--- apiVersion: v1 kind: Pod metadata: annotations: alm-examples: |- [ { "apiVersion": "extensions.kuadrant.io/v1alpha1", "kind": "OIDCPolicy", "metadata": { "name": "oidcpolicy-sample" }, "spec": { "provider": { "cliendID": "exampleID", "issuerURL": "https://idp.example.org/" }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "HTTPRoute", "name": "example-route" } } }, { "apiVersion": "extensions.kuadrant.io/v1alpha1", "kind": "PlanPolicy", "metadata": { "labels": { "app.kubernetes.io/created-by": "kuadrant-operator", "app.kubernetes.io/instance": "planpolicy-sample", "app.kubernetes.io/managed-by": "kustomize", "app.kubernetes.io/name": "planpolicy", "app.kubernetes.io/part-of": "kuadrant-operator" }, "name": "planpolicy-sample" }, "spec": { "plans": [ { "limits": { "daily": 5 }, "predicate": "has(auth.identity) \u0026\u0026 auth.identity.metadata.annotations[\"secret.kuadrant.io/plan-id\"] == \"gold\"\n", "tier": "gold" }, { "limits": { "daily": 2 }, "predicate": "has(auth.identity) \u0026\u0026 auth.identity.metadata.annotations[\"secret.kuadrant.io/plan-id\"] == \"silver\"\n", "tier": "silver" }, { "limits": { "daily": 1 }, "predicate": "has(auth.identity) \u0026\u0026 auth.identity.metadata.annotations[\"secret.kuadrant.io/plan-id\"] == \"bronze\"\n", "tier": "bronze" } ], "targetRef": { "group": "gateway.networking.k8s.io", "kind": "HTTPRoute", "name": "example-route" } } }, { "apiVersion": "kuadrant.io/v1", "kind": "AuthPolicy", "metadata": { "name": "authpolicy-sample" }, "spec": { "rules": { "authentication": { "apikey": { "apiKey": { "selector": {} }, "credentials": { "authorizationHeader": { "prefix": "APIKEY" } } } } }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "HTTPRoute", "name": "toystore" } } }, { "apiVersion": "kuadrant.io/v1", "kind": "DNSPolicy", "metadata": { "name": "dnspolicy-sample" }, "spec": { "healthCheck": { "protocol": "HTTP" }, "providerRefs": [ { "name": "provider-ref" } ], "targetRef": { "group": "gateway.networking.k8s.io", "kind": "Gateway", "name": "example-gateway" } } }, { "apiVersion": "kuadrant.io/v1", "kind": "RateLimitPolicy", "metadata": { "name": "ratelimitpolicy-sample" }, "spec": { "limits": { "toys": { "rates": [ { "limit": 50, "window": "1m" } ] } }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "HTTPRoute", "name": "toystore" } } }, { "apiVersion": "kuadrant.io/v1", "kind": "TLSPolicy", "metadata": { "name": "tlspolicy-sample" }, "spec": { "issuerRef": { "group": "cert-manager.io", "kind": "ClusterIssuer", "name": "self-signed-ca" }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "Gateway", "name": "example-gateway" } } }, { "apiVersion": "kuadrant.io/v1alpha1", "kind": "TokenRateLimitPolicy", "metadata": { "name": "token-limit-free", "namespace": "gateway-system" }, "spec": { "limits": { "free": { "counters": [ { "expression": "auth.identity.userid" } ], "rates": [ { "limit": 20000, "window": "1d" } ], "when": [ { "predicate": "request.auth.claims[\"kuadrant.io/groups\"].split(\",\").exists(g, g == \"free\")" } ] }, "gold": { "counters": [ { "expression": "auth.identity.userid" } ], "rates": [ { "limit": 200000, "window": "1d" } ], "when": [ { "predicate": "request.auth.claims[\"kuadrant.io/groups\"].split(\",\").exists(g, g == \"gold\")" } ] } }, "targetRef": { "group": "gateway.networking.k8s.io", "kind": "Gateway", "name": "my-llm-gateway" } } }, { "apiVersion": "kuadrant.io/v1beta1", "kind": "Kuadrant", "metadata": { "name": "kuadrant-sample" }, "spec": {} } ] capabilities: Basic Install categories: Integration & Delivery console.openshift.io/plugins: '["kuadrant-console-plugin"]' containerImage: quay.io/kuadrant/kuadrant-operator:v1.4.2 createdAt: "2026-03-11T10:58:28Z" description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.39/23"],"mac_address":"0a:58:0a:85:00:27","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.39/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.39" ], "mac": "0a:58:0a:85:00:27", "default": true, "dns": {} }] olm.operatorGroup: kuadrant-operator-group olm.operatorNamespace: kuadrant-system olm.targetNamespaces: "" openshift.io/scc: restricted-v2 operatorframework.io/properties: '{"properties":[{"type":"olm.gvk","value":{"group":"devportal.kuadrant.io","kind":"APIKey","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"devportal.kuadrant.io","kind":"APIProduct","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"extensions.kuadrant.io","kind":"OIDCPolicy","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"extensions.kuadrant.io","kind":"PlanPolicy","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"extensions.kuadrant.io","kind":"TelemetryPolicy","version":"v1alpha1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"AuthPolicy","version":"v1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"DNSPolicy","version":"v1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"Kuadrant","version":"v1beta1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"RateLimitPolicy","version":"v1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"TLSPolicy","version":"v1"}},{"type":"olm.gvk","value":{"group":"kuadrant.io","kind":"TokenRateLimitPolicy","version":"v1alpha1"}},{"type":"olm.package","value":{"packageName":"kuadrant-operator","version":"1.4.2"}},{"type":"olm.package.required","value":{"packageName":"authorino-operator","versionRange":"0.23.1"}},{"type":"olm.package.required","value":{"packageName":"dns-operator","versionRange":"0.16.0"}},{"type":"olm.package.required","value":{"packageName":"limitador-operator","versionRange":"0.17.1"}},{"type":"olm.package.required","value":{"packageName":"authorino-operator","versionRange":"0.23.1"}},{"type":"olm.package.required","value":{"packageName":"dns-operator","versionRange":"0.16.0"}},{"type":"olm.package.required","value":{"packageName":"limitador-operator","versionRange":"0.17.1"}}]}' operators.operatorframework.io/builder: operator-sdk-v1.33.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 repository: https://github.com/Kuadrant/kuadrant-operator seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user support: kuadrant creationTimestamp: "2026-04-20T08:16:44Z" generateName: kuadrant-operator-controller-manager-55c7f4c975- generation: 1 labels: app: kuadrant control-plane: controller-manager pod-template-hash: 55c7f4c975 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-138-4 operation: Update subresource: status time: "2026-04-20T08:16:44Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:alm-examples: {} f:capabilities: {} f:categories: {} f:console.openshift.io/plugins: {} f:containerImage: {} f:createdAt: {} f:description: {} f:olm.operatorGroup: {} f:olm.operatorNamespace: {} f:olm.targetNamespaces: {} f:operatorframework.io/properties: {} f:operators.operatorframework.io/builder: {} f:operators.operatorframework.io/project_layout: {} f:repository: {} f:support: {} f:generateName: {} f:labels: .: {} f:app: {} f:control-plane: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"27dd1d18-c6fc-4990-92d2-88dc3d42e6d3"}: {} f:spec: f:containers: k:{"name":"manager"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"EXTENSIONS_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"ISTIO_GATEWAY_CONTROLLER_NAMES"}: .: {} f:name: {} f:value: {} k:{"name":"OPERATOR_CONDITION_NAME"}: .: {} f:name: {} f:value: {} k:{"name":"OPERATOR_NAMESPACE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RATELIMIT_CHECK_SERVICE_FAILURE_MODE"}: .: {} f:name: {} f:value: {} k:{"name":"RATELIMIT_REPORT_SERVICE_FAILURE_MODE"}: .: {} f:name: {} f:value: {} k:{"name":"RELATED_IMAGE_CONSOLE_PLUGIN_LATEST"}: .: {} f:name: {} f:value: {} k:{"name":"RELATED_IMAGE_CONSOLE_PLUGIN_PF5"}: .: {} f:name: {} f:value: {} k:{"name":"RELATED_IMAGE_DEVELOPERPORTAL"}: .: {} f:name: {} f:value: {} k:{"name":"RELATED_IMAGE_WASMSHIM"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:limits: .: {} f:cpu: {} f:memory: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/tmp/kuadrant"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"extensions-socket-volume"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-20T08:16:44Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-04-20T08:16:44Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.39"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-20T08:16:56Z" name: kuadrant-operator-controller-manager-55c7f4c975-cfgmz namespace: kuadrant-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kuadrant-operator-controller-manager-55c7f4c975 uid: 27dd1d18-c6fc-4990-92d2-88dc3d42e6d3 resourceVersion: "36829" uid: 83ea1103-0f43-450e-adb8-5bb334fdac0f spec: containers: - args: - --leader-elect command: - /manager env: - name: EXTENSIONS_DIR value: /extensions - name: RELATED_IMAGE_WASMSHIM value: quay.io/kuadrant/wasm-shim:v0.12.1 - name: RELATED_IMAGE_DEVELOPERPORTAL value: quay.io/kuadrant/developer-portal-controller:v0.1.0 - name: RELATED_IMAGE_CONSOLE_PLUGIN_LATEST value: quay.io/kuadrant/console-plugin:v0.3.4 - name: RELATED_IMAGE_CONSOLE_PLUGIN_PF5 value: quay.io/kuadrant/console-plugin:v0.1.5 - name: OPERATOR_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: ISTIO_GATEWAY_CONTROLLER_NAMES value: istio.io/gateway-controller,openshift.io/gateway-controller/v1 - name: RATELIMIT_CHECK_SERVICE_FAILURE_MODE value: deny - name: RATELIMIT_REPORT_SERVICE_FAILURE_MODE value: deny - name: OPERATOR_CONDITION_NAME value: kuadrant-operator.v1.4.2 image: quay.io/kuadrant/kuadrant-operator:v1.4.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 8081 scheme: HTTP initialDelaySeconds: 15 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 name: manager ports: - containerPort: 8080 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: 8081 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 200m memory: 300Mi requests: cpu: 200m memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsUser: 1000680000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp/kuadrant name: extensions-socket-volume - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-sd56g readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kuadrant-operator-controller-manager-dockercfg-6dggc nodeName: ip-10-0-138-4.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000680000 runAsNonRoot: true seLinuxOptions: level: s0:c26,c15 seccompProfile: type: RuntimeDefault serviceAccount: kuadrant-operator-controller-manager serviceAccountName: kuadrant-operator-controller-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: extensions-socket-volume - name: kube-api-access-sd56g projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-20T08:16:45Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-20T08:16:44Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-20T08:16:56Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-20T08:16:56Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-20T08:16:44Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 200m memory: 200Mi containerID: cri-o://eb570ced3ca7b1b93df386e106fdc328dd9704a21d27b5b53ae16c15f741cdf7 image: quay.io/kuadrant/kuadrant-operator:v1.4.2 imageID: quay.io/kuadrant/kuadrant-operator@sha256:0ad6673d1a66a99ce9881d4f50b51e1f98b477a019a8efe7187a73396d773e58 lastState: {} name: manager ready: true resources: limits: cpu: 200m memory: 300Mi requests: cpu: 200m memory: 200Mi restartCount: 0 started: true state: running: startedAt: "2026-04-20T08:16:44Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000680000 uid: 1000680000 volumeMounts: - mountPath: /tmp/kuadrant name: extensions-socket-volume - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-sd56g readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.138.4 hostIPs: - ip: 10.0.138.4 phase: Running podIP: 10.133.0.39 podIPs: - ip: 10.133.0.39 qosClass: Burstable startTime: "2026-04-20T08:16:44Z"