--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: istio.io/rev: openshift-gateway k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.16/23"],"mac_address":"0a:58:0a:84:00:10","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.16/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.16" ], "mac": "0a:58:0a:84:00:10", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 prometheus.io/path: /stats/prometheus prometheus.io/port: "15020" prometheus.io/scrape: "true" seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-17T17:16:17Z" generateName: data-science-gateway-data-science-gateway-class-55cc67557f- generation: 1 labels: gateway.istio.io/managed: istio.io-gateway-controller gateway.networking.k8s.io/gateway-name: data-science-gateway pod-template-hash: 55cc67557f service.istio.io/canonical-name: data-science-gateway-data-science-gateway-class service.istio.io/canonical-revision: latest sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-134-244 operation: Update subresource: status time: "2026-04-17T17:16:17Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:istio.io/rev: {} f:prometheus.io/path: {} f:prometheus.io/port: {} f:prometheus.io/scrape: {} f:generateName: {} f:labels: .: {} f:gateway.istio.io/managed: {} f:gateway.networking.k8s.io/gateway-name: {} f:pod-template-hash: {} f:service.istio.io/canonical-name: {} f:service.istio.io/canonical-revision: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"a39f6c5a-ebf3-4345-947d-ff4b75f518a2"}: {} f:spec: f:containers: k:{"name":"istio-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"CA_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"GOMAXPROCS"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"GOMEMLIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"HOST_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"INSTANCE_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_CPU_LIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"ISTIO_META_APP_CONTAINERS"}: .: {} f:name: {} k:{"name":"ISTIO_META_CLUSTER_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_INTERCEPTION_MODE"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_MESH_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_NODE_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_META_OWNER"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_POD_PORTS"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_WORKLOAD_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_CERT_PROVIDER"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROXY_CONFIG"}: .: {} f:name: {} f:value: {} k:{"name":"SERVICE_ACCOUNT"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"TRUST_DOMAIN"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":15020,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15021,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/istio/pod"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/istio/proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/istio/data"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/credential-uds"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/istio"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/tokens"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-credentials"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-uds"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:sysctls: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"credential-socket"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-data"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-envoy"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"istio-podinfo"}: .: {} f:downwardAPI: .: {} f:defaultMode: {} f:items: {} f:name: {} k:{"name":"istio-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"istiod-ca-cert"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"workload-certs"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"workload-socket"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-17T17:16:17Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-17T17:16:17Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.16"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-17T17:16:22Z" name: data-science-gateway-data-science-gateway-class-55cc67557f6bcz6 namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: data-science-gateway-data-science-gateway-class-55cc67557f uid: a39f6c5a-ebf3-4345-947d-ff4b75f518a2 resourceVersion: "16516" uid: 5a3739be-a28c-4dd1-a517-ec86595a6822 spec: containers: - args: - proxy - router - --domain - $(POD_NAMESPACE).svc.cluster.local - --proxyLogLevel - warning - --proxyComponentLogLevel - misc:error - --log_output_level - default:info env: - name: PILOT_CERT_PROVIDER value: istiod - name: CA_ADDR value: istiod-openshift-gateway.openshift-ingress.svc:15012 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: ISTIO_CPU_LIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: PROXY_CONFIG value: | {"discoveryAddress":"istiod-openshift-gateway.openshift-ingress.svc:15012","proxyHeaders":{"server":{"disabled":true},"envoyDebugHeaders":{"disabled":true},"metadataExchangeHeaders":{"mode":"IN_MESH"}}} - name: ISTIO_META_POD_PORTS value: '[]' - name: ISTIO_META_APP_CONTAINERS - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.memory - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: ISTIO_META_CLUSTER_ID value: Kubernetes - name: ISTIO_META_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: ISTIO_META_INTERCEPTION_MODE value: REDIRECT - name: ISTIO_META_WORKLOAD_NAME value: data-science-gateway-data-science-gateway-class - name: ISTIO_META_OWNER value: kubernetes://apis/apps/v1/namespaces/openshift-ingress/deployments/data-science-gateway-data-science-gateway-class - name: ISTIO_META_MESH_ID value: cluster.local - name: TRUST_DOMAIN value: cluster.local image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15020 name: metrics protocol: TCP - containerPort: 15021 name: status-port protocol: TCP - containerPort: 15090 name: http-envoy-prom protocol: TCP readinessProbe: failureThreshold: 4 httpGet: path: /healthz/ready port: 15021 scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1000329999 runAsNonRoot: true runAsUser: 1000329999 startupProbe: failureThreshold: 30 httpGet: path: /healthz/ready port: 15021 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 1 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7qf4h readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: data-science-gateway-data-science-gateway-class-dockercfg-8gpt2 nodeName: ip-10-0-134-244.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0" serviceAccount: data-science-gateway-data-science-gateway-class serviceAccountName: data-science-gateway-data-science-gateway-class terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: workload-socket - emptyDir: {} name: credential-socket - emptyDir: {} name: workload-certs - emptyDir: medium: Memory name: istio-envoy - emptyDir: {} name: istio-data - downwardAPI: defaultMode: 420 items: - fieldRef: apiVersion: v1 fieldPath: metadata.labels path: labels - fieldRef: apiVersion: v1 fieldPath: metadata.annotations path: annotations name: istio-podinfo - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - configMap: defaultMode: 420 name: istio-ca-root-cert name: istiod-ca-cert - name: kube-api-access-7qf4h projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:21Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:17Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:22Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:22Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:17Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 100m memory: 128Mi containerID: cri-o://34b0ac9a098827f86d874ed718a2202e42156926faecc77bec4b195addf23948 image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imageID: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0a86de591c0c259464e80a5c01e0c85078263846253cd50ef5ac555bcf1e4fec lastState: {} name: istio-proxy ready: true resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-17T17:16:20Z" user: linux: gid: 1000329999 supplementalGroups: - 1000329999 - 1000320000 uid: 1000329999 volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7qf4h readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.134.244 hostIPs: - ip: 10.0.134.244 phase: Running podIP: 10.132.0.16 podIPs: - ip: 10.132.0.16 qosClass: Burstable startTime: "2026-04-17T17:16:17Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.38/23"],"mac_address":"0a:58:0a:86:00:26","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.38/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.38" ], "mac": "0a:58:0a:86:00:26", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 prometheus.io/port: "15014" prometheus.io/scrape: "true" seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user sidecar.istio.io/inject: "false" creationTimestamp: "2026-04-17T17:16:12Z" generateName: istiod-openshift-gateway-55ff986f96- generation: 1 labels: app: istiod app.kubernetes.io/instance: openshift-gateway-istiod app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: istiod app.kubernetes.io/part-of: istio app.kubernetes.io/version: 1.26.2 helm.sh/chart: istiod-1.26.2 istio: istiod istio.io/dataplane-mode: none istio.io/rev: openshift-gateway operator.istio.io/component: Pilot pod-template-hash: 55ff986f96 sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-138-224 operation: Update subresource: status time: "2026-04-17T17:16:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:prometheus.io/port: {} f:prometheus.io/scrape: {} f:sidecar.istio.io/inject: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:helm.sh/chart: {} f:istio: {} f:istio.io/dataplane-mode: {} f:istio.io/rev: {} f:operator.istio.io/component: {} f:pod-template-hash: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"8a430602-38d5-4f77-9d64-0fa2b2e2a6ed"}: {} f:spec: f:containers: k:{"name":"discovery"}: .: {} f:args: {} f:env: .: {} k:{"name":"CA_TRUSTED_NODE_ACCOUNTS"}: .: {} f:name: {} f:value: {} k:{"name":"CLUSTER_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ENABLE_GATEWAY_API_INFERENCE_EXTENSION"}: .: {} f:name: {} f:value: {} k:{"name":"ENABLE_GATEWAY_API_MANUAL_DEPLOYMENT"}: .: {} f:name: {} f:value: {} k:{"name":"GOMAXPROCS"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"GOMEMLIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"KUBECONFIG"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_CERT_PROVIDER"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_ALPHA_GATEWAY_API"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_ANALYSIS"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_CA_CERT_ONLY"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_COPY_LABELS_ANNOTATIONS"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_GATEWAYCLASS_CONTROLLER"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_ENABLE_GATEWAY_API_STATUS"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_GATEWAY_API_CONTROLLER_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_GATEWAY_API_DEFAULT_GATEWAYCLASS_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_MULTI_NETWORK_DISCOVER_GATEWAY_API"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_TRACE_SAMPLING"}: .: {} f:name: {} f:value: {} k:{"name":"PLATFORM"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"REVISION"}: .: {} f:name: {} f:value: {} k:{"name":"SERVICE_ACCOUNT"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15010,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15012,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15014,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15017,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cacerts"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/istio-dns"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/istiod/ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/istiod/tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/remote"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/tokens"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cacerts"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"istio-csr-ca-configmap"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"istio-csr-dns-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"istio-kubeconfig"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"istio-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"local-certs"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-17T17:16:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-17T17:16:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.38"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-17T17:16:17Z" name: istiod-openshift-gateway-55ff986f96-gsx6s namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: istiod-openshift-gateway-55ff986f96 uid: 8a430602-38d5-4f77-9d64-0fa2b2e2a6ed resourceVersion: "16447" uid: e161db9b-4d23-41e2-9c33-155fcf18d401 spec: containers: - args: - discovery - --monitoringAddr=:15014 - --log_output_level=default:info - --domain - cluster.local - --keepaliveMaxServerConnectionAge - 30m env: - name: REVISION value: openshift-gateway - name: PILOT_CERT_PROVIDER value: istiod - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: KUBECONFIG value: /var/run/secrets/remote/config - name: CA_TRUSTED_NODE_ACCOUNTS value: kube-system/ztunnel - name: ENABLE_GATEWAY_API_INFERENCE_EXTENSION value: "true" - name: ENABLE_GATEWAY_API_MANUAL_DEPLOYMENT value: "false" - name: PILOT_ENABLE_ALPHA_GATEWAY_API value: "false" - name: PILOT_ENABLE_GATEWAY_API value: "true" - name: PILOT_ENABLE_GATEWAY_API_CA_CERT_ONLY value: "true" - name: PILOT_ENABLE_GATEWAY_API_COPY_LABELS_ANNOTATIONS value: "false" - name: PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER value: "true" - name: PILOT_ENABLE_GATEWAY_API_GATEWAYCLASS_CONTROLLER value: "false" - name: PILOT_ENABLE_GATEWAY_API_STATUS value: "true" - name: PILOT_GATEWAY_API_CONTROLLER_NAME value: openshift.io/gateway-controller/v1 - name: PILOT_GATEWAY_API_DEFAULT_GATEWAYCLASS_NAME value: openshift-default - name: PILOT_MULTI_NETWORK_DISCOVER_GATEWAY_API value: "false" - name: PILOT_TRACE_SAMPLING value: "1" - name: PILOT_ENABLE_ANALYSIS value: "false" - name: CLUSTER_ID value: Kubernetes - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: "1" resource: limits.memory - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: "1" resource: limits.cpu - name: PLATFORM value: openshift image: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:028e10651db0d1ddb769a27c9483c6d41be6ac597f253afd9d599f395d9c82d8 imagePullPolicy: IfNotPresent name: discovery ports: - containerPort: 8080 name: http-debug protocol: TCP - containerPort: 15010 name: grpc-xds protocol: TCP - containerPort: 15012 name: tls-xds protocol: TCP - containerPort: 15017 name: https-webhooks protocol: TCP - containerPort: 15014 name: http-monitoring protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: 8080 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 3 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 500m memory: 2Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000320000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/tokens name: istio-token readOnly: true - mountPath: /var/run/secrets/istio-dns name: local-certs - mountPath: /etc/cacerts name: cacerts readOnly: true - mountPath: /var/run/secrets/remote name: istio-kubeconfig readOnly: true - mountPath: /var/run/secrets/istiod/tls name: istio-csr-dns-cert readOnly: true - mountPath: /var/run/secrets/istiod/ca name: istio-csr-ca-configmap readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-cm2zx readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: istiod-openshift-gateway-dockercfg-scpb4 nodeName: ip-10-0-138-224.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault serviceAccount: istiod-openshift-gateway serviceAccountName: istiod-openshift-gateway terminationGracePeriodSeconds: 30 tolerations: - key: cni.istio.io/not-ready operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: medium: Memory name: local-certs - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - name: cacerts secret: defaultMode: 420 optional: true secretName: cacerts - name: istio-kubeconfig secret: defaultMode: 420 optional: true secretName: istio-kubeconfig - name: istio-csr-dns-cert secret: defaultMode: 420 optional: true secretName: istiod-tls - configMap: defaultMode: 420 name: istio-ca-root-cert optional: true name: istio-csr-ca-configmap - name: kube-api-access-cm2zx projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:16Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:12Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:17Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:17Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-17T17:16:12Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 500m memory: 2Gi containerID: cri-o://e024e5d632961effb9042a62255e1930415def6861cdbf21f892d28ffba0042f image: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:028e10651db0d1ddb769a27c9483c6d41be6ac597f253afd9d599f395d9c82d8 imageID: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:028e10651db0d1ddb769a27c9483c6d41be6ac597f253afd9d599f395d9c82d8 lastState: {} name: discovery ready: true resources: requests: cpu: 500m memory: 2Gi restartCount: 0 started: true state: running: startedAt: "2026-04-17T17:16:16Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000320000 uid: 1000320000 volumeMounts: - mountPath: /var/run/secrets/tokens name: istio-token readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/istio-dns name: local-certs - mountPath: /etc/cacerts name: cacerts readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/remote name: istio-kubeconfig readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/istiod/tls name: istio-csr-dns-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/istiod/ca name: istio-csr-ca-configmap readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-cm2zx readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.138.224 hostIPs: - ip: 10.0.138.224 phase: Running podIP: 10.134.0.38 podIPs: - ip: 10.134.0.38 qosClass: Burstable startTime: "2026-04-17T17:16:12Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.29/23"],"mac_address":"0a:58:0a:85:00:1d","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.29/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.29" ], "mac": "0a:58:0a:85:00:1d", "default": true, "dns": {} }] opendatahub.io/secret-hash: e6f3da0a956b15df967bf0cc6bd6ff6cd2d71d6a750a4fac5195f04941ea813f openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-17T17:15:28Z" generateName: kube-auth-proxy-db5457dbf- generation: 1 labels: app: kube-auth-proxy app.kubernetes.io/component: authentication pod-template-hash: db5457dbf managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-132-98 operation: Update subresource: status time: "2026-04-17T17:15:28Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:opendatahub.io/secret-hash: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/component: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"12faba6c-7bd6-4cbb-960a-b1b48f70c1f4"}: {} f:spec: f:containers: k:{"name":"kube-auth-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"OAUTH2_PROXY_CLIENT_ID"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_CLIENT_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_COOKIE_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"PROXY_MODE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":4180,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9000,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:limits: .: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tmp"}: .: {} f:emptyDir: .: {} f:medium: {} f:sizeLimit: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-17T17:15:28Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-17T17:15:28Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.29"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-17T17:15:32Z" name: kube-auth-proxy-db5457dbf-85xkn namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-auth-proxy-db5457dbf uid: 12faba6c-7bd6-4cbb-960a-b1b48f70c1f4 resourceVersion: "14709" uid: 808fa94c-d3e1-4c23-8e61-3597a88a1144 spec: containers: - args: - --http-address=0.0.0.0:4180 - --https-address=0.0.0.0:8443 - --metrics-address=0.0.0.0:9000 - --email-domain=* - --upstream=static://200 - --skip-provider-button - --skip-jwt-bearer-tokens=true - --pass-access-token=true - --set-xauthrequest=true - --enable-k8s-token-validation=true - --redirect-url=https://rh-ai.apps.2713f907-922c-4d75-adb8-848ee30b63de.prod.konfluxeaas.com/oauth2/callback - --tls-cert-file=/etc/tls/private/tls.crt - --tls-key-file=/etc/tls/private/tls.key - --use-system-trust-store=true - --cookie-expire=24h0m0s - --cookie-refresh=1h0m0s - --cookie-secure=true - --cookie-httponly=true - --cookie-samesite=lax - --cookie-name=_oauth2_proxy - --cookie-domain=rh-ai.apps.2713f907-922c-4d75-adb8-848ee30b63de.prod.konfluxeaas.com - --provider=openshift - --ssl-insecure-skip-verify=false - --scope=user:full env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_ID name: kube-auth-proxy-creds - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_SECRET name: kube-auth-proxy-creds - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_COOKIE_SECRET name: kube-auth-proxy-creds - name: PROXY_MODE value: auth image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imagePullPolicy: IfNotPresent name: kube-auth-proxy ports: - containerPort: 4180 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 9000 name: metrics protocol: TCP resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 1000320000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qm9vt readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-auth-proxy-dockercfg-kp745 nodeName: ip-10-0-132-98.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 runAsNonRoot: true seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault serviceAccount: kube-auth-proxy serviceAccountName: kube-auth-proxy terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certs secret: defaultMode: 420 secretName: kube-auth-proxy-tls - emptyDir: medium: Memory sizeLimit: 10Mi name: tmp - name: kube-api-access-qm9vt projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:32Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:28Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:32Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:32Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:28Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 500m memory: 128Mi containerID: cri-o://c555752a3f618685b645d31e2b4beb9e92405fe2c1f9853336606df6496edf3d image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imageID: quay.io/opendatahub/odh-kube-auth-proxy@sha256:67f3167118ee495b68cf87988f404ef41beeca2a1bba3cbd10790736689b49f7 lastState: {} name: kube-auth-proxy ready: true resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-17T17:15:31Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000320000 uid: 1000320000 volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qm9vt readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.132.98 hostIPs: - ip: 10.0.132.98 phase: Running podIP: 10.133.0.29 podIPs: - ip: 10.133.0.29 qosClass: Burstable startTime: "2026-04-17T17:15:28Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.33/23"],"mac_address":"0a:58:0a:86:00:21","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.33/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.33" ], "mac": "0a:58:0a:86:00:21", "default": true, "dns": {} }] opendatahub.io/secret-hash: e6f3da0a956b15df967bf0cc6bd6ff6cd2d71d6a750a4fac5195f04941ea813f openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-17T17:15:28Z" generateName: kube-auth-proxy-db5457dbf- generation: 1 labels: app: kube-auth-proxy app.kubernetes.io/component: authentication pod-template-hash: db5457dbf managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-138-224 operation: Update subresource: status time: "2026-04-17T17:15:28Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:opendatahub.io/secret-hash: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/component: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"12faba6c-7bd6-4cbb-960a-b1b48f70c1f4"}: {} f:spec: f:containers: k:{"name":"kube-auth-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"OAUTH2_PROXY_CLIENT_ID"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_CLIENT_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"OAUTH2_PROXY_COOKIE_SECRET"}: .: {} f:name: {} f:valueFrom: .: {} f:secretKeyRef: {} k:{"name":"PROXY_MODE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":4180,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9000,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:limits: .: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tmp"}: .: {} f:emptyDir: .: {} f:medium: {} f:sizeLimit: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-17T17:15:28Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-17T17:15:28Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.33"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-17T17:15:32Z" name: kube-auth-proxy-db5457dbf-xgnb5 namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-auth-proxy-db5457dbf uid: 12faba6c-7bd6-4cbb-960a-b1b48f70c1f4 resourceVersion: "14719" uid: 7190378e-cdc3-4581-b7a0-d93b9cd31af8 spec: containers: - args: - --http-address=0.0.0.0:4180 - --https-address=0.0.0.0:8443 - --metrics-address=0.0.0.0:9000 - --email-domain=* - --upstream=static://200 - --skip-provider-button - --skip-jwt-bearer-tokens=true - --pass-access-token=true - --set-xauthrequest=true - --enable-k8s-token-validation=true - --redirect-url=https://rh-ai.apps.2713f907-922c-4d75-adb8-848ee30b63de.prod.konfluxeaas.com/oauth2/callback - --tls-cert-file=/etc/tls/private/tls.crt - --tls-key-file=/etc/tls/private/tls.key - --use-system-trust-store=true - --cookie-expire=24h0m0s - --cookie-refresh=1h0m0s - --cookie-secure=true - --cookie-httponly=true - --cookie-samesite=lax - --cookie-name=_oauth2_proxy - --cookie-domain=rh-ai.apps.2713f907-922c-4d75-adb8-848ee30b63de.prod.konfluxeaas.com - --provider=openshift - --ssl-insecure-skip-verify=false - --scope=user:full env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_ID name: kube-auth-proxy-creds - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_CLIENT_SECRET name: kube-auth-proxy-creds - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: key: OAUTH2_PROXY_COOKIE_SECRET name: kube-auth-proxy-creds - name: PROXY_MODE value: auth image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imagePullPolicy: IfNotPresent name: kube-auth-proxy ports: - containerPort: 4180 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 9000 name: metrics protocol: TCP resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 1000320000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-p27w5 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-auth-proxy-dockercfg-kp745 nodeName: ip-10-0-138-224.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 runAsNonRoot: true seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault serviceAccount: kube-auth-proxy serviceAccountName: kube-auth-proxy terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certs secret: defaultMode: 420 secretName: kube-auth-proxy-tls - emptyDir: medium: Memory sizeLimit: 10Mi name: tmp - name: kube-api-access-p27w5 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:32Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:28Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:32Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:32Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-17T17:15:28Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 500m memory: 128Mi containerID: cri-o://125462bb7d010f18ab31f5dab1a665b213d562ee2382058005fd83f1bf15f811 image: quay.io/opendatahub/odh-kube-auth-proxy:v3.4-ea.1 imageID: quay.io/opendatahub/odh-kube-auth-proxy@sha256:67f3167118ee495b68cf87988f404ef41beeca2a1bba3cbd10790736689b49f7 lastState: {} name: kube-auth-proxy ready: true resources: limits: memory: 128Mi requests: cpu: 500m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-17T17:15:32Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000320000 uid: 1000320000 volumeMounts: - mountPath: /etc/tls/private name: tls-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /tmp name: tmp - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-p27w5 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.138.224 hostIPs: - ip: 10.0.138.224 phase: Running podIP: 10.134.0.33 podIPs: - ip: 10.134.0.33 qosClass: Burstable startTime: "2026-04-17T17:15:28Z" - apiVersion: v1 kind: Pod metadata: annotations: istio.io/rev: openshift-gateway k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.21/23"],"mac_address":"0a:58:0a:84:00:15","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.21/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.21" ], "mac": "0a:58:0a:84:00:15", "default": true, "dns": {} }] openshift.io/scc: restricted-v2 prometheus.io/path: /stats/prometheus prometheus.io/port: "15020" prometheus.io/scrape: "true" seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-04-17T17:17:50Z" generateName: maas-default-gateway-openshift-default-845c6b4b48- generation: 1 labels: gateway.istio.io/managed: istio.io-gateway-controller gateway.networking.k8s.io/gateway-name: maas-default-gateway pod-template-hash: 845c6b4b48 service.istio.io/canonical-name: maas-default-gateway-openshift-default service.istio.io/canonical-revision: latest sidecar.istio.io/inject: "false" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-134-244 operation: Update subresource: status time: "2026-04-17T17:17:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:istio.io/rev: {} f:prometheus.io/path: {} f:prometheus.io/port: {} f:prometheus.io/scrape: {} f:generateName: {} f:labels: .: {} f:gateway.istio.io/managed: {} f:gateway.networking.k8s.io/gateway-name: {} f:pod-template-hash: {} f:service.istio.io/canonical-name: {} f:service.istio.io/canonical-revision: {} f:sidecar.istio.io/inject: {} f:ownerReferences: .: {} k:{"uid":"667b9fa4-50bd-4eb5-9df9-6d6c723d6cbb"}: {} f:spec: f:containers: k:{"name":"istio-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"CA_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"GOMAXPROCS"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"GOMEMLIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"HOST_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"INSTANCE_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_CPU_LIMIT"}: .: {} f:name: {} f:valueFrom: .: {} f:resourceFieldRef: {} k:{"name":"ISTIO_META_APP_CONTAINERS"}: .: {} f:name: {} k:{"name":"ISTIO_META_CLUSTER_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_INTERCEPTION_MODE"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_MESH_ID"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_NODE_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"ISTIO_META_OWNER"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_POD_PORTS"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_META_WORKLOAD_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"PILOT_CERT_PROVIDER"}: .: {} f:name: {} f:value: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"POD_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"PROXY_CONFIG"}: .: {} f:name: {} f:value: {} k:{"name":"SERVICE_ACCOUNT"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"TRUST_DOMAIN"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":15020,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15021,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":15090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:privileged: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/istio/pod"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/istio/proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/istio/data"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/credential-uds"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/istio"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/tokens"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-credentials"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/workload-spiffe-uds"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:sysctls: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"credential-socket"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-data"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"istio-envoy"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"istio-podinfo"}: .: {} f:downwardAPI: .: {} f:defaultMode: {} f:items: {} f:name: {} k:{"name":"istio-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"istiod-ca-cert"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"workload-certs"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"workload-socket"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-17T17:17:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-17T17:17:50Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.21"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-17T17:17:52Z" name: maas-default-gateway-openshift-default-845c6b4b48-65pp9 namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: maas-default-gateway-openshift-default-845c6b4b48 uid: 667b9fa4-50bd-4eb5-9df9-6d6c723d6cbb resourceVersion: "21062" uid: e07126fb-0a4d-4f34-9ab0-5c2c5aa8352d spec: containers: - args: - proxy - router - --domain - $(POD_NAMESPACE).svc.cluster.local - --proxyLogLevel - warning - --proxyComponentLogLevel - misc:error - --log_output_level - default:info env: - name: PILOT_CERT_PROVIDER value: istiod - name: CA_ADDR value: istiod-openshift-gateway.openshift-ingress.svc:15012 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: ISTIO_CPU_LIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: PROXY_CONFIG value: | {"discoveryAddress":"istiod-openshift-gateway.openshift-ingress.svc:15012","proxyHeaders":{"server":{"disabled":true},"envoyDebugHeaders":{"disabled":true},"metadataExchangeHeaders":{"mode":"IN_MESH"}}} - name: ISTIO_META_POD_PORTS value: '[]' - name: ISTIO_META_APP_CONTAINERS - name: GOMEMLIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.memory - name: GOMAXPROCS valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: ISTIO_META_CLUSTER_ID value: Kubernetes - name: ISTIO_META_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: ISTIO_META_INTERCEPTION_MODE value: REDIRECT - name: ISTIO_META_WORKLOAD_NAME value: maas-default-gateway-openshift-default - name: ISTIO_META_OWNER value: kubernetes://apis/apps/v1/namespaces/openshift-ingress/deployments/maas-default-gateway-openshift-default - name: ISTIO_META_MESH_ID value: cluster.local - name: TRUST_DOMAIN value: cluster.local image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15020 name: metrics protocol: TCP - containerPort: 15021 name: status-port protocol: TCP - containerPort: 15090 name: http-envoy-prom protocol: TCP readinessProbe: failureThreshold: 4 httpGet: path: /healthz/ready port: 15021 scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1000329999 runAsNonRoot: true runAsUser: 1000329999 startupProbe: failureThreshold: 30 httpGet: path: /healthz/ready port: 15021 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 1 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n5zlr readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: maas-default-gateway-openshift-default-dockercfg-mjqmk nodeName: ip-10-0-134-244.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 seLinuxOptions: level: s0:c18,c7 seccompProfile: type: RuntimeDefault sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0" serviceAccount: maas-default-gateway-openshift-default serviceAccountName: maas-default-gateway-openshift-default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: workload-socket - emptyDir: {} name: credential-socket - emptyDir: {} name: workload-certs - emptyDir: medium: Memory name: istio-envoy - emptyDir: {} name: istio-data - downwardAPI: defaultMode: 420 items: - fieldRef: apiVersion: v1 fieldPath: metadata.labels path: labels - fieldRef: apiVersion: v1 fieldPath: metadata.annotations path: annotations name: istio-podinfo - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - configMap: defaultMode: 420 name: istio-ca-root-cert name: istiod-ca-cert - name: kube-api-access-n5zlr projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-17T17:17:51Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-17T17:17:50Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-17T17:17:52Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-17T17:17:52Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-17T17:17:50Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 100m memory: 128Mi containerID: cri-o://057a2731562f569c37c13be691db7c3ff49aaa867b4e4cc552a146b14e419d7d image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d518f3d1539f45e1253c5c9fa22062802804601d4998cd50344e476a3cc388fe imageID: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0a86de591c0c259464e80a5c01e0c85078263846253cd50ef5ac555bcf1e4fec lastState: {} name: istio-proxy ready: true resources: limits: cpu: "2" memory: 1Gi requests: cpu: 100m memory: 128Mi restartCount: 0 started: true state: running: startedAt: "2026-04-17T17:17:50Z" user: linux: gid: 1000329999 supplementalGroups: - 1000329999 - 1000320000 uid: 1000329999 volumeMounts: - mountPath: /var/run/secrets/workload-spiffe-uds name: workload-socket - mountPath: /var/run/secrets/credential-uds name: credential-socket - mountPath: /var/run/secrets/workload-spiffe-credentials name: workload-certs - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/lib/istio/data name: istio-data - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio/pod name: istio-podinfo - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n5zlr readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.134.244 hostIPs: - ip: 10.0.134.244 phase: Running podIP: 10.132.0.21 podIPs: - ip: 10.132.0.21 qosClass: Burstable startTime: "2026-04-17T17:17:50Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.8/23"],"mac_address":"0a:58:0a:86:00:08","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.8/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.8" ], "mac": "0a:58:0a:86:00:08", "default": true, "dns": {} }] openshift.io/required-scc: restricted openshift.io/scc: restricted security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-04-17T17:09:25Z" generateName: router-default-7b86f88f8- generation: 1 labels: ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default ingresscontroller.operator.openshift.io/hash: 7bb687794c pod-template-hash: 7b86f88f8 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-138-224 operation: Update subresource: status time: "2026-04-17T17:09:25Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:ingresscontroller.operator.openshift.io/deployment-ingresscontroller: {} f:ingresscontroller.operator.openshift.io/hash: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"1691d9c7-2bd8-4821-87fe-faa8d6210277"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"router"}: .: {} f:env: .: {} k:{"name":"DEFAULT_CERTIFICATE_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"DEFAULT_DESTINATION_CA_PATH"}: .: {} f:name: {} f:value: {} k:{"name":"RELOAD_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_ALLOW_WILDCARD_ROUTES"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_CANONICAL_HOSTNAME"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_CIPHERS"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_CIPHERSUITES"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_DISABLE_HTTP2"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_DOMAIN"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_ENABLE_EXTERNAL_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_LOAD_BALANCE_ALGORITHM"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_METRICS_TLS_CERT_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_METRICS_TLS_KEY_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_METRICS_TYPE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_SERVICE_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_SERVICE_NAMESPACE"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_SET_FORWARDED_HEADERS"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_TCP_BALANCE_SCHEME"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_THREADS"}: .: {} f:name: {} f:value: {} k:{"name":"ROUTER_USE_PROXY_PROTOCOL"}: .: {} f:name: {} f:value: {} k:{"name":"SSL_MIN_VERSION"}: .: {} f:name: {} f:value: {} k:{"name":"STATS_PASSWORD_FILE"}: .: {} f:name: {} f:value: {} k:{"name":"STATS_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"STATS_USERNAME_FILE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:terminationGracePeriodSeconds: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":80,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":1936,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:readOnlyRootFilesystem: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/tls/metrics-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/pki/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/lib/haproxy/conf/metrics-auth"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/configmaps/service-ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"ScheduleAnyway"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"default-certificate"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"service-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} k:{"name":"stats-auth"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-04-17T17:09:25Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-17T17:09:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.8"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-17T17:09:59Z" name: router-default-7b86f88f8-qvj8p namespace: openshift-ingress ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: router-default-7b86f88f8 uid: 1691d9c7-2bd8-4821-87fe-faa8d6210277 resourceVersion: "7955" uid: 394bfa3f-360e-4dbb-ab25-846a90b23983 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node.openshift.io/remote-worker operator: NotIn values: - "" containers: - env: - name: DEFAULT_CERTIFICATE_DIR value: /etc/pki/tls/private - name: DEFAULT_DESTINATION_CA_PATH value: /var/run/configmaps/service-ca/service-ca.crt - name: RELOAD_INTERVAL value: 5s - name: ROUTER_ALLOW_WILDCARD_ROUTES value: "false" - name: ROUTER_CANONICAL_HOSTNAME value: router-default.apps.2713f907-922c-4d75-adb8-848ee30b63de.prod.konfluxeaas.com - name: ROUTER_CIPHERS value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - name: ROUTER_CIPHERSUITES value: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 - name: ROUTER_DISABLE_HTTP2 value: "true" - name: ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK value: "false" - name: ROUTER_DOMAIN value: apps.2713f907-922c-4d75-adb8-848ee30b63de.prod.konfluxeaas.com - name: ROUTER_ENABLE_EXTERNAL_CERTIFICATE value: "true" - name: ROUTER_LOAD_BALANCE_ALGORITHM value: random - name: ROUTER_METRICS_TLS_CERT_FILE value: /etc/pki/tls/metrics-certs/tls.crt - name: ROUTER_METRICS_TLS_KEY_FILE value: /etc/pki/tls/metrics-certs/tls.key - name: ROUTER_METRICS_TYPE value: haproxy - name: ROUTER_SERVICE_NAME value: default - name: ROUTER_SERVICE_NAMESPACE value: openshift-ingress - name: ROUTER_SET_FORWARDED_HEADERS value: append - name: ROUTER_TCP_BALANCE_SCHEME value: source - name: ROUTER_THREADS value: "4" - name: ROUTER_USE_PROXY_PROTOCOL value: "true" - name: SSL_MIN_VERSION value: TLSv1.2 - name: STATS_PASSWORD_FILE value: /var/lib/haproxy/conf/metrics-auth/statsPassword - name: STATS_PORT value: "1936" - name: STATS_USERNAME_FILE value: /var/lib/haproxy/conf/metrics-auth/statsUsername image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:294af5c64228434d1ed6ee8ea3ac802e3c999aa847223e3b2efa18425a9fe421 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 1936 scheme: HTTP periodSeconds: 10 successThreshold: 1 terminationGracePeriodSeconds: 10 timeoutSeconds: 1 name: router ports: - containerPort: 80 name: http protocol: TCP - containerPort: 443 name: https protocol: TCP - containerPort: 1936 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz/ready port: 1936 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 100m memory: 256Mi securityContext: allowPrivilegeEscalation: true capabilities: drop: - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000320000 startupProbe: failureThreshold: 120 httpGet: path: /healthz/ready port: 1936 scheme: HTTP periodSeconds: 1 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/pki/tls/private name: default-certificate readOnly: true - mountPath: /var/run/configmaps/service-ca name: service-ca-bundle readOnly: true - mountPath: /var/lib/haproxy/conf/metrics-auth name: stats-auth readOnly: true - mountPath: /etc/pki/tls/metrics-certs name: metrics-certs readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s48tn readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: router-dockercfg-gpprd nodeName: ip-10-0-138-224.ec2.internal nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/worker: "" preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000320000 seLinuxOptions: level: s0:c18,c7 serviceAccount: router serviceAccountName: router terminationGracePeriodSeconds: 3600 tolerations: - effect: NoExecute key: kubernetes.io/e2e-evict-taint-key operator: Equal value: evictTaintVal - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists topologySpreadConstraints: - labelSelector: matchExpressions: - key: ingresscontroller.operator.openshift.io/hash operator: In values: - 7bb687794c maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway volumes: - name: default-certificate secret: defaultMode: 420 secretName: default-ingress-cert - configMap: defaultMode: 420 items: - key: service-ca.crt path: service-ca.crt name: service-ca-bundle optional: false name: service-ca-bundle - name: stats-auth secret: defaultMode: 420 secretName: router-stats-default - name: metrics-certs secret: defaultMode: 420 secretName: router-metrics-certs-default - name: kube-api-access-s48tn projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-17T17:09:58Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-17T17:09:25Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-17T17:09:59Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-17T17:09:59Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-17T17:09:25Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 100m memory: 256Mi containerID: cri-o://45fdb8f3e5112170328536ce1142c611e792d71db87ccb9f43531448c62dca1a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:294af5c64228434d1ed6ee8ea3ac802e3c999aa847223e3b2efa18425a9fe421 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:294af5c64228434d1ed6ee8ea3ac802e3c999aa847223e3b2efa18425a9fe421 lastState: {} name: router ready: true resources: requests: cpu: 100m memory: 256Mi restartCount: 0 started: true state: running: startedAt: "2026-04-17T17:09:57Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000320000 uid: 1000320000 volumeMounts: - mountPath: /etc/pki/tls/private name: default-certificate readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/configmaps/service-ca name: service-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/lib/haproxy/conf/metrics-auth name: stats-auth readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/tls/metrics-certs name: metrics-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-s48tn readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.138.224 hostIPs: - ip: 10.0.138.224 phase: Running podIP: 10.134.0.8 podIPs: - ip: 10.134.0.8 qosClass: Burstable startTime: "2026-04-17T17:09:25Z" kind: PodList metadata: resourceVersion: "46180"