef7ccacd9819 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:68134b24e302fa0d3990468b4f24af450f65bc039bd1a1717653b5bfc6a39201 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:68134b24e302fa0d3990468b4f24af450f65bc039bd1a1717653b5bfc6a39201 lastState: {} name: kube-state-metrics ready: true resources: requests: cpu: 2m memory: 80Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /tmp name: volume-directive-shadow - mountPath: /etc/kube-state-metrics name: kube-state-metrics-custom-resource-state-configmap readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t5zb2 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.141.134 hostIPs: - ip: 10.0.141.134 observedGeneration: 1 phase: Running podIP: 10.132.0.21 podIPs: - ip: 10.132.0.21 qosClass: Burstable startTime: "2026-06-03T21:34:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.12/23"],"mac_address":"0a:58:0a:85:00:0c","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.12/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.12" ], "mac": "0a:58:0a:85:00:0c", "default": true, "dns": {} }] monitoring.openshift.io/kubelet-serving-ca-bundle-hash: cuq93sjakgc5k monitoring.openshift.io/metrics-server-client-certs-hash: 68o08d7tm36qr monitoring.openshift.io/serving-ca-secret-hash: 45lv7utpuhihs openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-03T21:34:12Z" generateName: metrics-server-75f9fcbb5c- generation: 1 labels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 75f9fcbb5c managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-137-102 operation: Update subresource: status time: "2026-06-03T21:34:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:monitoring.openshift.io/kubelet-serving-ca-bundle-hash: {} f:monitoring.openshift.io/metrics-server-client-certs-hash: {} f:monitoring.openshift.io/serving-ca-secret-hash: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"7c8402d3-2610-4c80-a3d3-f064bde35308"}: {} f:spec: f:containers: k:{"name":"metrics-server"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":10250,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/audit"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/client-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/metrics-server-client-certs"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/log/metrics-server"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"audit-log"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"client-ca-bundle"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"metrics-server-audit-profiles"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-metrics-server-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-server-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:34:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.12"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:52Z" name: metrics-server-75f9fcbb5c-9dwgk namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metrics-server-75f9fcbb5c uid: 7c8402d3-2610-4c80-a3d3-f064bde35308 resourceVersion: "10636" uid: ac16445f-05d1-4f2f-9f51-63c8732e566c spec: containers: - args: - --secure-port=10250 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-certificate-authority=/etc/tls/kubelet-serving-ca-bundle/ca-bundle.crt - --kubelet-client-certificate=/etc/tls/metrics-server-client-certs/tls.crt - --kubelet-client-key=/etc/tls/metrics-server-client-certs/tls.key - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --shutdown-send-retry-after=true - --shutdown-delay-duration=150s - --disable-http2-serving=true - --tls-min-version=VersionTLS12 - --client-ca-file=/etc/client-ca-bundle/client-ca-file - --requestheader-client-ca-file=/etc/client-ca-bundle/requestheader-client-ca-file - --requestheader-allowed-names=kube-apiserver-proxy,system:kube-apiserver-proxy,system:openshift-aggregator - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --audit-policy-file=/etc/audit/metadata-profile.yaml - --audit-log-path=/var/log/metrics-server/audit.log - --audit-log-maxsize=100 - --audit-log-maxbackup=5 - --audit-log-compress=true image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: metrics-server ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 6 httpGet: path: /livez port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000450000 startupProbe: failureThreshold: 6 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-server-client-certs name: secret-metrics-server-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tzzjj readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: metrics-server-dockercfg-d5274 nodeName: ip-10-0-137-102.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: metrics-server serviceAccountName: metrics-server terminationGracePeriodSeconds: 170 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: secret-metrics-server-client-certs secret: defaultMode: 420 secretName: metrics-server-client-certs - name: secret-metrics-server-tls secret: defaultMode: 420 secretName: metrics-server-tls - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - emptyDir: {} name: audit-log - configMap: defaultMode: 420 name: metrics-server-audit-profiles name: metrics-server-audit-profiles - name: client-ca-bundle secret: defaultMode: 420 secretName: metrics-server-3ec5d5s56fv9t - name: kube-api-access-tzzjj projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:14Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:12Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:52Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:52Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:12Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 40Mi containerID: cri-o://50d70287f935a705941b735139bba5f3b5dacd8178ab3c6218f8e8b2cf4414d1 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 lastState: {} name: metrics-server ready: true resources: requests: cpu: 1m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:14Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-server-client-certs name: secret-metrics-server-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true recursiveReadOnly: Disabled - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-tzzjj readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.137.102 hostIPs: - ip: 10.0.137.102 observedGeneration: 1 phase: Running podIP: 10.133.0.12 podIPs: - ip: 10.133.0.12 qosClass: Burstable startTime: "2026-06-03T21:34:12Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.13/23"],"mac_address":"0a:58:0a:85:00:0d","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.13/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.13" ], "mac": "0a:58:0a:85:00:0d", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-03T21:34:12Z" generateName: monitoring-plugin-9b9fc658- generation: 1 labels: app.kubernetes.io/component: monitoring-plugin app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: monitoring-plugin app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 9b9fc658 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-137-102 operation: Update subresource: status time: "2026-06-03T21:34:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"7a893df7-16df-4a7f-8a5d-caa5542eec25"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"monitoring-plugin"}: .: {} f:args: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/cert"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"monitoring-plugin-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:34:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.13"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:17Z" name: monitoring-plugin-9b9fc658-lrjdm namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: monitoring-plugin-9b9fc658 uid: 7a893df7-16df-4a7f-8a5d-caa5542eec25 resourceVersion: "10142" uid: 8ea9d300-056c-4a25-bcfd-bee84c8919b3 spec: automountServiceAccountToken: true containers: - args: - --config-path=/opt/app-root/web/dist - --static-path=/opt/app-root/web/dist - --cert=/var/cert/tls.crt - --key=/var/cert/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 command: - /opt/app-root/plugin-backend image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a353813c64c18b3a31cd4a8864d298ff7850e13f992bc17b20ed7fe09d49457f imagePullPolicy: IfNotPresent name: monitoring-plugin ports: - containerPort: 9443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /health port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/cert name: monitoring-plugin-cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6jvxk readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: monitoring-plugin-dockercfg-2qbbd nodeName: ip-10-0-137-102.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 runAsNonRoot: true seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: monitoring-plugin serviceAccountName: monitoring-plugin terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: monitoring-plugin-cert secret: defaultMode: 420 secretName: monitoring-plugin-cert - name: kube-api-access-6jvxk projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:17Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:12Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:17Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:17Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:12Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 50Mi containerID: cri-o://50f11739b7c8cef11d4e844aae5e9fb2f8e169b8fc985a9106deccf7d7a1329c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a353813c64c18b3a31cd4a8864d298ff7850e13f992bc17b20ed7fe09d49457f imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7107c3fb46ffa8fdca034c5215ccbd676b4cf056f5859fb6b942889b90b50c53 lastState: {} name: monitoring-plugin ready: true resources: requests: cpu: 10m memory: 50Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:17Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/cert name: monitoring-plugin-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6jvxk readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.137.102 hostIPs: - ip: 10.0.137.102 observedGeneration: 1 phase: Running podIP: 10.133.0.13 podIPs: - ip: 10.133.0.13 qosClass: Burstable startTime: "2026-06-03T21:34:12Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-03T21:34:08Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"af91c5fe-cac5-458a-ba35-92479b0a88dc"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.137.102"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:11Z" name: node-exporter-lsp2p namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: af91c5fe-cac5-458a-ba35-92479b0a88dc resourceVersion: "9878" uid: 8a2a86cc-501f-46b9-9cb5-0f12604723f5 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-137-102.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-f9rz9 readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-f9rz9 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-6mf74 initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-f9rz9 readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-137-102.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-f9rz9 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:10Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:10Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:11Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:11Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://2263b24cd109b0d0fb8d08e8676d6afaa1ac8482d7ade61fc9206888ee37e81b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:10Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-f9rz9 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://0a191dff8cd4c11a415988e44aa906ddbd52bc184b034cff77193f60d52153d2 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:10Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-f9rz9 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.137.102 hostIPs: - ip: 10.0.137.102 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://0c848f89e35caaf4e6ef087902fb1ef0253a54d4401aa025133af362b6a54531 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://0c848f89e35caaf4e6ef087902fb1ef0253a54d4401aa025133af362b6a54531 exitCode: 0 finishedAt: "2026-06-03T21:34:10Z" reason: Completed startedAt: "2026-06-03T21:34:10Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-f9rz9 readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.137.102 podIPs: - ip: 10.0.137.102 qosClass: Burstable startTime: "2026-06-03T21:34:08Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-03T21:34:08Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"af91c5fe-cac5-458a-ba35-92479b0a88dc"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.140.77"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:12Z" name: node-exporter-pfh5l namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: af91c5fe-cac5-458a-ba35-92479b0a88dc resourceVersion: "9885" uid: 7b6f78f6-66e5-49e8-8078-be2ad5318f88 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-140-77.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hn2p8 readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hn2p8 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-6mf74 initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hn2p8 readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-140-77.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-hn2p8 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:11Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:11Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:12Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:12Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://5786e75eb15654c9909eed094361c1272f2258ab6794173585f381ae2dd7128e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:11Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hn2p8 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://4395dc66eaf2c5796aa30d345df0d662142af1442d5d53ddbc092c4e75292863 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:11Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hn2p8 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.140.77 hostIPs: - ip: 10.0.140.77 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://b829031f33bc4006f77d61346a913cd56bd49680926c2ca56e54ed1402746d94 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://b829031f33bc4006f77d61346a913cd56bd49680926c2ca56e54ed1402746d94 exitCode: 0 finishedAt: "2026-06-03T21:34:10Z" reason: Completed startedAt: "2026-06-03T21:34:10Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-hn2p8 readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.140.77 podIPs: - ip: 10.0.140.77 qosClass: Burstable startTime: "2026-06-03T21:34:08Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-03T21:34:08Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"af91c5fe-cac5-458a-ba35-92479b0a88dc"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.141.134"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:19Z" name: node-exporter-rtn4n namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: af91c5fe-cac5-458a-ba35-92479b0a88dc resourceVersion: "10218" uid: c83fa458-8d6d-41d7-96fa-7d52e37678f2 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-141-134.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6dj9p readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6dj9p readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-6mf74 initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6dj9p readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-141-134.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-6dj9p projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:15Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:15Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:19Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:19Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://330a0796ba401a9cb8074a1d1f3c13483cdd3749db7ec8d49f94be09abb1846b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6dj9p readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://0ff788319f14bed3b84f285d693dafbe300fea1dcfc110f7bfa40e9a5d9cce87 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:15Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6dj9p readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.141.134 hostIPs: - ip: 10.0.141.134 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://3c6242a28ce4569b7a9840ba682e337071a1efcb58ef86eeebf152de0dba67e5 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://3c6242a28ce4569b7a9840ba682e337071a1efcb58ef86eeebf152de0dba67e5 exitCode: 0 finishedAt: "2026-06-03T21:34:15Z" reason: Completed startedAt: "2026-06-03T21:34:14Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-6dj9p readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.141.134 podIPs: - ip: 10.0.141.134 qosClass: Burstable startTime: "2026-06-03T21:34:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.20/23"],"mac_address":"0a:58:0a:84:00:14","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.20/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.20" ], "mac": "0a:58:0a:84:00:14", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: openshift-state-metrics openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-03T21:34:08Z" generateName: openshift-state-metrics-65f78d5c66- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: openshift-state-metrics app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 65f78d5c66 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-141-134 operation: Update subresource: status time: "2026-06-03T21:34:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"8898a879-513d-45d4-847d-86e9052860de"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"openshift-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"openshift-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"openshift-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:34:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.20"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:19Z" name: openshift-state-metrics-65f78d5c66-bf7gx namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: openshift-state-metrics-65f78d5c66 uid: 8898a879-513d-45d4-847d-86e9052860de resourceVersion: "10213" uid: 2aaa4235-a810-4098-b4ce-56d0be84e3b5 spec: containers: - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2phv8 readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2phv8 readOnly: true - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda imagePullPolicy: IfNotPresent name: openshift-state-metrics resources: requests: cpu: 1m memory: 32Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2phv8 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: openshift-state-metrics-dockercfg-sphfq nodeName: ip-10-0-141-134.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: openshift-state-metrics serviceAccountName: openshift-state-metrics terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: openshift-state-metrics-tls secret: defaultMode: 420 secretName: openshift-state-metrics-tls - name: openshift-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: openshift-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-api-access-2phv8 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:19Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:08Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:19Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:19Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://97722b65dc0333847f11601682fa1e6b4f2c083394abb005f81e8b7eb0966907 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-main ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:13Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2phv8 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://9c8ba359c40545cda788a6575de862842db9b82efd66ba5761e7d817bc30db8a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-self ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:13Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2phv8 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 32Mi containerID: cri-o://98bcfabbc8d4cc9af26b7c02a68b374f1021b3739ac5f977eb39d8a5bbf0496d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda lastState: {} name: openshift-state-metrics ready: true resources: requests: cpu: 1m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2phv8 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.141.134 hostIPs: - ip: 10.0.141.134 observedGeneration: 1 phase: Running podIP: 10.132.0.20 podIPs: - ip: 10.132.0.20 qosClass: Burstable startTime: "2026-06-03T21:34:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.18/23"],"mac_address":"0a:58:0a:86:00:12","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.18/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.18" ], "mac": "0a:58:0a:86:00:12", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus openshift.io/required-scc: nonroot openshift.io/scc: nonroot security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-03T21:35:34Z" generateName: prometheus-k8s- generation: 1 labels: app.kubernetes.io/component: prometheus app.kubernetes.io/instance: k8s app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 3.7.3 apps.kubernetes.io/pod-index: "0" controller-revision-hash: prometheus-k8s-98b6686b8 operator.prometheus.io/name: k8s operator.prometheus.io/shard: "0" prometheus: k8s statefulset.kubernetes.io/pod-name: prometheus-k8s-0 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-140-77 operation: Update subresource: status time: "2026-06-03T21:35:34Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:apps.kubernetes.io/pod-index: {} f:controller-revision-hash: {} f:operator.prometheus.io/name: {} f:operator.prometheus.io/shard: {} f:prometheus: {} f:statefulset.kubernetes.io/pod-name: {} f:ownerReferences: .: {} k:{"uid":"c1792972-52dd-4775-90a9-60d3bd3a3359"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-thanos"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10903,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prometheus"}: .: {} f:args: {} f:env: .: {} k:{"name":"GOGC"}: .: {} f:name: {} f:value: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:readinessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:startupProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/metrics-client-ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/metrics-client-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/prometheus"}: .: {} f:mountPath: {} f:name: {} k:{"name":"thanos-sidecar"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10901,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":10902,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/thanos/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostname: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:shareProcessNamespace: {} f:subdomain: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-k8s-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-0"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-1"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-2"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-thanos-sidecar-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"thanos-prometheus-http-client-file"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:35:34Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:35:34Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.18"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:36:35Z" name: prometheus-k8s-0 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: prometheus-k8s uid: c1792972-52dd-4775-90a9-60d3bd3a3359 resourceVersion: "12158" uid: bda5e71b-710c-4701-82b3-ec7044b972b2 spec: automountServiceAccountToken: true containers: - args: - --config.file=/etc/prometheus/config_out/prometheus.env.yaml - --web.enable-lifecycle - --enable-feature=delayed-compaction,use-uncached-io - --web.external-url=https://console-openshift-console.apps.35321189-559f-4b7f-a3c0-81d94b1ff141.prod.konfluxeaas.com/monitoring - --web.route-prefix=/ - --web.listen-address=127.0.0.1:9090 - --storage.tsdb.retention.time=15d - --storage.tsdb.path=/prometheus - --web.config.file=/etc/prometheus/web_config/web-config.yaml - --scrape.timestamp-tolerance=15ms - --no-auto-gomemlimit env: - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY - name: GOGC value: "100" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b imagePullPolicy: IfNotPresent livenessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/healthy; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/healthy; else exit 1; fi failureThreshold: 6 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus readinessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 resources: requests: cpu: 70m memory: 1Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true startupProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 60 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem/ name: prometheus-trusted-ca-bundle - mountPath: /etc/prometheus/config_out name: config-out readOnly: true - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true - mountPath: /prometheus name: prometheus-k8s-db - mountPath: /etc/prometheus/secrets/prometheus-k8s-tls name: secret-prometheus-k8s-tls readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/prometheus/secrets/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web name: secret-prometheus-k8s-kube-rbac-proxy-web readOnly: true - mountPath: /etc/prometheus/secrets/metrics-client-certs name: secret-metrics-client-certs readOnly: true - mountPath: /etc/prometheus/configmaps/serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/metrics-client-ca name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 readOnly: true - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true - args: - --listen-address=localhost:8080 - --web-config-file=/etc/prometheus/web_config/web-config.yaml - --reload-url=http://localhost:9090/-/reload - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true - args: - sidecar - --prometheus.url=http://localhost:9090/ - --tsdb.path=/prometheus - --http-address=127.0.0.1:10902 - --grpc-server-tls-cert=/etc/tls/grpc/server.crt - --grpc-server-tls-key=/etc/tls/grpc/server.key - --grpc-server-tls-client-ca=/etc/tls/grpc/ca.crt image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imagePullPolicy: IfNotPresent name: thanos-sidecar ports: - containerPort: 10902 name: http protocol: TCP - containerPort: 10901 name: grpc protocol: TCP resources: requests: cpu: 1m memory: 25Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /etc/thanos/config name: thanos-prometheus-http-client-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/kube-rbac-proxy name: secret-prometheus-k8s-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9090 - --allow-paths=/metrics,/federate - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true - args: - --secure-listen-address=[$(POD_IP)]:10903 - --upstream=http://127.0.0.1:10902 - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/metrics - --tls-min-version=VersionTLS12 env: - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-thanos ports: - containerPort: 10903 name: thanos-proxy protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: prometheus-k8s-0 imagePullSecrets: - name: prometheus-k8s-dockercfg-thq4v initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-init protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true nodeName: ip-10-0-140-77.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c21,c15 serviceAccount: prometheus-k8s serviceAccountName: prometheus-k8s shareProcessNamespace: false subdomain: prometheus-operated terminationGracePeriodSeconds: 600 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: config secret: defaultMode: 420 secretName: prometheus-k8s - name: tls-assets projected: defaultMode: 420 sources: - secret: name: prometheus-k8s-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-prometheus-k8s-tls secret: defaultMode: 420 secretName: prometheus-k8s-tls - name: secret-prometheus-k8s-thanos-sidecar-tls secret: defaultMode: 420 secretName: prometheus-k8s-thanos-sidecar-tls - name: secret-kube-rbac-proxy secret: defaultMode: 420 secretName: kube-rbac-proxy - name: secret-prometheus-k8s-kube-rbac-proxy-web secret: defaultMode: 420 secretName: prometheus-k8s-kube-rbac-proxy-web - name: secret-metrics-client-certs secret: defaultMode: 420 secretName: metrics-client-certs - configMap: defaultMode: 420 name: serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - configMap: defaultMode: 420 name: metrics-client-ca name: configmap-metrics-client-ca - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-0 optional: true name: prometheus-k8s-rulefiles-0 - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-1 optional: true name: prometheus-k8s-rulefiles-1 - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-2 optional: true name: prometheus-k8s-rulefiles-2 - name: web-config secret: defaultMode: 420 secretName: prometheus-k8s-web-config - name: thanos-prometheus-http-client-file secret: defaultMode: 420 secretName: prometheus-k8s-thanos-prometheus-http-client-file - emptyDir: {} name: prometheus-k8s-db - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: prometheus-trusted-ca-bundle name: prometheus-trusted-ca-bundle - name: secret-grpc-tls secret: defaultMode: 420 secretName: prometheus-k8s-grpc-tls-2eb7esesu06u - name: kube-api-access-79frl projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:35:35Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:35:35Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:36:35Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:36:35Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:35:34Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://43fcae273f958ca7172d4b648ac88177c54b75f909ce6d28507b37e2df5ec62a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:35Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://370ac248f39a892dd30bace6ff3539ffa3ac88ebab1589b6dee465028f5976ee image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:35Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://680260d6d4382b95a47e57b759f848980ae9ef5de56942a43da7eaea7fb079eb image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-thanos ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:35Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://e12625a620fcb24c13caf5121be84d029a0ece171724e9bad870c88278389850 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:35Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/kube-rbac-proxy name: secret-prometheus-k8s-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 70m memory: 1Gi containerID: cri-o://4b25bd1be7b85f0d373c4e98bde6c83fa55c9d323a007a2aab586e48e3b73748 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b lastState: {} name: prometheus ready: true resources: requests: cpu: 70m memory: 1Gi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:35Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem/ name: prometheus-trusted-ca-bundle - mountPath: /etc/prometheus/config_out name: config-out readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true recursiveReadOnly: Disabled - mountPath: /prometheus name: prometheus-k8s-db - mountPath: /etc/prometheus/secrets/prometheus-k8s-tls name: secret-prometheus-k8s-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web name: secret-prometheus-k8s-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/metrics-client-certs name: secret-metrics-client-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/metrics-client-ca name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 25Mi containerID: cri-o://3b8db1bb5ad44945975f4f01ed11539af3906a9a6fa7948fd425d49b87c1660d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:640fefc608be90a772c385f404c6385b035e679a671f1861810ac7d1db805f84 lastState: {} name: thanos-sidecar ready: true resources: requests: cpu: 1m memory: 25Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:35:35Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /etc/thanos/config name: thanos-prometheus-http-client-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.140.77 hostIPs: - ip: 10.0.140.77 initContainerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://28dd8381194bfa3916fe22c342083361d764b7b2979ec84b40a004406976064d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: init-config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: false state: terminated: containerID: cri-o://28dd8381194bfa3916fe22c342083361d764b7b2979ec84b40a004406976064d exitCode: 0 finishedAt: "2026-06-03T21:35:35Z" reason: Completed startedAt: "2026-06-03T21:35:35Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-79frl readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.134.0.18 podIPs: - ip: 10.134.0.18 qosClass: Burstable startTime: "2026-06-03T21:35:34Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.16/23"],"mac_address":"0a:58:0a:86:00:10","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.16/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.16" ], "mac": "0a:58:0a:86:00:10", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-03T21:34:03Z" generateName: prometheus-operator-7f7d445d84- generation: 1 labels: app.kubernetes.io/component: controller app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.87.0 pod-template-hash: 7f7d445d84 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-140-77 operation: Update subresource: status time: "2026-06-03T21:34:03Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"c4d82018-8566-47ce-b9be-1fd78bc61501"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prometheus-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"GOGC"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-operator-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"prometheus-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:03Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:34:04Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.16"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:06Z" name: prometheus-operator-7f7d445d84-mwj8f namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: prometheus-operator-7f7d445d84 uid: c4d82018-8566-47ce-b9be-1fd78bc61501 resourceVersion: "9497" uid: c2b4d1ec-095f-40d4-9ebf-8fdeb9ea5e8c spec: automountServiceAccountToken: true containers: - args: - --kubelet-service=kube-system/kubelet - --prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 - --kubelet-endpoints=true - --kubelet-endpointslice=true - --watch-referenced-objects-in-all-namespaces=true - --prometheus-instance-namespaces=openshift-monitoring - --thanos-ruler-instance-namespaces=openshift-monitoring - --alertmanager-instance-namespaces=openshift-monitoring - --config-reloader-cpu-limit=0 - --config-reloader-memory-limit=0 - --config-reloader-cpu-request=1m - --config-reloader-memory-request=10Mi - --web.listen-address=127.0.0.1:8080 - --controller-id=openshift-monitoring/prometheus-operator env: - name: GOGC value: "30" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 imagePullPolicy: IfNotPresent name: prometheus-operator resources: requests: cpu: 5m memory: 150Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-k5hqb readOnly: true - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: prometheus-operator-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-policy name: prometheus-operator-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-k5hqb readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: prometheus-operator-dockercfg-ts4sb nodeName: ip-10-0-140-77.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: prometheus-operator serviceAccountName: prometheus-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: prometheus-operator-tls secret: defaultMode: 420 secretName: prometheus-operator-tls - name: prometheus-operator-kube-rbac-proxy-config secret: defaultMode: 420 secretName: prometheus-operator-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-api-access-k5hqb projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:06Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:03Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:06Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:06Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:03Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://fa811c89406cbcc921acb3d14d509357ceeeda3a4f5e253c8f805a2935faff15 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:05Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: prometheus-operator-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-policy name: prometheus-operator-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-k5hqb readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 5m memory: 150Mi containerID: cri-o://db314427c6f4de5c0dd7b35c2a27f72140643c7c4f852ab25b9a547d7949a84c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b1d74f1177673f5972ed75bc1c4a8362e0cfd29d5a9713b183e573a7827903f3 lastState: {} name: prometheus-operator ready: true resources: requests: cpu: 5m memory: 150Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:05Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-k5hqb readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.140.77 hostIPs: - ip: 10.0.140.77 observedGeneration: 1 phase: Running podIP: 10.134.0.16 podIPs: - ip: 10.134.0.16 qosClass: Burstable startTime: "2026-06-03T21:34:03Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.11/23"],"mac_address":"0a:58:0a:85:00:0b","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.11/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.11" ], "mac": "0a:58:0a:85:00:0b", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-03T21:33:59Z" generateName: prometheus-operator-admission-webhook-5b6b8f594- generation: 1 labels: app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator-admission-webhook app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.87.0 pod-template-hash: 5b6b8f594 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-137-102 operation: Update subresource: status time: "2026-06-03T21:33:59Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"359beabe-5e3e-4ee6-bc65-b69246af601a"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"prometheus-operator-admission-webhook"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certificates"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:33:59Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:34:00Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.11"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:02Z" name: prometheus-operator-admission-webhook-5b6b8f594-g2j67 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: prometheus-operator-admission-webhook-5b6b8f594 uid: 359beabe-5e3e-4ee6-bc65-b69246af601a resourceVersion: "9432" uid: 4d607ece-d9d5-4405-997f-32317a4ebd99 spec: automountServiceAccountToken: false containers: - args: - --web.enable-tls=true - --web.cert-file=/etc/tls/private/tls.crt - --web.key-file=/etc/tls/private/tls.key - --web.tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --web.tls-min-version=VersionTLS12 - --name-validation-scheme=utf8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: prometheus-operator-admission-webhook ports: - containerPort: 8443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 5m memory: 30Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: tls-certificates readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: prometheus-operator-admission-webhook-dockercfg-2vz9m nodeName: ip-10-0-137-102.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: prometheus-operator-admission-webhook serviceAccountName: prometheus-operator-admission-webhook terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certificates secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: prometheus-operator-admission-webhook-tls status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:02Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:33:59Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:02Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:02Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:33:59Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 5m memory: 30Mi containerID: cri-o://3aea03964e295008f81edb85dbf62a0a53729af9aa4b4a7642237d57fefe0f80 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 lastState: {} name: prometheus-operator-admission-webhook ready: true resources: requests: cpu: 5m memory: 30Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:01Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: tls-certificates readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.137.102 hostIPs: - ip: 10.0.137.102 observedGeneration: 1 phase: Running podIP: 10.133.0.11 podIPs: - ip: 10.133.0.11 qosClass: Burstable startTime: "2026-06-03T21:33:59Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.15/23"],"mac_address":"0a:58:0a:85:00:0f","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.15/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.15" ], "mac": "0a:58:0a:85:00:0f", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user telemeter-token-hash: butacvri7eo95 creationTimestamp: "2026-06-03T21:34:13Z" generateName: telemeter-client-55585954f7- generation: 1 labels: app.kubernetes.io/component: telemetry-metrics-collector app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: telemeter-client app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 55585954f7 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-137-102 operation: Update subresource: status time: "2026-06-03T21:34:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:telemeter-token-hash: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"554c7736-1812-48bb-a621-5b12d269f287"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"reload"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"name":"telemeter-client"}: .: {} f:command: {} f:env: .: {} k:{"name":"ANONYMIZE_LABELS"}: .: {} f:name: {} k:{"name":"FROM"}: .: {} f:name: {} f:value: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"ID"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"TO"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/telemeter"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"federate-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-telemeter-client"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-telemeter-client-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"telemeter-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemeter-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:34:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.15"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:18Z" name: telemeter-client-55585954f7-zh5lw namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: telemeter-client-55585954f7 uid: 554c7736-1812-48bb-a621-5b12d269f287 resourceVersion: "10192" uid: 72466f78-b706-4f8e-9778-341a278ffe52 spec: containers: - command: - /usr/bin/telemeter-client - --id=$(ID) - --from=$(FROM) - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --from-ca-file=/etc/serving-certs-ca-bundle/service-ca.crt - --from-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token - --to=$(TO) - --to-token-file=/etc/telemeter/token - --listen=localhost:8080 - --anonymize-salt-file=/etc/telemeter/salt - --anonymize-labels=$(ANONYMIZE_LABELS) - --match={__name__=~"cluster:usage:.*"} - --match={__name__="count:up0"} - --match={__name__="count:up1"} - --match={__name__="cluster_version"} - --match={__name__="cluster_version_available_updates"} - --match={__name__="cluster_version_capability"} - --match={__name__="cluster_operator_up"} - --match={__name__="cluster_operator_conditions"} - --match={__name__="cluster_version_payload"} - --match={__name__="cluster_installer"} - --match={__name__="cluster_infrastructure_provider"} - --match={__name__="cluster_feature_set"} - --match={__name__="instance:etcd_object_counts:sum"} - --match={__name__="ALERTS",alertstate="firing",severity=~"critical|warning|info|none"} - --match={__name__="code:apiserver_request_total:rate:sum"} - --match={__name__="cluster:capacity_cpu_cores:sum"} - --match={__name__="cluster:capacity_memory_bytes:sum"} - --match={__name__="cluster:cpu_usage_cores:sum"} - --match={__name__="cluster:memory_usage_bytes:sum"} - --match={__name__="openshift:cpu_usage_cores:sum"} - --match={__name__="openshift:memory_usage_bytes:sum"} - --match={__name__="workload:cpu_usage_cores:sum"} - --match={__name__="workload:memory_usage_bytes:sum"} - --match={__name__="cluster:virt_platform_nodes:sum"} - --match={__name__="cluster:node_instance_type_count:sum"} - --match={__name__="cnv:vmi_status_running:count"} - --match={__name__="cnv_abnormal", reason=~"memory_working_set_delta_from_request|memory_rss_delta_from_request"} - --match={__name__="cluster:vmi_request_cpu_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_sockets:sum"} - --match={__name__="subscription_sync_total"} - --match={__name__="olm_resolution_duration_seconds"} - --match={__name__="csv_succeeded"} - --match={__name__="csv_abnormal"} - --match={__name__="cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum"} - --match={__name__="cluster:kubelet_volume_stats_used_bytes:provisioner:sum"} - --match={__name__="ceph_cluster_total_bytes"} - --match={__name__="ceph_cluster_total_used_raw_bytes"} - --match={__name__="ceph_health_status"} - --match={__name__="odf_system_raw_capacity_total_bytes"} - --match={__name__="odf_system_raw_capacity_used_bytes"} - --match={__name__="odf_system_health_status"} - --match={__name__="job:ceph_osd_metadata:count"} - --match={__name__="job:kube_pv:count"} - --match={__name__="job:odf_system_pvs:count"} - --match={__name__="job:ceph_pools_iops:total"} - --match={__name__="job:ceph_pools_iops_bytes:total"} - --match={__name__="job:ceph_versions_running:count"} - --match={__name__="job:noobaa_total_unhealthy_buckets:sum"} - --match={__name__="job:noobaa_bucket_count:sum"} - --match={__name__="job:noobaa_total_object_count:sum"} - --match={__name__="odf_system_bucket_count", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="odf_system_objects_total", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="noobaa_accounts_num"} - --match={__name__="noobaa_total_usage"} - --match={__name__="console_url"} - --match={__name__="cluster:console_auth_login_requests_total:sum"} - --match={__name__="cluster:console_auth_login_successes_total:sum"} - --match={__name__="cluster:console_auth_login_failures_total:sum"} - --match={__name__="cluster:console_auth_logout_requests_total:sum"} - --match={__name__="cluster:console_usage_users:max"} - --match={__name__="cluster:console_plugins_info:max"} - --match={__name__="cluster:console_customization_perspectives_info:max"} - --match={__name__="cluster:ovnkube_controller_egress_routing_via_host:max"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Pass|Allow|Deny"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Allow|Deny"} - --match={__name__="cluster:network_attachment_definition_instances:max"} - --match={__name__="cluster:network_attachment_definition_enabled_instance_up:max"} - --match={__name__="cluster:ingress_controller_aws_nlb_active:sum"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:min"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:max"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:avg"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:median"} - --match={__name__="cluster:openshift_route_info:tls_termination:sum"} - --match={__name__="openshift:gateway_api_usage:count",gateway_class_type=~"openshift|not-openshift"} - --match={__name__="insightsclient_request_send_total"} - --match={__name__="cam_app_workload_migrations"} - --match={__name__="cluster:apiserver_current_inflight_requests:sum:max_over_time:2m"} - --match={__name__="cluster:alertmanager_integrations:max"} - --match={__name__="cluster:telemetry_selected_series:count"} - --match={__name__="openshift:prometheus_tsdb_head_series:sum"} - --match={__name__="openshift:prometheus_tsdb_head_samples_appended_total:sum"} - --match={__name__="monitoring:container_memory_working_set_bytes:sum"} - --match={__name__="namespace_job:scrape_series_added:topk3_sum1h"} - --match={__name__="namespace_job:scrape_samples_post_metric_relabeling:topk3"} - --match={__name__="monitoring:haproxy_server_http_responses_total:sum"} - --match={__name__="profile:cluster_monitoring_operator_collection_profile:max"} - --match={__name__="vendor_model:node_accelerator_cards:sum",vendor=~"NVIDIA|AMD|GAUDI|INTEL|QUALCOMM|Marvell|Mellanox"} - --match={__name__="rhmi_status"} - --match={__name__="status:upgrading:version:rhoam_state:max"} - --match={__name__="state:rhoam_critical_alerts:max"} - --match={__name__="state:rhoam_warning_alerts:max"} - --match={__name__="rhoam_7d_slo_percentile:max"} - --match={__name__="rhoam_7d_slo_remaining_error_budget:max"} - --match={__name__="cluster_legacy_scheduler_policy"} - --match={__name__="cluster_master_schedulable"} - --match={__name__="che_workspace_status"} - --match={__name__="che_workspace_started_total"} - --match={__name__="che_workspace_failure_total"} - --match={__name__="che_workspace_start_time_seconds_sum"} - --match={__name__="che_workspace_start_time_seconds_count"} - --match={__name__="cco_credentials_mode"} - --match={__name__="cluster:kube_persistentvolume_plugin_type_counts:sum"} - --match={__name__="acm_managed_cluster_info"} - --match={__name__="acm_managed_cluster_worker_cores:max"} - --match={__name__="acm_console_page_count:sum", page=~"overview-classic|overview-fleet|search|search-details|clusters|application|governance"} - --match={__name__="cluster:vsphere_vcenter_info:sum"} - --match={__name__="cluster:vsphere_esxi_version_total:sum"} - --match={__name__="cluster:vsphere_node_hw_version_total:sum"} - --match={__name__="openshift:build_by_strategy:sum"} - --match={__name__="rhods_aggregate_availability"} - --match={__name__="rhods_total_users"} - --match={__name__="instance:etcd_disk_wal_fsync_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_bytes:sum"} - --match={__name__="instance:etcd_network_peer_round_trip_time_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_use_in_bytes:sum"} - --match={__name__="instance:etcd_disk_backend_commit_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="jaeger_operator_instances_storage_types"} - --match={__name__="jaeger_operator_instances_strategies"} - --match={__name__="jaeger_operator_instances_agent_strategies"} - --match={__name__="type:tempo_operator_tempostack_storage_backend:sum",type=~"azure|gcs|s3"} - --match={__name__="state:tempo_operator_tempostack_managed:sum",state=~"Managed|Unmanaged"} - --match={__name__="type:tempo_operator_tempostack_multi_tenancy:sum",type=~"static|openshift|disabled"} - --match={__name__="enabled:tempo_operator_tempostack_jaeger_ui:sum",enabled=~"true|false"} - --match={__name__="type:opentelemetry_collector_receivers:sum",type=~"jaeger|hostmetrics|opencensus|prometheus|zipkin|kafka|filelog|journald|k8sevents|kubeletstats|k8scluster|k8sobjects|otlp"} - --match={__name__="type:opentelemetry_collector_exporters:sum",type=~"debug|logging|otlp|otlphttp|prometheus|lokiexporter|kafka|awscloudwatchlogs|loadbalancing"} - --match={__name__="type:opentelemetry_collector_processors:sum",type=~"batch|memorylimiter|attributes|resource|span|k8sattributes|resourcedetection|filter|routing|cumulativetodelta|groupbyattrs"} - --match={__name__="type:opentelemetry_collector_extensions:sum",type=~"zpages|ballast|memorylimiter|jaegerremotesampling|healthcheck|pprof|oauth2clientauth|oidcauth|bearertokenauth|filestorage"} - --match={__name__="type:opentelemetry_collector_connectors:sum",type=~"spanmetrics|forward"} - --match={__name__="type:opentelemetry_collector_info:sum",type=~"deployment|daemonset|sidecar|statefulset"} - --match={__name__="appsvcs:cores_by_product:sum"} - --match={__name__="nto_custom_profiles:count"} - --match={__name__="openshift_csi_share_configmap"} - --match={__name__="openshift_csi_share_secret"} - --match={__name__="openshift_csi_share_mount_failures_total"} - --match={__name__="openshift_csi_share_mount_requests_total"} - --match={__name__="eo_es_storage_info"} - --match={__name__="eo_es_redundancy_policy_info"} - --match={__name__="eo_es_defined_delete_namespaces_total"} - --match={__name__="eo_es_misconfigured_memory_resources_info"} - --match={__name__="cluster:eo_es_data_nodes_total:max"} - --match={__name__="cluster:eo_es_documents_created_total:sum"} - --match={__name__="cluster:eo_es_documents_deleted_total:sum"} - --match={__name__="pod:eo_es_shards_total:max"} - --match={__name__="eo_es_cluster_management_state_info"} - --match={__name__="imageregistry:imagestreamtags_count:sum"} - --match={__name__="imageregistry:operations_count:sum"} - --match={__name__="log_logging_info"} - --match={__name__="log_collector_error_count_total"} - --match={__name__="log_forwarder_pipeline_info"} - --match={__name__="log_forwarder_input_info"} - --match={__name__="log_forwarder_output_info"} - --match={__name__="cluster:log_collected_bytes_total:sum"} - --match={__name__="cluster:log_logged_bytes_total:sum"} - --match={__name__="openshift_logging:log_forwarder_pipelines:sum"} - --match={__name__="openshift_logging:log_forwarders:sum"} - --match={__name__="openshift_logging:log_forwarder_input_type:sum"} - --match={__name__="openshift_logging:log_forwarder_output_type:sum"} - --match={__name__="openshift_logging:vector_component_received_bytes_total:rate5m"} - --match={__name__="cluster:kata_monitor_running_shim_count:sum"} - --match={__name__="platform:hypershift_hostedclusters:max"} - --match={__name__="platform:hypershift_nodepools:max"} - --match={__name__="cluster_name:hypershift_nodepools_size:sum"} - --match={__name__="cluster_name:hypershift_nodepools_available_replicas:sum"} - --match={__name__="namespace:noobaa_unhealthy_bucket_claims:max"} - --match={__name__="namespace:noobaa_buckets_claims:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_resources:max"} - --match={__name__="namespace:noobaa_namespace_resources:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_buckets:max"} - --match={__name__="namespace:noobaa_namespace_buckets:max"} - --match={__name__="namespace:noobaa_accounts:max"} - --match={__name__="namespace:noobaa_usage:max"} - --match={__name__="namespace:noobaa_system_health_status:max"} - --match={__name__="ocs_advanced_feature_usage"} - --match={__name__="os_image_url_override:sum"} - --match={__name__="cluster:mcd_nodes_with_unsupported_packages:count"} - --match={__name__="cluster:mcd_total_unsupported_packages:sum"} - --match={__name__="cluster:vsphere_topology_tags:max"} - --match={__name__="cluster:vsphere_infrastructure_failure_domains:max"} - --match={__name__="apiserver_list_watch_request_success_total:rate:sum", verb=~"LIST|WATCH"} - --match={__name__="rhacs:telemetry:rox_central_info"} - --match={__name__="rhacs:telemetry:rox_central_secured_clusters"} - --match={__name__="rhacs:telemetry:rox_central_secured_nodes"} - --match={__name__="rhacs:telemetry:rox_central_secured_vcpus"} - --match={__name__="rhacs:telemetry:rox_sensor_info"} - --match={__name__="cluster:volume_manager_selinux_pod_context_mismatch_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_warnings_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_errors_total"} - --match={__name__="cluster:volume_manager_selinux_volumes_admitted_total"} - --match={__name__="ols:provider_model_configuration"} - --match={__name__="ols:rest_api_query_calls_total:2xx"} - --match={__name__="ols:rest_api_query_calls_total:4xx"} - --match={__name__="ols:rest_api_query_calls_total:5xx"} - --match={__name__="openshift:openshift_network_operator_ipsec_state:info"} - --match={__name__="cluster:health:group_severity:count", severity=~"critical|warning|info|none"} - --match={__name__="cluster:controlplane_topology:info", mode=~"HighlyAvailable|HighlyAvailableArbiter|SingleReplica|DualReplica|External"} - --match={__name__="cluster:infrastructure_topology:info", mode=~"HighlyAvailable|SingleReplica"} - --match={__name__="cluster:selinux_warning_controller_selinux_volume_conflict:count"} - --match={__name__="cluster:mtv_migrations_status_total:sum", provider=~"ova|vsphere|openstack|openshift|ovirt|awsec2", target=~"Local|Remote", mode=~"Cold|Warm|RCM", status=~"Succeeded|Failed|Canceled"} - --limit-bytes=5242880 env: - name: ANONYMIZE_LABELS - name: FROM value: https://prometheus-k8s.openshift-monitoring.svc:9091 - name: ID value: ccd9073c-afe0-4ca7-a635-fd6f2b4310fa - name: TO value: https://infogw.api.openshift.com/ - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 imagePullPolicy: IfNotPresent name: telemeter-client ports: - containerPort: 8080 name: http protocol: TCP resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /etc/telemeter name: secret-telemeter-client - mountPath: /etc/tls/private name: federate-client-tls - mountPath: /etc/pki/ca-trust/extracted/pem/ name: telemeter-trusted-ca-bundle readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zwbkk readOnly: true - args: - --reload-url=http://localhost:8080/-/reload - --watched-dir=/etc/serving-certs-ca-bundle image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: reload resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zwbkk readOnly: true - args: - --secure-listen-address=:8443 - --upstream=http://127.0.0.1:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: telemeter-client-tls - mountPath: /etc/kube-rbac-policy name: secret-telemeter-client-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zwbkk readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: telemeter-client-dockercfg-7q4h6 nodeName: ip-10-0-137-102.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: telemeter-client serviceAccountName: telemeter-client terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 name: telemeter-client-serving-certs-ca-bundle name: serving-certs-ca-bundle - name: secret-telemeter-client secret: defaultMode: 420 secretName: telemeter-client - name: telemeter-client-tls secret: defaultMode: 420 secretName: telemeter-client-tls - name: federate-client-tls secret: defaultMode: 420 secretName: federate-client-certs - name: secret-telemeter-client-kube-rbac-proxy-config secret: defaultMode: 420 secretName: telemeter-client-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: telemeter-trusted-ca-bundle-8i12ta5c71j38 optional: true name: telemeter-trusted-ca-bundle - name: kube-api-access-zwbkk projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:18Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:13Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:18Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:18Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:13Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://d01c94aaa808b1a57253b902ae2c5221f11e3beb6b12d0f872c04a05d2ab956f image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: telemeter-client-tls - mountPath: /etc/kube-rbac-policy name: secret-telemeter-client-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zwbkk readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://a5b4c731fe5e3efd3039debb04fd117fe44988b80c38ede141b7e12b8d757aba image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: reload ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zwbkk readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 40Mi containerID: cri-o://f70741138d753cb81b2ae5db275f5377185e883ff0f63bb2ab4afedc353a9351 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:35da2ec719f2e4e8e93b0fc2b4727287aa13298d1731d73ce391d556f153e027 lastState: {} name: telemeter-client ready: true resources: requests: cpu: 1m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:17Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /etc/telemeter name: secret-telemeter-client - mountPath: /etc/tls/private name: federate-client-tls - mountPath: /etc/pki/ca-trust/extracted/pem/ name: telemeter-trusted-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-zwbkk readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.137.102 hostIPs: - ip: 10.0.137.102 observedGeneration: 1 phase: Running podIP: 10.133.0.15 podIPs: - ip: 10.133.0.15 qosClass: Burstable startTime: "2026-06-03T21:34:13Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.23/23"],"mac_address":"0a:58:0a:84:00:17","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.23/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.23" ], "mac": "0a:58:0a:84:00:17", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-03T21:34:10Z" generateName: thanos-querier-584b745c5d- generation: 1 labels: app.kubernetes.io/component: query-layer app.kubernetes.io/instance: thanos-querier app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: thanos-query app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.39.2 pod-template-hash: 584b745c5d managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-141-134 operation: Update subresource: status time: "2026-06-03T21:34:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"d5735f4e-93a8-4d0d-b7b7-afdf7b62f4e2"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-rules"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9093,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} k:{"name":"thanos-query"}: .: {} f:args: {} f:env: .: {} k:{"name":"HOST_IP_ADDRESS"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-metrics"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-rules"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-03T21:34:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-03T21:34:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.23"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-03T21:34:27Z" name: thanos-querier-584b745c5d-q2b6j namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: thanos-querier-584b745c5d uid: d5735f4e-93a8-4d0d-b7b7-afdf7b62f4e2 resourceVersion: "10395" uid: 201e86a8-9f9f-4f17-97c7-9babdfe2de77 spec: containers: - args: - query - --grpc-address=127.0.0.1:10901 - --http-address=127.0.0.1:9090 - --log.format=logfmt - --query.replica-label=prometheus_replica - --query.replica-label=thanos_ruler_replica - --endpoint=dnssrv+_grpc._tcp.prometheus-operated.openshift-monitoring.svc.cluster.local - --query.auto-downsampling - --store.sd-dns-resolver=miekgdns - --grpc-client-tls-secure - --grpc-client-tls-cert=/etc/tls/grpc/client.crt - --grpc-client-tls-key=/etc/tls/grpc/client.key - --grpc-client-tls-ca=/etc/tls/grpc/ca.crt - --grpc-client-server-name=prometheus-grpc - --web.disable-cors env: - name: HOST_IP_ADDRESS valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imagePullPolicy: IfNotPresent name: thanos-query ports: - containerPort: 9090 name: http protocol: TCP resources: requests: cpu: 10m memory: 12Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000450000 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 4 httpGet: path: /-/healthy port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP readinessProbe: failureThreshold: 20 httpGet: path: /-/ready port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/query,/api/v1/query_range,/api/v1/labels,/api/v1/label/*/values,/api/v1/series - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true - args: - --insecure-listen-address=127.0.0.1:9095 - --upstream=http://127.0.0.1:9090 - --label=namespace - --enable-label-apis - --error-on-replace - --rules-with-active-alerts - --enable-label-matchers-for-rules-api image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true - args: - --secure-listen-address=0.0.0.0:9093 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/rules,/api/v1/alerts - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-rules ports: - containerPort: 9093 name: tenancy-rules protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-rules - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true - args: - --secure-listen-address=0.0.0.0:9094 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metrics ports: - containerPort: 9094 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-metrics - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: thanos-querier-dockercfg-68h8c nodeName: ip-10-0-141-134.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 runAsNonRoot: true seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: thanos-querier serviceAccountName: thanos-querier terminationGracePeriodSeconds: 120 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: secret-thanos-querier-tls secret: defaultMode: 420 secretName: thanos-querier-tls - name: secret-thanos-querier-kube-rbac-proxy secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy - name: secret-thanos-querier-kube-rbac-proxy-web secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-web - name: secret-thanos-querier-kube-rbac-proxy-rules secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-rules - name: secret-thanos-querier-kube-rbac-proxy-metrics secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-metrics - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: secret-grpc-tls secret: defaultMode: 420 secretName: thanos-querier-grpc-tls-76k9odp8q2ibt - name: kube-api-access-2jj4n projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:21Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:10Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:27Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:27Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-03T21:34:10Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://8ed8c96a93b9df9c65d0932b77e42e330ddacf62c1e5869cf31fcd0c7b131683 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://e245310b3210c09e3bc991a8813e171d496e3f884f4dc44e03bb2874f43f8a0a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-metrics ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:20Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-metrics - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://853c598fa8a73a8c8af99999c5256eb32f291354f4bd86413488876ca2f9c233 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-rules ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:20Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-rules - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://842c2a3c3d4d24c7533671548feba40b5c76df6c15083246f014bfc57bb2cf52 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://272aa645febe4480db3c2e9c5f2475518ad0cec0fe5b16113afc1910cd92348c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd lastState: {} name: prom-label-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:20Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 10m memory: 12Mi containerID: cri-o://2f8820ec7d1669c5c098dba5e8d2117feee12fa9bd702c2faf00953f7aba74b3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:640fefc608be90a772c385f404c6385b035e679a671f1861810ac7d1db805f84 lastState: {} name: thanos-query ready: true resources: requests: cpu: 10m memory: 12Mi restartCount: 0 started: true state: running: startedAt: "2026-06-03T21:34:18Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2jj4n readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.141.134 hostIPs: - ip: 10.0.141.134 observedGeneration: 1 phase: Running podIP: 10.132.0.23 podIPs: - ip: 10.132.0.23 qosClass: Burstable startTime: "2026-06-03T21:34:10Z" kind: PodList metadata: resourceVersion: "52291"