--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.18/23"],"mac_address":"0a:58:0a:84:00:12","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.18/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.18" ], "mac": "0a:58:0a:84:00:12", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: alertmanager openshift.io/required-scc: nonroot openshift.io/scc: nonroot security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T11:18:30Z" generateName: alertmanager-main- generation: 1 labels: alertmanager: main app.kubernetes.io/component: alert-router app.kubernetes.io/instance: main app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.29.0 apps.kubernetes.io/pod-index: "0" controller-revision-hash: alertmanager-main-6d79484b48 statefulset.kubernetes.io/pod-name: alertmanager-main-0 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-139-125 operation: Update subresource: status time: "2026-06-05T11:18:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:alertmanager: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:apps.kubernetes.io/pod-index: {} f:controller-revision-hash: {} f:statefulset.kubernetes.io/pod-name: {} f:ownerReferences: .: {} k:{"uid":"614309b9-6bfa-4737-ac5d-7a9d171c42c8"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"alertmanager"}: .: {} f:args: {} f:env: .: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":9094,"protocol":"UDP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/alertmanager"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metric"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9097,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9095,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostname: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/alertmanager/config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/secrets/alertmanager-main-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/alertmanager/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:subdomain: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"alertmanager-main-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"alertmanager-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"cluster-tls-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"config-volume"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-alertmanager-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-metric"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-alertmanager-main-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:18:30Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:18:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.18"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:18:32Z" name: alertmanager-main-0 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: alertmanager-main uid: 614309b9-6bfa-4737-ac5d-7a9d171c42c8 resourceVersion: "11375" uid: d7161a7c-edf9-46d9-a4f0-2607040f6af7 spec: automountServiceAccountToken: true containers: - args: - --config.file=/etc/alertmanager/config_out/alertmanager.env.yaml - --storage.path=/alertmanager - --data.retention=120h - --cluster.listen-address= - --web.listen-address=127.0.0.1:9093 - --web.external-url=https://console-openshift-console.apps.49882161-53e7-4b61-bb4d-2b36a80f5475.prod.konfluxeaas.com/monitoring - --web.route-prefix=/ - --cluster.label=openshift-monitoring/main - --cluster.peer=alertmanager-main-0.alertmanager-operated:9094 - --cluster.reconnect-timeout=5m - --web.config.file=/etc/alertmanager/web_config/web-config.yaml env: - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 imagePullPolicy: IfNotPresent name: alertmanager ports: - containerPort: 9094 name: mesh-tcp protocol: TCP - containerPort: 9094 name: mesh-udp protocol: UDP resources: requests: cpu: 4m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume - mountPath: /etc/alertmanager/config_out name: config-out readOnly: true - mountPath: /etc/alertmanager/certs name: tls-assets readOnly: true - mountPath: /alertmanager name: alertmanager-main-db - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/pki/ca-trust/extracted/pem/ name: alertmanager-trusted-ca-bundle - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml name: cluster-tls-config readOnly: true subPath: cluster-tls-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true - args: - --listen-address=localhost:8080 - --web-config-file=/etc/alertmanager/web_config/web-config.yaml - --reload-url=http://localhost:9093/-/reload - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true - args: - --secure-listen-address=0.0.0.0:9095 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9095 name: web protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9096 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy - mountPath: /etc/tls/private name: secret-alertmanager-main-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true - args: - --secure-listen-address=0.0.0.0:9097 - --upstream=http://127.0.0.1:9093 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metric ports: - containerPort: 9097 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true - args: - --insecure-listen-address=127.0.0.1:9096 - --upstream=http://127.0.0.1:9093 - --label=namespace - --error-on-replace image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 20Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: alertmanager-main-0 imagePullSecrets: - name: alertmanager-main-dockercfg-gpx57 initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml - --watched-dir=/etc/alertmanager/config - --watched-dir=/etc/alertmanager/secrets/alertmanager-main-tls - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric - --watched-dir=/etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "-1" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-init protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true nodeName: ip-10-0-139-125.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c21,c15 serviceAccount: alertmanager-main serviceAccountName: alertmanager-main subdomain: alertmanager-operated terminationGracePeriodSeconds: 120 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: config-volume secret: defaultMode: 420 secretName: alertmanager-main-generated - name: tls-assets projected: defaultMode: 420 sources: - secret: name: alertmanager-main-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-alertmanager-main-tls secret: defaultMode: 420 secretName: alertmanager-main-tls - name: secret-alertmanager-kube-rbac-proxy secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy - name: secret-alertmanager-kube-rbac-proxy-metric secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-metric - name: secret-alertmanager-kube-rbac-proxy-web secret: defaultMode: 420 secretName: alertmanager-kube-rbac-proxy-web - name: web-config secret: defaultMode: 420 secretName: alertmanager-main-web-config - name: cluster-tls-config secret: defaultMode: 420 secretName: alertmanager-main-cluster-tls-config - emptyDir: {} name: alertmanager-main-db - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: alertmanager-trusted-ca-bundle name: alertmanager-trusted-ca-bundle - name: kube-api-access-2hhk9 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:31Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:31Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:32Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:32Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:30Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 4m memory: 40Mi containerID: cri-o://ad1c1c64329905a8d3d3770d1f23d2a96891260b04df36433af26caee3834b26 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 lastState: {} name: alertmanager ready: true resources: requests: cpu: 4m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume - mountPath: /etc/alertmanager/config_out name: config-out readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/certs name: tls-assets readOnly: true recursiveReadOnly: Disabled - mountPath: /alertmanager name: alertmanager-main-db - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/pki/ca-trust/extracted/pem/ name: alertmanager-trusted-ca-bundle - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml name: cluster-tls-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://52e376f52555d8c92e1f2bcb14eee901dc99ed893126ed998113ee0094b22079 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://8f581b34fe62959c3e416346c9f3585018f8b576f2651d93ff6ec6b083bec79a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy - mountPath: /etc/tls/private name: secret-alertmanager-main-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://9f1068202e47029a51b97fc4c75af0f2840de6ad079d651b720f67383194246c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-metric ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://27c18dce38db96fc6f8ad0106738deece3012693881a23276eb7ed51fab791a6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/private name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://a593122216cb69e3d295ec686592b4fab55c4695aebaecaa0da11c97e2359d01 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd lastState: {} name: prom-label-proxy ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.139.125 hostIPs: - ip: 10.0.139.125 initContainerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://af0415277736b4ac9a2363232e88f7f90b5473b6a70799a4d4662d9bad339fac image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: init-config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: false state: terminated: containerID: cri-o://af0415277736b4ac9a2363232e88f7f90b5473b6a70799a4d4662d9bad339fac exitCode: 0 finishedAt: "2026-06-05T11:18:31Z" reason: Completed startedAt: "2026-06-05T11:18:31Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/alertmanager/config name: config-volume readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/config_out name: config-out - mountPath: /etc/alertmanager/secrets/alertmanager-main-tls name: secret-alertmanager-main-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy name: secret-alertmanager-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-metric name: secret-alertmanager-kube-rbac-proxy-metric readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/secrets/alertmanager-kube-rbac-proxy-web name: secret-alertmanager-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/alertmanager/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2hhk9 readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.132.0.18 podIPs: - ip: 10.132.0.18 qosClass: Burstable startTime: "2026-06-05T11:18:30Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.11/23"],"mac_address":"0a:58:0a:86:00:0b","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.11/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.11" ], "mac": "0a:58:0a:86:00:0b", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T11:16:27Z" generateName: cluster-monitoring-operator-74bbf69bbb- generation: 1 labels: app: cluster-monitoring-operator app.kubernetes.io/name: cluster-monitoring-operator app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 74bbf69bbb managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"0d629dd9-907f-40df-b9d9-d96d01d24ee7"}: {} f:spec: f:containers: k:{"name":"cluster-monitoring-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RELEASE_VERSION"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/cluster-monitoring-operator/telemetry"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cluster-monitoring-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemetry-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:16:26Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-134-225 operation: Update subresource: status time: "2026-06-05T11:16:27Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:16:59Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.11"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:01Z" name: cluster-monitoring-operator-74bbf69bbb-689x8 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: cluster-monitoring-operator-74bbf69bbb uid: 0d629dd9-907f-40df-b9d9-d96d01d24ee7 resourceVersion: "9144" uid: 4ed1d884-6bfc-4209-920e-48f7f22cc2bb spec: containers: - args: - -namespace=openshift-monitoring - -namespace-user-workload=openshift-user-workload-monitoring - -configmap=cluster-monitoring-config - -release-version=$(RELEASE_VERSION) - -v=2 - -cert-file=/etc/tls/private/tls.crt - -key-file=/etc/tls/private/tls.key - -images=prometheus-operator=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 - -images=prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 - -images=prometheus-operator-admission-webhook=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 - -images=configmap-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3068d66b76b04572a3ca4be20cbe477525f5191ded00e0b088f7932a17e0b30d - -images=prometheus=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b - -images=alertmanager=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:934b6e63500825fd036711c069af6189e5e6229db6d52fc2fe318ef590b056f1 - -images=node-exporter=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d - -images=kube-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b35a804998bcf5aed75b961bcc669dc7ebb6ecf4ea9fe4fcf81a51780e9659b - -images=openshift-state-metrics=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda - -images=kube-rbac-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea - -images=telemeter-client=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 - -images=prom-label-proxy=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd - -images=thanos=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 - -images=monitoring-plugin=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a - -images=kube-metrics-server=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 env: - name: RELEASE_VERSION value: 4.21.19 - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:918cf797d0e81470ae4575ebf4df4b189cb24f06173893277d417b74fdd2f83f imagePullPolicy: IfNotPresent name: cluster-monitoring-operator ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 10m memory: 75Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: cluster-monitoring-operator-tls readOnly: true - mountPath: /etc/cluster-monitoring-operator/telemetry name: telemetry-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-4mnvx readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: cluster-monitoring-operator-dockercfg-j5h4h nodeName: ip-10-0-134-225.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: cluster-monitoring-operator serviceAccountName: cluster-monitoring-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 volumes: - configMap: defaultMode: 420 name: telemetry-config name: telemetry-config - name: cluster-monitoring-operator-tls secret: defaultMode: 420 secretName: cluster-monitoring-operator-tls - name: kube-api-access-4mnvx projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:01Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:16:27Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:01Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:01Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:16:27Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 75Mi containerID: cri-o://c21a132cce9768782d2936dfbe14f7b3906949c03752a8c7c6a74661f497853a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:918cf797d0e81470ae4575ebf4df4b189cb24f06173893277d417b74fdd2f83f imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7254a8c04e9f17465009044222270016263daaa27825aa3f0fc3a37876b2567b lastState: {} name: cluster-monitoring-operator ready: true resources: requests: cpu: 10m memory: 75Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:01Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: cluster-monitoring-operator-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cluster-monitoring-operator/telemetry name: telemetry-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-4mnvx readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.134.225 hostIPs: - ip: 10.0.134.225 observedGeneration: 1 phase: Running podIP: 10.134.0.11 podIPs: - ip: 10.134.0.11 qosClass: Burstable startTime: "2026-06-05T11:16:27Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.13/23"],"mac_address":"0a:58:0a:84:00:0d","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.13/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.13" ], "mac": "0a:58:0a:84:00:0d", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: kube-state-metrics openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T11:17:08Z" generateName: kube-state-metrics-57bbf8bfb5- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 2.17.0 pod-template-hash: 57bbf8bfb5 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-139-125 operation: Update subresource: status time: "2026-06-05T11:17:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"9b8d9755-879a-4907-ba2b-b17129a6c45c"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-state-metrics"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/tmp"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"kube-state-metrics-custom-resource-state-configmap"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"kube-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"kube-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"volume-directive-shadow"}: .: {} f:emptyDir: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:17:09Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.13"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:11Z" name: kube-state-metrics-57bbf8bfb5-88wwq namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: kube-state-metrics-57bbf8bfb5 uid: 9b8d9755-879a-4907-ba2b-b17129a6c45c resourceVersion: "9651" uid: 528b9315-94dc-4dce-89ee-fa8b63494eba spec: automountServiceAccountToken: true containers: - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - --custom-resource-state-config-file=/etc/kube-state-metrics/custom-resource-state-configmap.yaml - | --metric-denylist= ^kube_secret_labels$, ^kube_.+_annotations$, ^kube_customresource_.+_annotations_info$, ^kube_customresource_.+_labels_info$ - --metric-labels-allowlist=pods=[*],nodes=[*],namespaces=[*],persistentvolumes=[*],persistentvolumeclaims=[*],poddisruptionbudgets=[*] - | --metric-denylist= ^kube_.+_created$, ^kube_.+_metadata_resource_version$, ^kube_replicaset_metadata_generation$, ^kube_replicaset_status_observed_generation$, ^kube_pod_restart_policy$, ^kube_pod_init_container_status_terminated$, ^kube_pod_init_container_status_running$, ^kube_pod_container_status_terminated$, ^kube_pod_container_status_running$, ^kube_pod_completion_time$, ^kube_pod_status_scheduled$ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b35a804998bcf5aed75b961bcc669dc7ebb6ecf4ea9fe4fcf81a51780e9659b imagePullPolicy: IfNotPresent name: kube-state-metrics resources: requests: cpu: 2m memory: 80Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp name: volume-directive-shadow - mountPath: /etc/kube-state-metrics name: kube-state-metrics-custom-resource-state-configmap readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dp7p2 readOnly: true - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dp7p2 readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dp7p2 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: kube-state-metrics-dockercfg-2fxrs nodeName: ip-10-0-139-125.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: kube-state-metrics serviceAccountName: kube-state-metrics terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - emptyDir: {} name: volume-directive-shadow - name: kube-state-metrics-tls secret: defaultMode: 420 secretName: kube-state-metrics-tls - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: kube-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: kube-state-metrics-custom-resource-state-configmap name: kube-state-metrics-custom-resource-state-configmap - name: kube-api-access-dp7p2 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:08Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://aec934824f448937078e8ac85989debe32e2e8766e7cc7188a10d26bff0b2607 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-main ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:10Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dp7p2 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://7630b9b675ba2f0658fa7b8feb89efe1deb77afdd7185ead2169564186a25a67 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-self ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:10Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: kube-state-metrics-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: kube-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dp7p2 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 2m memory: 80Mi containerID: cri-o://959c1b065419f74f6e940d1e990687794599501b325323eda05ad965158e19f5 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6b35a804998bcf5aed75b961bcc669dc7ebb6ecf4ea9fe4fcf81a51780e9659b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0fed5ae25f578830f8c74975b5e7a2fc75b362a09231066752cce55854eb9098 lastState: {} name: kube-state-metrics ready: true resources: requests: cpu: 2m memory: 80Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:10Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /tmp name: volume-directive-shadow - mountPath: /etc/kube-state-metrics name: kube-state-metrics-custom-resource-state-configmap readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-dp7p2 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.139.125 hostIPs: - ip: 10.0.139.125 observedGeneration: 1 phase: Running podIP: 10.132.0.13 podIPs: - ip: 10.132.0.13 qosClass: Burstable startTime: "2026-06-05T11:17:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.15/23"],"mac_address":"0a:58:0a:84:00:0f","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.15/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.15" ], "mac": "0a:58:0a:84:00:0f", "default": true, "dns": {} }] monitoring.openshift.io/kubelet-serving-ca-bundle-hash: 33l4apkbgq6gs monitoring.openshift.io/metrics-server-client-certs-hash: b4e778lg1egav monitoring.openshift.io/serving-ca-secret-hash: ccpd9fpvgng71 openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T11:17:12Z" generateName: metrics-server-86cb75848d- generation: 1 labels: app.kubernetes.io/component: metrics-server app.kubernetes.io/name: metrics-server app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 86cb75848d managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:monitoring.openshift.io/kubelet-serving-ca-bundle-hash: {} f:monitoring.openshift.io/metrics-server-client-certs-hash: {} f:monitoring.openshift.io/serving-ca-secret-hash: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"c4bc9662-9b00-4fb1-a547-633671730a09"}: {} f:spec: f:containers: k:{"name":"metrics-server"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":10250,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:startupProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/audit"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/client-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/metrics-server-client-certs"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/log/metrics-server"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"audit-log"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"client-ca-bundle"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"metrics-server-audit-profiles"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-metrics-server-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-server-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-139-125 operation: Update subresource: status time: "2026-06-05T11:17:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:17:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.15"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:53Z" name: metrics-server-86cb75848d-pnfn8 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: metrics-server-86cb75848d uid: c4bc9662-9b00-4fb1-a547-633671730a09 resourceVersion: "10585" uid: f6d051ba-07d6-4b30-bb0b-655d78f0d398 spec: containers: - args: - --secure-port=10250 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-certificate-authority=/etc/tls/kubelet-serving-ca-bundle/ca-bundle.crt - --kubelet-client-certificate=/etc/tls/metrics-server-client-certs/tls.crt - --kubelet-client-key=/etc/tls/metrics-server-client-certs/tls.key - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --shutdown-send-retry-after=true - --shutdown-delay-duration=150s - --disable-http2-serving=true - --tls-min-version=VersionTLS12 - --client-ca-file=/etc/client-ca-bundle/client-ca-file - --requestheader-client-ca-file=/etc/client-ca-bundle/requestheader-client-ca-file - --requestheader-allowed-names=kube-apiserver-proxy,system:kube-apiserver-proxy,system:openshift-aggregator - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --audit-policy-file=/etc/audit/metadata-profile.yaml - --audit-log-path=/var/log/metrics-server/audit.log - --audit-log-maxsize=100 - --audit-log-maxbackup=5 - --audit-log-compress=true image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: metrics-server ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 6 httpGet: path: /livez port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000450000 startupProbe: failureThreshold: 6 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-server-client-certs name: secret-metrics-server-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-wlxbg readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: metrics-server-dockercfg-8dct8 nodeName: ip-10-0-139-125.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: metrics-server serviceAccountName: metrics-server terminationGracePeriodSeconds: 170 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: secret-metrics-server-client-certs secret: defaultMode: 420 secretName: metrics-server-client-certs - name: secret-metrics-server-tls secret: defaultMode: 420 secretName: metrics-server-tls - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - emptyDir: {} name: audit-log - configMap: defaultMode: 420 name: metrics-server-audit-profiles name: metrics-server-audit-profiles - name: client-ca-bundle secret: defaultMode: 420 secretName: metrics-server-epqoeepj2c4o - name: kube-api-access-wlxbg projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:16Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:13Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:53Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:53Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:13Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 40Mi containerID: cri-o://82286f7f068d5ce23e3b30ae0d60cd82491185d0f72b112718089b87e0909a82 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eab8a85cd516bfece022067ac3fdc687cd39668401449daefde2d0ec2645a342 lastState: {} name: metrics-server ready: true resources: requests: cpu: 1m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:15Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-metrics-server-tls - mountPath: /etc/tls/metrics-server-client-certs name: secret-metrics-server-client-certs - mountPath: /etc/tls/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - mountPath: /etc/audit name: metrics-server-audit-profiles readOnly: true recursiveReadOnly: Disabled - mountPath: /var/log/metrics-server name: audit-log - mountPath: /etc/client-ca-bundle name: client-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-wlxbg readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.139.125 hostIPs: - ip: 10.0.139.125 observedGeneration: 1 phase: Running podIP: 10.132.0.15 podIPs: - ip: 10.132.0.15 qosClass: Burstable startTime: "2026-06-05T11:17:13Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.16/23"],"mac_address":"0a:58:0a:84:00:10","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.16/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.16" ], "mac": "0a:58:0a:84:00:10", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T11:17:13Z" generateName: monitoring-plugin-76b68cc874- generation: 1 labels: app.kubernetes.io/component: monitoring-plugin app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: monitoring-plugin app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 76b68cc874 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-139-125 operation: Update subresource: status time: "2026-06-05T11:17:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"d96aa47c-a2ba-452a-b5d6-d42446ec6e6e"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"monitoring-plugin"}: .: {} f:args: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/cert"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"monitoring-plugin-cert"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:17:13Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.16"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:16Z" name: monitoring-plugin-76b68cc874-tc9vl namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: monitoring-plugin-76b68cc874 uid: d96aa47c-a2ba-452a-b5d6-d42446ec6e6e resourceVersion: "9888" uid: 0c93fac6-fef9-4b43-9c33-1aa4bcbff2b5 spec: automountServiceAccountToken: true containers: - args: - --config-path=/opt/app-root/web/dist - --static-path=/opt/app-root/web/dist - --cert=/var/cert/tls.crt - --key=/var/cert/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 command: - /opt/app-root/plugin-backend image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a imagePullPolicy: IfNotPresent name: monitoring-plugin ports: - containerPort: 9443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /health port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/cert name: monitoring-plugin-cert readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-gpfzb readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: monitoring-plugin-dockercfg-fnbbq nodeName: ip-10-0-139-125.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 runAsNonRoot: true seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: monitoring-plugin serviceAccountName: monitoring-plugin terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: monitoring-plugin-cert secret: defaultMode: 420 secretName: monitoring-plugin-cert - name: kube-api-access-gpfzb projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:16Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:13Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:16Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:16Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:13Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 50Mi containerID: cri-o://69487f9cb02fba26fb70d8d103a92f0cb36727177dc211a2869465fc785e04fa image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62ffdb4474948589b740f2c9da54aa0b3013d672861e312d7af1e7d321bb761a lastState: {} name: monitoring-plugin ready: true resources: requests: cpu: 10m memory: 50Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:15Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/cert name: monitoring-plugin-cert readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-gpfzb readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.139.125 hostIPs: - ip: 10.0.139.125 observedGeneration: 1 phase: Running podIP: 10.132.0.16 podIPs: - ip: 10.132.0.16 qosClass: Burstable startTime: "2026-06-05T11:17:13Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T11:17:08Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"63e52f7f-e29e-4fc5-928f-822d572f3b92"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.134.225"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:12Z" name: node-exporter-9f7wt namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: 63e52f7f-e29e-4fc5-928f-822d572f3b92 resourceVersion: "9708" uid: c6d57a6d-f965-4317-85b0-002f9181a33f spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-134-225.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x6bgb readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x6bgb readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-fv8xb initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x6bgb readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-134-225.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-x6bgb projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:10Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:10Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://8b5c92a18588ac9b81b9e1ea84772d8e907d174f4a974c1188f867742b11084b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:11Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x6bgb readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://ffc82d4b44e3f65d2e3fb50936f97fd362ce4a69af546e88d61a5a4aefbc95cd image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:11Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x6bgb readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.134.225 hostIPs: - ip: 10.0.134.225 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://829cc704aa32fc4929a10591c64aba68a3b7c533760ecb444f45f25da0b1b59c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://829cc704aa32fc4929a10591c64aba68a3b7c533760ecb444f45f25da0b1b59c exitCode: 0 finishedAt: "2026-06-05T11:17:10Z" reason: Completed startedAt: "2026-06-05T11:17:10Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x6bgb readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.134.225 podIPs: - ip: 10.0.134.225 qosClass: Burstable startTime: "2026-06-05T11:17:08Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T11:17:08Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"63e52f7f-e29e-4fc5-928f-822d572f3b92"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.128.24"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:11Z" name: node-exporter-j57nb namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: 63e52f7f-e29e-4fc5-928f-822d572f3b92 resourceVersion: "9700" uid: e052ac45-1fd2-4d73-9331-ea27fbf11c8e spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-128-24.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pdhmx readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pdhmx readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-fv8xb initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pdhmx readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-128-24.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-pdhmx projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:10Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:10Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://d96f578620978200cc0ac1a02947ff5b067f0f7ea8cc6134f3bbb5dba93a5ae3 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:10Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pdhmx readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://c0d3e2d923374566bef01f0059e1f33f698aeab370f258fcbd4f9f0d110ca9be image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:10Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pdhmx readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.128.24 hostIPs: - ip: 10.0.128.24 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://03e91aeb9fefba88fa95cf594b6c70309b9c96a4199fda281c44a84d7cc5d6ac image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://03e91aeb9fefba88fa95cf594b6c70309b9c96a4199fda281c44a84d7cc5d6ac exitCode: 0 finishedAt: "2026-06-05T11:17:10Z" reason: Completed startedAt: "2026-06-05T11:17:09Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pdhmx readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.128.24 podIPs: - ip: 10.0.128.24 qosClass: Burstable startTime: "2026-06-05T11:17:08Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" kubectl.kubernetes.io/default-container: node-exporter openshift.io/required-scc: node-exporter openshift.io/scc: node-exporter seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T11:17:08Z" generateName: node-exporter- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 1.10.2 controller-revision-hash: 7c89b6987d pod-template-generation: "1" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:controller-revision-hash: {} f:pod-template-generation: {} f:ownerReferences: .: {} k:{"uid":"63e52f7f-e29e-4fc5-928f-822d572f3b92"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:env: .: {} k:{"name":"IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9100,"protocol":"TCP"}: .: {} f:containerPort: {} f:hostPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"node-exporter"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DBUS_SYSTEM_BUS_ADDRESS"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/host/root"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/sys"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/accelerators_collector_config"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:workingDir: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:initContainers: .: {} k:{"name":"init-textfile"}: .: {} f:command: {} f:env: .: {} k:{"name":"TMPDIR"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:runAsUser: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/var/log/wtmp"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/node_exporter/textfile"}: .: {} f:mountPath: {} f:name: {} f:workingDir: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"node-exporter-accelerators-collector-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"node-exporter-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-textfile"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"node-exporter-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"node-exporter-wtmp"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"root"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"sys"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.139.125"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:12Z" name: node-exporter-r877d namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: node-exporter uid: 63e52f7f-e29e-4fc5-928f-822d572f3b92 resourceVersion: "9716" uid: eb598d98-36a3-410c-9417-87d5a5d9ad24 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-139-125.ec2.internal automountServiceAccountToken: true containers: - args: - --web.listen-address=127.0.0.1:9101 - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.procfs=/host/root/proc - --path.udev.data=/host/root/run/udev/data - --no-collector.wifi - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15}|enP.*|ovn-k8s-mp[0-9]*|br-ex|br-int|br-ext|br[0-9]*|tun[0-9]*|cali[a-f0-9]*)$ - --collector.cpu.info - --collector.textfile.directory=/var/node_exporter/textfile - --no-collector.btrfs - --runtime.gomaxprocs=0 - --no-collector.cpufreq - --no-collector.tcpstat - --collector.netdev - --collector.netclass - --collector.netclass.netlink - --no-collector.buddyinfo - --no-collector.mountstats - --no-collector.ksmd - --no-collector.processes - --no-collector.systemd command: - /bin/sh - -c - | export GOMAXPROCS=4 # We don't take CPU affinity into account as the container doesn't have integer CPU requests. # In case of error, fallback to the default value. NUM_CPUS=$(grep -c '^processor' "/proc/cpuinfo" 2>/dev/null || echo "0") if [ "$NUM_CPUS" -lt "$GOMAXPROCS" ]; then export GOMAXPROCS="$NUM_CPUS" fi echo "ts=$(date --iso-8601=seconds) num_cpus=$NUM_CPUS gomaxprocs=$GOMAXPROCS" exec /bin/node_exporter "$0" "$@" env: - name: DBUS_SYSTEM_BUS_ADDRESS value: unix:path=/host/root/var/run/dbus/system_bus_socket image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: node-exporter resources: requests: cpu: 8m memory: 32Mi securityContext: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /host/sys mountPropagation: HostToContainer name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-654qt readOnly: true workingDir: /var/node_exporter/textfile - args: - --secure-listen-address=[$(IP)]:9100 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:9101/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 env: - name: IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9100 hostPort: 9100 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-654qt readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: node-exporter-dockercfg-fv8xb initContainers: - command: - /bin/sh - -c - '[[ ! -d /node_exporter/collectors/init ]] || find /node_exporter/collectors/init -perm /111 -type f -exec {} \;' env: - name: TMPDIR value: /tmp image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imagePullPolicy: IfNotPresent name: init-textfile resources: requests: cpu: 1m memory: 1Mi securityContext: privileged: true runAsUser: 0 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-654qt readOnly: true workingDir: /var/node_exporter/textfile nodeName: ip-10-0-139-125.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: seccompProfile: type: RuntimeDefault serviceAccount: node-exporter serviceAccountName: node-exporter terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: {} name: node-exporter-textfile - name: node-exporter-tls secret: defaultMode: 420 secretName: node-exporter-tls - hostPath: path: /var/log/wtmp type: File name: node-exporter-wtmp - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: node-exporter-kube-rbac-proxy-config secret: defaultMode: 420 secretName: node-exporter-kube-rbac-proxy-config - configMap: defaultMode: 420 items: - key: config.yaml path: config.yaml name: node-exporter-accelerators-collector-config name: node-exporter-accelerators-collector-config - name: kube-api-access-654qt projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:12Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:12Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://a719369b832c4946cca59a416e421d8fb90720e995688dd0b11f2402487b38dd image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:11Z" user: linux: gid: 65532 supplementalGroups: - 65532 uid: 65532 volumeMounts: - mountPath: /etc/tls/private name: node-exporter-tls - mountPath: /etc/tls/client name: metrics-client-ca - mountPath: /etc/kube-rbac-policy name: node-exporter-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-654qt readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 8m memory: 32Mi containerID: cri-o://4c7e4a907c1ca54ca77c1d8032c944b55acfd880512fee4d858f7ce9712c070d image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: node-exporter ready: true resources: requests: cpu: 8m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:11Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /host/sys name: sys readOnly: true recursiveReadOnly: Disabled - mountPath: /host/root name: root readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/textfile name: node-exporter-textfile readOnly: true recursiveReadOnly: Disabled - mountPath: /var/node_exporter/accelerators_collector_config name: node-exporter-accelerators-collector-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-654qt readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.139.125 hostIPs: - ip: 10.0.139.125 initContainerStatuses: - allocatedResources: cpu: 1m memory: 1Mi containerID: cri-o://2b94685e13b021c6e2c6bd05829806d0854811552e992decbb3673d937eee9b4 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e83446315f4288b43865479673474a3cdcbf9d42919f6cb6b7e76bb897d7d97d lastState: {} name: init-textfile ready: true resources: requests: cpu: 1m memory: 1Mi restartCount: 0 started: false state: terminated: containerID: cri-o://2b94685e13b021c6e2c6bd05829806d0854811552e992decbb3673d937eee9b4 exitCode: 0 finishedAt: "2026-06-05T11:17:10Z" reason: Completed startedAt: "2026-06-05T11:17:10Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /var/node_exporter/textfile name: node-exporter-textfile - mountPath: /var/log/wtmp name: node-exporter-wtmp readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-654qt readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.0.139.125 podIPs: - ip: 10.0.139.125 qosClass: Burstable startTime: "2026-06-05T11:17:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.12/23"],"mac_address":"0a:58:0a:84:00:0c","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.12/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.12" ], "mac": "0a:58:0a:84:00:0c", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: openshift-state-metrics openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T11:17:08Z" generateName: openshift-state-metrics-65f78d5c66- generation: 1 labels: app.kubernetes.io/component: exporter app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: openshift-state-metrics app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 65f78d5c66 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-139-125 operation: Update subresource: status time: "2026-06-05T11:17:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"21dfb80b-eaf3-4f87-9b30-5c3f67b3cc23"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy-main"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-self"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"openshift-state-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"openshift-state-metrics-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"openshift-state-metrics-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:08Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:17:09Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.12"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:11Z" name: openshift-state-metrics-65f78d5c66-g9cw5 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: openshift-state-metrics-65f78d5c66 uid: 21dfb80b-eaf3-4f87-9b30-5c3f67b3cc23 resourceVersion: "9635" uid: a1c40075-ae53-43e1-8e97-4df934f00e2f spec: containers: - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-main ports: - containerPort: 8443 name: https-main protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mdvgv readOnly: true - args: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-self ports: - containerPort: 9443 name: https-self protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mdvgv readOnly: true - args: - --host=127.0.0.1 - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda imagePullPolicy: IfNotPresent name: openshift-state-metrics resources: requests: cpu: 1m memory: 32Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mdvgv readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: openshift-state-metrics-dockercfg-kc64z nodeName: ip-10-0-139-125.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: openshift-state-metrics serviceAccountName: openshift-state-metrics terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: openshift-state-metrics-tls secret: defaultMode: 420 secretName: openshift-state-metrics-tls - name: openshift-state-metrics-kube-rbac-proxy-config secret: defaultMode: 420 secretName: openshift-state-metrics-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-api-access-mdvgv projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:08Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:08Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://97c6cb68c33d37f56c423a1a2943cd03dc2a5f0ab2e4f0abbc12adba11eb5db6 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-main ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:09Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mdvgv readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://08d4b76cabf07c09fca646e9c7808c28d881e6405044e8b649f4f49928e0900e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-self ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:09Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: openshift-state-metrics-tls - mountPath: /etc/kube-rbac-policy name: openshift-state-metrics-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mdvgv readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 32Mi containerID: cri-o://3610fe00350c6df37e60df4ee2471fef59a2fce2d3c6ee935155a1dabbd1ed83 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6784177a151b3f1d5bb053ee216044b635812b4ddf6689af2894b69576b6dda lastState: {} name: openshift-state-metrics ready: true resources: requests: cpu: 1m memory: 32Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:10Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mdvgv readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.139.125 hostIPs: - ip: 10.0.139.125 observedGeneration: 1 phase: Running podIP: 10.132.0.12 podIPs: - ip: 10.132.0.12 qosClass: Burstable startTime: "2026-06-05T11:17:08Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.133.0.17/23"],"mac_address":"0a:58:0a:85:00:11","gateway_ips":["10.133.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.133.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.133.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.133.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.133.0.1"}],"ip_address":"10.133.0.17/23","gateway_ip":"10.133.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.133.0.17" ], "mac": "0a:58:0a:85:00:11", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus openshift.io/required-scc: nonroot openshift.io/scc: nonroot security.openshift.io/validated-scc-subject-type: serviceaccount creationTimestamp: "2026-06-05T11:18:35Z" generateName: prometheus-k8s- generation: 1 labels: app.kubernetes.io/component: prometheus app.kubernetes.io/instance: k8s app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 3.7.3 apps.kubernetes.io/pod-index: "0" controller-revision-hash: prometheus-k8s-df668846 operator.prometheus.io/name: k8s operator.prometheus.io/shard: "0" prometheus: k8s statefulset.kubernetes.io/pod-name: prometheus-k8s-0 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-128-24 operation: Update subresource: status time: "2026-06-05T11:18:35Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:apps.kubernetes.io/pod-index: {} f:controller-revision-hash: {} f:operator.prometheus.io/name: {} f:operator.prometheus.io/shard: {} f:prometheus: {} f:statefulset.kubernetes.io/pod-name: {} f:ownerReferences: .: {} k:{"uid":"412c187b-a1da-47c8-886b-7a29e39e7720"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-thanos"}: .: {} f:args: {} f:env: .: {} k:{"name":"POD_IP"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10903,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prometheus"}: .: {} f:args: {} f:env: .: {} k:{"name":"GOGC"}: .: {} f:name: {} f:value: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:readinessProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:startupProbe: .: {} f:exec: .: {} f:command: {} f:failureThreshold: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/kubelet-serving-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/metrics-client-ca"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/configmaps/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/metrics-client-certs"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/secrets/prometheus-k8s-tls"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} k:{"mountPath":"/prometheus"}: .: {} f:mountPath: {} f:name: {} k:{"name":"thanos-sidecar"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":10901,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":10902,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/thanos/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostname: {} f:initContainers: .: {} k:{"name":"init-config-reloader"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"POD_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SHARD"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8081,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/prometheus/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/config_out"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-0"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-1"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/rules/prometheus-k8s-rulefiles-2"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/prometheus/web_config/web-config.yaml"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:subPath: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:runAsNonRoot: {} f:runAsUser: {} f:serviceAccount: {} f:serviceAccountName: {} f:shareProcessNamespace: {} f:subdomain: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"config-out"}: .: {} f:emptyDir: .: {} f:medium: {} f:name: {} k:{"name":"configmap-kubelet-serving-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"configmap-serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-k8s-db"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-0"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-1"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-k8s-rulefiles-2"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:optional: {} f:name: {} k:{"name":"prometheus-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-metrics-client-certs"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-thanos-sidecar-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-prometheus-k8s-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"thanos-prometheus-http-client-file"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"tls-assets"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"web-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:18:35Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:18:35Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.133.0.17"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:19:36Z" name: prometheus-k8s-0 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: prometheus-k8s uid: 412c187b-a1da-47c8-886b-7a29e39e7720 resourceVersion: "11811" uid: 7fc7bd72-d6ec-47eb-a211-7241d6acdbf9 spec: automountServiceAccountToken: true containers: - args: - --config.file=/etc/prometheus/config_out/prometheus.env.yaml - --web.enable-lifecycle - --enable-feature=delayed-compaction,use-uncached-io - --web.external-url=https://console-openshift-console.apps.49882161-53e7-4b61-bb4d-2b36a80f5475.prod.konfluxeaas.com/monitoring - --web.route-prefix=/ - --web.listen-address=127.0.0.1:9090 - --storage.tsdb.retention.time=15d - --storage.tsdb.path=/prometheus - --web.config.file=/etc/prometheus/web_config/web-config.yaml - --scrape.timestamp-tolerance=15ms - --no-auto-gomemlimit env: - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY - name: GOGC value: "100" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b imagePullPolicy: IfNotPresent livenessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/healthy; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/healthy; else exit 1; fi failureThreshold: 6 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus readinessProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 3 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 resources: requests: cpu: 70m memory: 1Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true startupProbe: exec: command: - sh - -c - if [ -x "$(command -v curl)" ]; then exec curl --fail http://localhost:9090/-/ready; elif [ -x "$(command -v wget)" ]; then exec wget -q -O /dev/null http://localhost:9090/-/ready; else exit 1; fi failureThreshold: 60 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem/ name: prometheus-trusted-ca-bundle - mountPath: /etc/prometheus/config_out name: config-out readOnly: true - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true - mountPath: /prometheus name: prometheus-k8s-db - mountPath: /etc/prometheus/secrets/prometheus-k8s-tls name: secret-prometheus-k8s-tls readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/prometheus/secrets/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web name: secret-prometheus-k8s-kube-rbac-proxy-web readOnly: true - mountPath: /etc/prometheus/secrets/metrics-client-certs name: secret-metrics-client-certs readOnly: true - mountPath: /etc/prometheus/configmaps/serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle readOnly: true - mountPath: /etc/prometheus/configmaps/metrics-client-ca name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 readOnly: true - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 readOnly: true - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true - args: - --listen-address=localhost:8080 - --web-config-file=/etc/prometheus/web_config/web-config.yaml - --reload-url=http://localhost:9090/-/reload - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: config-reloader resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true - args: - sidecar - --prometheus.url=http://localhost:9090/ - --tsdb.path=/prometheus - --http-address=127.0.0.1:10902 - --grpc-server-tls-cert=/etc/tls/grpc/server.crt - --grpc-server-tls-key=/etc/tls/grpc/server.key - --grpc-server-tls-client-ca=/etc/tls/grpc/ca.crt image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imagePullPolicy: IfNotPresent name: thanos-sidecar ports: - containerPort: 10902 name: http protocol: TCP - containerPort: 10901 name: grpc protocol: TCP resources: requests: cpu: 1m memory: 25Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /etc/thanos/config name: thanos-prometheus-http-client-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/kube-rbac-proxy name: secret-prometheus-k8s-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9090 - --allow-paths=/metrics,/federate - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true - args: - --secure-listen-address=[$(POD_IP)]:10903 - --upstream=http://127.0.0.1:10902 - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/metrics - --tls-min-version=VersionTLS12 env: - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-thanos ports: - containerPort: 10903 name: thanos-proxy protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: prometheus-k8s-0 imagePullSecrets: - name: prometheus-k8s-dockercfg-2cprk initContainers: - args: - --watch-interval=0 - --listen-address=:8081 - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-0 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-1 - --watched-dir=/etc/prometheus/rules/prometheus-k8s-rulefiles-2 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8081 name: reloader-init protocol: TCP resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - KILL - MKNOD - SETGID - SETUID readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true nodeName: ip-10-0-128-24.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 seLinuxOptions: level: s0:c21,c15 serviceAccount: prometheus-k8s serviceAccountName: prometheus-k8s shareProcessNamespace: false subdomain: prometheus-operated terminationGracePeriodSeconds: 600 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: config secret: defaultMode: 420 secretName: prometheus-k8s - name: tls-assets projected: defaultMode: 420 sources: - secret: name: prometheus-k8s-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-prometheus-k8s-tls secret: defaultMode: 420 secretName: prometheus-k8s-tls - name: secret-prometheus-k8s-thanos-sidecar-tls secret: defaultMode: 420 secretName: prometheus-k8s-thanos-sidecar-tls - name: secret-kube-rbac-proxy secret: defaultMode: 420 secretName: kube-rbac-proxy - name: secret-prometheus-k8s-kube-rbac-proxy-web secret: defaultMode: 420 secretName: prometheus-k8s-kube-rbac-proxy-web - name: secret-metrics-client-certs secret: defaultMode: 420 secretName: metrics-client-certs - configMap: defaultMode: 420 name: serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle - configMap: defaultMode: 420 name: kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle - configMap: defaultMode: 420 name: metrics-client-ca name: configmap-metrics-client-ca - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-0 optional: true name: prometheus-k8s-rulefiles-0 - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-1 optional: true name: prometheus-k8s-rulefiles-1 - configMap: defaultMode: 420 name: prometheus-k8s-rulefiles-2 optional: true name: prometheus-k8s-rulefiles-2 - name: web-config secret: defaultMode: 420 secretName: prometheus-k8s-web-config - name: thanos-prometheus-http-client-file secret: defaultMode: 420 secretName: prometheus-k8s-thanos-prometheus-http-client-file - emptyDir: {} name: prometheus-k8s-db - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: prometheus-trusted-ca-bundle name: prometheus-trusted-ca-bundle - name: secret-grpc-tls secret: defaultMode: 420 secretName: prometheus-k8s-grpc-tls-ad8ihh16iv66s - name: kube-api-access-qrt8l projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:36Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:36Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:19:36Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:19:36Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:35Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://7e5875109f44a11b4c207d11632d9a09d0885ec39fe49e69d16d8ddc4125e657 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://9ea70b882a1ba1a466710426dcd37b084806da8ee615ec53e6692803de5336b0 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://3514c01ccbb09076d4793383376f3b9012351366a15af2156f4287289c9887a1 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-thanos ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://70a99f4167eaa7ed67f27d9552999d6355d68e5841b859c7e89db7b4fdb79919 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/private name: secret-prometheus-k8s-tls - mountPath: /etc/kube-rbac-proxy name: secret-prometheus-k8s-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 70m memory: 1Gi containerID: cri-o://62b1f4dc2627805f45cadb20523139a4a481946b8174a0ade19de30b9b85e045 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:588fb17eb79cc52e684e3b08eeb20ca983593d9fa6684f618ec2899b68c4c68b lastState: {} name: prometheus ready: true resources: requests: cpu: 70m memory: 1Gi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/pki/ca-trust/extracted/pem/ name: prometheus-trusted-ca-bundle - mountPath: /etc/prometheus/config_out name: config-out readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true recursiveReadOnly: Disabled - mountPath: /prometheus name: prometheus-k8s-db - mountPath: /etc/prometheus/secrets/prometheus-k8s-tls name: secret-prometheus-k8s-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/prometheus-k8s-thanos-sidecar-tls name: secret-prometheus-k8s-thanos-sidecar-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/kube-rbac-proxy name: secret-kube-rbac-proxy readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/prometheus-k8s-kube-rbac-proxy-web name: secret-prometheus-k8s-kube-rbac-proxy-web readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/secrets/metrics-client-certs name: secret-metrics-client-certs readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/serving-certs-ca-bundle name: configmap-serving-certs-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/kubelet-serving-ca-bundle name: configmap-kubelet-serving-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/configmaps/metrics-client-ca name: configmap-metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 25Mi containerID: cri-o://85f8107cd8aaabf8307711fe94ced385f31f61da10577c5a6cdab40f5d102a6c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:640fefc608be90a772c385f404c6385b035e679a671f1861810ac7d1db805f84 lastState: {} name: thanos-sidecar ready: true resources: requests: cpu: 1m memory: 25Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:36Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /etc/thanos/config name: thanos-prometheus-http-client-file - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.128.24 hostIPs: - ip: 10.0.128.24 initContainerStatuses: - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://a80d1cb08f954da76b48a06500937571f9d91bc89465472e9b5def791799b39a image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: init-config-reloader ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: false state: terminated: containerID: cri-o://a80d1cb08f954da76b48a06500937571f9d91bc89465472e9b5def791799b39a exitCode: 0 finishedAt: "2026-06-05T11:18:35Z" reason: Completed startedAt: "2026-06-05T11:18:35Z" user: linux: gid: 65534 supplementalGroups: - 65534 uid: 65534 volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-0 name: prometheus-k8s-rulefiles-0 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-1 name: prometheus-k8s-rulefiles-1 - mountPath: /etc/prometheus/rules/prometheus-k8s-rulefiles-2 name: prometheus-k8s-rulefiles-2 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qrt8l readOnly: true recursiveReadOnly: Disabled observedGeneration: 1 phase: Running podIP: 10.133.0.17 podIPs: - ip: 10.133.0.17 qosClass: Burstable startTime: "2026-06-05T11:18:35Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.15/23"],"mac_address":"0a:58:0a:86:00:0f","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.15/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.15" ], "mac": "0a:58:0a:86:00:0f", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus-operator openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T11:17:04Z" generateName: prometheus-operator-7f7d445d84- generation: 1 labels: app.kubernetes.io/component: controller app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.87.0 pod-template-hash: 7f7d445d84 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-134-225 operation: Update subresource: status time: "2026-06-05T11:17:04Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"be83a3bb-4f60-4d46-8936-ffed7ec5ccf0"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"name":"prometheus-operator"}: .: {} f:args: {} f:env: .: {} k:{"name":"GOGC"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"prometheus-operator-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"prometheus-operator-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:04Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:17:05Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.15"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:06Z" name: prometheus-operator-7f7d445d84-5l5x2 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: prometheus-operator-7f7d445d84 uid: be83a3bb-4f60-4d46-8936-ffed7ec5ccf0 resourceVersion: "9260" uid: 66bd71f5-636f-4f55-8b7d-e69dc130c26e spec: automountServiceAccountToken: true containers: - args: - --kubelet-service=kube-system/kubelet - --prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 - --kubelet-endpoints=true - --kubelet-endpointslice=true - --watch-referenced-objects-in-all-namespaces=true - --prometheus-instance-namespaces=openshift-monitoring - --thanos-ruler-instance-namespaces=openshift-monitoring - --alertmanager-instance-namespaces=openshift-monitoring - --config-reloader-cpu-limit=0 - --config-reloader-memory-limit=0 - --config-reloader-cpu-request=1m - --config-reloader-memory-request=10Mi - --web.listen-address=127.0.0.1:8080 - --controller-id=openshift-monitoring/prometheus-operator env: - name: GOGC value: "30" image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 imagePullPolicy: IfNotPresent name: prometheus-operator resources: requests: cpu: 5m memory: 150Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pjcc8 readOnly: true - args: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --upstream=http://localhost:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --config-file=/etc/kube-rbac-policy/config.yaml - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: prometheus-operator-tls readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /etc/kube-rbac-policy name: prometheus-operator-kube-rbac-proxy-config readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pjcc8 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: prometheus-operator-dockercfg-x75ch nodeName: ip-10-0-134-225.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: prometheus-operator serviceAccountName: prometheus-operator terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: prometheus-operator-tls secret: defaultMode: 420 secretName: prometheus-operator-tls - name: prometheus-operator-kube-rbac-proxy-config secret: defaultMode: 420 secretName: prometheus-operator-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: kube-api-access-pjcc8 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:06Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:04Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:06Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:06Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:04Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://131323cf97f72e8f6f8862e9fb65318e002fd0826a0ada4cf6fdceee0a20205f image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:06Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: prometheus-operator-tls readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/kube-rbac-policy name: prometheus-operator-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pjcc8 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 5m memory: 150Mi containerID: cri-o://3a2f23395461b114dee05de635f0f28f77ac53e7e676d4e2ab0d862ae7fd6c4b image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3400ed5c42802094e933d264d9daee57ae8e21ac30cf7c71514488f612dcb85 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b1d74f1177673f5972ed75bc1c4a8362e0cfd29d5a9713b183e573a7827903f3 lastState: {} name: prometheus-operator ready: true resources: requests: cpu: 5m memory: 150Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:06Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pjcc8 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.134.225 hostIPs: - ip: 10.0.134.225 observedGeneration: 1 phase: Running podIP: 10.134.0.15 podIPs: - ip: 10.134.0.15 qosClass: Burstable startTime: "2026-06-05T11:17:04Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.11/23"],"mac_address":"0a:58:0a:84:00:0b","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.11/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.11" ], "mac": "0a:58:0a:84:00:0b", "default": true, "dns": {} }] kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T11:17:02Z" generateName: prometheus-operator-admission-webhook-5b6b8f594- generation: 1 labels: app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: prometheus-operator-admission-webhook app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.87.0 pod-template-hash: 5b6b8f594 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-139-125 operation: Update subresource: status time: "2026-06-05T11:17:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/default-container: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"27d332a8-c9f3-4ceb-a69e-13f9cd19727e"}: {} f:spec: f:automountServiceAccountToken: {} f:containers: k:{"name":"prometheus-operator-admission-webhook"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"tls-certificates"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:17:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.11"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:03Z" name: prometheus-operator-admission-webhook-5b6b8f594-8m9f7 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: prometheus-operator-admission-webhook-5b6b8f594 uid: 27d332a8-c9f3-4ceb-a69e-13f9cd19727e resourceVersion: "9195" uid: 5760ff51-dbf6-43e1-80c7-cac823c4222c spec: automountServiceAccountToken: false containers: - args: - --web.enable-tls=true - --web.cert-file=/etc/tls/private/tls.crt - --web.key-file=/etc/tls/private/tls.key - --web.tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --web.tls-min-version=VersionTLS12 - --name-validation-scheme=utf8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: prometheus-operator-admission-webhook ports: - containerPort: 8443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: https scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 5m memory: 30Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: tls-certificates readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: prometheus-operator-admission-webhook-dockercfg-v5xw6 nodeName: ip-10-0-139-125.ec2.internal preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: prometheus-operator-admission-webhook serviceAccountName: prometheus-operator-admission-webhook terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: tls-certificates secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: prometheus-operator-admission-webhook-tls status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:03Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:02Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:03Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:03Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:02Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 5m memory: 30Mi containerID: cri-o://b5b712d15f56a5e6b8411e9fe685ed083256fd6d14944feebc7c3fbb3ded1ecd image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:992f93fcbce8ea3ae42843e61357dc5bef17809bb540fa46fc965fce22338c12 lastState: {} name: prometheus-operator-admission-webhook ready: true resources: requests: cpu: 5m memory: 30Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:03Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: tls-certificates readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.139.125 hostIPs: - ip: 10.0.139.125 observedGeneration: 1 phase: Running podIP: 10.132.0.11 podIPs: - ip: 10.132.0.11 qosClass: Burstable startTime: "2026-06-05T11:17:02Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.132.0.19/23"],"mac_address":"0a:58:0a:84:00:13","gateway_ips":["10.132.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.132.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.132.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.132.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.132.0.1"}],"ip_address":"10.132.0.19/23","gateway_ip":"10.132.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.132.0.19" ], "mac": "0a:58:0a:84:00:13", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user telemeter-token-hash: butacvri7eo95 creationTimestamp: "2026-06-05T11:18:33Z" generateName: telemeter-client-7cb4669c7f- generation: 1 labels: app.kubernetes.io/component: telemetry-metrics-collector app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: telemeter-client app.kubernetes.io/part-of: openshift-monitoring pod-template-hash: 7cb4669c7f managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-139-125 operation: Update subresource: status time: "2026-06-05T11:18:33Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:telemeter-token-hash: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"9827587c-e012-4f93-bea5-65063c37f33e"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-policy"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"reload"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"name":"telemeter-client"}: .: {} f:command: {} f:env: .: {} k:{"name":"ANONYMIZE_LABELS"}: .: {} f:name: {} k:{"name":"FROM"}: .: {} f:name: {} f:value: {} k:{"name":"HTTP_PROXY"}: .: {} f:name: {} k:{"name":"HTTPS_PROXY"}: .: {} f:name: {} k:{"name":"ID"}: .: {} f:name: {} f:value: {} k:{"name":"NO_PROXY"}: .: {} f:name: {} k:{"name":"TO"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":8080,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted/pem/"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/serving-certs-ca-bundle"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/telemeter"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"federate-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-telemeter-client"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-telemeter-client-kube-rbac-proxy-config"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"serving-certs-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"telemeter-client-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"telemeter-trusted-ca-bundle"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:18:33Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:18:33Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.132.0.19"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:18:36Z" name: telemeter-client-7cb4669c7f-x4lb9 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: telemeter-client-7cb4669c7f uid: 9827587c-e012-4f93-bea5-65063c37f33e resourceVersion: "11481" uid: 59a0a887-0ff2-4dc4-91b5-c5902ae1dcb0 spec: containers: - command: - /usr/bin/telemeter-client - --id=$(ID) - --from=$(FROM) - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --from-ca-file=/etc/serving-certs-ca-bundle/service-ca.crt - --from-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token - --to=$(TO) - --to-token-file=/etc/telemeter/token - --listen=localhost:8080 - --anonymize-salt-file=/etc/telemeter/salt - --anonymize-labels=$(ANONYMIZE_LABELS) - --match={__name__=~"cluster:usage:.*"} - --match={__name__="count:up0"} - --match={__name__="count:up1"} - --match={__name__="cluster_version"} - --match={__name__="cluster_version_available_updates"} - --match={__name__="cluster_version_capability"} - --match={__name__="cluster_operator_up"} - --match={__name__="cluster_operator_conditions"} - --match={__name__="cluster_version_payload"} - --match={__name__="cluster_installer"} - --match={__name__="cluster_infrastructure_provider"} - --match={__name__="cluster_feature_set"} - --match={__name__="instance:etcd_object_counts:sum"} - --match={__name__="ALERTS",alertstate="firing",severity=~"critical|warning|info|none"} - --match={__name__="code:apiserver_request_total:rate:sum"} - --match={__name__="cluster:capacity_cpu_cores:sum"} - --match={__name__="cluster:capacity_memory_bytes:sum"} - --match={__name__="cluster:cpu_usage_cores:sum"} - --match={__name__="cluster:memory_usage_bytes:sum"} - --match={__name__="openshift:cpu_usage_cores:sum"} - --match={__name__="openshift:memory_usage_bytes:sum"} - --match={__name__="workload:cpu_usage_cores:sum"} - --match={__name__="workload:memory_usage_bytes:sum"} - --match={__name__="cluster:virt_platform_nodes:sum"} - --match={__name__="cluster:node_instance_type_count:sum"} - --match={__name__="cnv:vmi_status_running:count"} - --match={__name__="cnv_abnormal", reason=~"memory_working_set_delta_from_request|memory_rss_delta_from_request"} - --match={__name__="cluster:vmi_request_cpu_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_cores:sum"} - --match={__name__="node_role_os_version_machine:cpu_capacity_sockets:sum"} - --match={__name__="subscription_sync_total"} - --match={__name__="olm_resolution_duration_seconds"} - --match={__name__="csv_succeeded"} - --match={__name__="csv_abnormal"} - --match={__name__="cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum"} - --match={__name__="cluster:kubelet_volume_stats_used_bytes:provisioner:sum"} - --match={__name__="ceph_cluster_total_bytes"} - --match={__name__="ceph_cluster_total_used_raw_bytes"} - --match={__name__="ceph_health_status"} - --match={__name__="odf_system_raw_capacity_total_bytes"} - --match={__name__="odf_system_raw_capacity_used_bytes"} - --match={__name__="odf_system_health_status"} - --match={__name__="job:ceph_osd_metadata:count"} - --match={__name__="job:kube_pv:count"} - --match={__name__="job:odf_system_pvs:count"} - --match={__name__="job:ceph_pools_iops:total"} - --match={__name__="job:ceph_pools_iops_bytes:total"} - --match={__name__="job:ceph_versions_running:count"} - --match={__name__="job:noobaa_total_unhealthy_buckets:sum"} - --match={__name__="job:noobaa_bucket_count:sum"} - --match={__name__="job:noobaa_total_object_count:sum"} - --match={__name__="odf_system_bucket_count", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="odf_system_objects_total", system_type="OCS", system_vendor="Red Hat"} - --match={__name__="noobaa_accounts_num"} - --match={__name__="noobaa_total_usage"} - --match={__name__="console_url"} - --match={__name__="cluster:console_auth_login_requests_total:sum"} - --match={__name__="cluster:console_auth_login_successes_total:sum"} - --match={__name__="cluster:console_auth_login_failures_total:sum"} - --match={__name__="cluster:console_auth_logout_requests_total:sum"} - --match={__name__="cluster:console_usage_users:max"} - --match={__name__="cluster:console_plugins_info:max"} - --match={__name__="cluster:console_customization_perspectives_info:max"} - --match={__name__="cluster:ovnkube_controller_egress_routing_via_host:max"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_db_objects:max",table_name=~"ACL|Address_Set"} - --match={__name__="cluster:ovnkube_controller_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Pass|Allow|Deny"} - --match={__name__="cluster:ovnkube_controller_baseline_admin_network_policies_rules:max",direction=~"Ingress|Egress",action=~"Allow|Deny"} - --match={__name__="cluster:network_attachment_definition_instances:max"} - --match={__name__="cluster:network_attachment_definition_enabled_instance_up:max"} - --match={__name__="cluster:ingress_controller_aws_nlb_active:sum"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:min"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:max"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:avg"} - --match={__name__="cluster:route_metrics_controller_routes_per_shard:median"} - --match={__name__="cluster:openshift_route_info:tls_termination:sum"} - --match={__name__="openshift:gateway_api_usage:count",gateway_class_type=~"openshift|not-openshift"} - --match={__name__="insightsclient_request_send_total"} - --match={__name__="cam_app_workload_migrations"} - --match={__name__="cluster:apiserver_current_inflight_requests:sum:max_over_time:2m"} - --match={__name__="cluster:alertmanager_integrations:max"} - --match={__name__="cluster:telemetry_selected_series:count"} - --match={__name__="openshift:prometheus_tsdb_head_series:sum"} - --match={__name__="openshift:prometheus_tsdb_head_samples_appended_total:sum"} - --match={__name__="monitoring:container_memory_working_set_bytes:sum"} - --match={__name__="namespace_job:scrape_series_added:topk3_sum1h"} - --match={__name__="namespace_job:scrape_samples_post_metric_relabeling:topk3"} - --match={__name__="monitoring:haproxy_server_http_responses_total:sum"} - --match={__name__="profile:cluster_monitoring_operator_collection_profile:max"} - --match={__name__="vendor_model:node_accelerator_cards:sum",vendor=~"NVIDIA|AMD|GAUDI|INTEL|QUALCOMM|Marvell|Mellanox"} - --match={__name__="rhmi_status"} - --match={__name__="status:upgrading:version:rhoam_state:max"} - --match={__name__="state:rhoam_critical_alerts:max"} - --match={__name__="state:rhoam_warning_alerts:max"} - --match={__name__="rhoam_7d_slo_percentile:max"} - --match={__name__="rhoam_7d_slo_remaining_error_budget:max"} - --match={__name__="cluster_legacy_scheduler_policy"} - --match={__name__="cluster_master_schedulable"} - --match={__name__="che_workspace_status"} - --match={__name__="che_workspace_started_total"} - --match={__name__="che_workspace_failure_total"} - --match={__name__="che_workspace_start_time_seconds_sum"} - --match={__name__="che_workspace_start_time_seconds_count"} - --match={__name__="cco_credentials_mode"} - --match={__name__="cluster:kube_persistentvolume_plugin_type_counts:sum"} - --match={__name__="acm_managed_cluster_info"} - --match={__name__="acm_managed_cluster_worker_cores:max"} - --match={__name__="acm_console_page_count:sum", page=~"overview-classic|overview-fleet|search|search-details|clusters|application|governance"} - --match={__name__="cluster:vsphere_vcenter_info:sum"} - --match={__name__="cluster:vsphere_esxi_version_total:sum"} - --match={__name__="cluster:vsphere_node_hw_version_total:sum"} - --match={__name__="openshift:build_by_strategy:sum"} - --match={__name__="rhods_aggregate_availability"} - --match={__name__="rhods_total_users"} - --match={__name__="instance:etcd_disk_wal_fsync_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_bytes:sum"} - --match={__name__="instance:etcd_network_peer_round_trip_time_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="instance:etcd_mvcc_db_total_size_in_use_in_bytes:sum"} - --match={__name__="instance:etcd_disk_backend_commit_duration_seconds:histogram_quantile",quantile="0.99"} - --match={__name__="jaeger_operator_instances_storage_types"} - --match={__name__="jaeger_operator_instances_strategies"} - --match={__name__="jaeger_operator_instances_agent_strategies"} - --match={__name__="type:tempo_operator_tempostack_storage_backend:sum",type=~"azure|gcs|s3"} - --match={__name__="state:tempo_operator_tempostack_managed:sum",state=~"Managed|Unmanaged"} - --match={__name__="type:tempo_operator_tempostack_multi_tenancy:sum",type=~"static|openshift|disabled"} - --match={__name__="enabled:tempo_operator_tempostack_jaeger_ui:sum",enabled=~"true|false"} - --match={__name__="type:opentelemetry_collector_receivers:sum",type=~"jaeger|hostmetrics|opencensus|prometheus|zipkin|kafka|filelog|journald|k8sevents|kubeletstats|k8scluster|k8sobjects|otlp"} - --match={__name__="type:opentelemetry_collector_exporters:sum",type=~"debug|logging|otlp|otlphttp|prometheus|lokiexporter|kafka|awscloudwatchlogs|loadbalancing"} - --match={__name__="type:opentelemetry_collector_processors:sum",type=~"batch|memorylimiter|attributes|resource|span|k8sattributes|resourcedetection|filter|routing|cumulativetodelta|groupbyattrs"} - --match={__name__="type:opentelemetry_collector_extensions:sum",type=~"zpages|ballast|memorylimiter|jaegerremotesampling|healthcheck|pprof|oauth2clientauth|oidcauth|bearertokenauth|filestorage"} - --match={__name__="type:opentelemetry_collector_connectors:sum",type=~"spanmetrics|forward"} - --match={__name__="type:opentelemetry_collector_info:sum",type=~"deployment|daemonset|sidecar|statefulset"} - --match={__name__="appsvcs:cores_by_product:sum"} - --match={__name__="nto_custom_profiles:count"} - --match={__name__="openshift_csi_share_configmap"} - --match={__name__="openshift_csi_share_secret"} - --match={__name__="openshift_csi_share_mount_failures_total"} - --match={__name__="openshift_csi_share_mount_requests_total"} - --match={__name__="eo_es_storage_info"} - --match={__name__="eo_es_redundancy_policy_info"} - --match={__name__="eo_es_defined_delete_namespaces_total"} - --match={__name__="eo_es_misconfigured_memory_resources_info"} - --match={__name__="cluster:eo_es_data_nodes_total:max"} - --match={__name__="cluster:eo_es_documents_created_total:sum"} - --match={__name__="cluster:eo_es_documents_deleted_total:sum"} - --match={__name__="pod:eo_es_shards_total:max"} - --match={__name__="eo_es_cluster_management_state_info"} - --match={__name__="imageregistry:imagestreamtags_count:sum"} - --match={__name__="imageregistry:operations_count:sum"} - --match={__name__="log_logging_info"} - --match={__name__="log_collector_error_count_total"} - --match={__name__="log_forwarder_pipeline_info"} - --match={__name__="log_forwarder_input_info"} - --match={__name__="log_forwarder_output_info"} - --match={__name__="cluster:log_collected_bytes_total:sum"} - --match={__name__="cluster:log_logged_bytes_total:sum"} - --match={__name__="openshift_logging:log_forwarder_pipelines:sum"} - --match={__name__="openshift_logging:log_forwarders:sum"} - --match={__name__="openshift_logging:log_forwarder_input_type:sum"} - --match={__name__="openshift_logging:log_forwarder_output_type:sum"} - --match={__name__="openshift_logging:vector_component_received_bytes_total:rate5m"} - --match={__name__="cluster:kata_monitor_running_shim_count:sum"} - --match={__name__="platform:hypershift_hostedclusters:max"} - --match={__name__="platform:hypershift_nodepools:max"} - --match={__name__="cluster_name:hypershift_nodepools_size:sum"} - --match={__name__="cluster_name:hypershift_nodepools_available_replicas:sum"} - --match={__name__="namespace:noobaa_unhealthy_bucket_claims:max"} - --match={__name__="namespace:noobaa_buckets_claims:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_resources:max"} - --match={__name__="namespace:noobaa_namespace_resources:max"} - --match={__name__="namespace:noobaa_unhealthy_namespace_buckets:max"} - --match={__name__="namespace:noobaa_namespace_buckets:max"} - --match={__name__="namespace:noobaa_accounts:max"} - --match={__name__="namespace:noobaa_usage:max"} - --match={__name__="namespace:noobaa_system_health_status:max"} - --match={__name__="ocs_advanced_feature_usage"} - --match={__name__="os_image_url_override:sum"} - --match={__name__="cluster:mcd_nodes_with_unsupported_packages:count"} - --match={__name__="cluster:mcd_total_unsupported_packages:sum"} - --match={__name__="cluster:vsphere_topology_tags:max"} - --match={__name__="cluster:vsphere_infrastructure_failure_domains:max"} - --match={__name__="apiserver_list_watch_request_success_total:rate:sum", verb=~"LIST|WATCH"} - --match={__name__="rhacs:telemetry:rox_central_info"} - --match={__name__="rhacs:telemetry:rox_central_secured_clusters"} - --match={__name__="rhacs:telemetry:rox_central_secured_nodes"} - --match={__name__="rhacs:telemetry:rox_central_secured_vcpus"} - --match={__name__="rhacs:telemetry:rox_sensor_info"} - --match={__name__="cluster:volume_manager_selinux_pod_context_mismatch_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_warnings_total"} - --match={__name__="cluster:volume_manager_selinux_volume_context_mismatch_errors_total"} - --match={__name__="cluster:volume_manager_selinux_volumes_admitted_total"} - --match={__name__="ols:provider_model_configuration"} - --match={__name__="ols:rest_api_query_calls_total:2xx"} - --match={__name__="ols:rest_api_query_calls_total:4xx"} - --match={__name__="ols:rest_api_query_calls_total:5xx"} - --match={__name__="openshift:openshift_network_operator_ipsec_state:info"} - --match={__name__="cluster:health:group_severity:count", severity=~"critical|warning|info|none"} - --match={__name__="cluster:controlplane_topology:info", mode=~"HighlyAvailable|HighlyAvailableArbiter|SingleReplica|DualReplica|External"} - --match={__name__="cluster:infrastructure_topology:info", mode=~"HighlyAvailable|SingleReplica"} - --match={__name__="cluster:selinux_warning_controller_selinux_volume_conflict:count"} - --match={__name__="cluster:mtv_migrations_status_total:sum", provider=~"ova|vsphere|openstack|openshift|ovirt|awsec2", target=~"Local|Remote", mode=~"Cold|Warm|RCM", status=~"Succeeded|Failed|Canceled"} - --limit-bytes=5242880 env: - name: ANONYMIZE_LABELS - name: FROM value: https://prometheus-k8s.openshift-monitoring.svc:9091 - name: ID value: 68e35847-f5b1-4d30-88bb-6b6e757a8a1a - name: TO value: https://infogw.api.openshift.com/ - name: HTTP_PROXY - name: HTTPS_PROXY - name: NO_PROXY image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 imagePullPolicy: IfNotPresent name: telemeter-client ports: - containerPort: 8080 name: http protocol: TCP resources: requests: cpu: 1m memory: 40Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /etc/telemeter name: secret-telemeter-client - mountPath: /etc/tls/private name: federate-client-tls - mountPath: /etc/pki/ca-trust/extracted/pem/ name: telemeter-trusted-ca-bundle readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n8m59 readOnly: true - args: - --reload-url=http://localhost:8080/-/reload - --watched-dir=/etc/serving-certs-ca-bundle image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imagePullPolicy: IfNotPresent name: reload resources: requests: cpu: 1m memory: 10Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n8m59 readOnly: true - args: - --secure-listen-address=:8443 - --upstream=http://127.0.0.1:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --config-file=/etc/kube-rbac-policy/config.yaml - --client-ca-file=/etc/tls/client/client-ca.crt - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: requests: cpu: 1m memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: telemeter-client-tls - mountPath: /etc/kube-rbac-policy name: secret-telemeter-client-kube-rbac-proxy-config readOnly: true - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n8m59 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: telemeter-client-dockercfg-lh8kc nodeName: ip-10-0-139-125.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: telemeter-client serviceAccountName: telemeter-client terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - configMap: defaultMode: 420 name: telemeter-client-serving-certs-ca-bundle name: serving-certs-ca-bundle - name: secret-telemeter-client secret: defaultMode: 420 secretName: telemeter-client - name: telemeter-client-tls secret: defaultMode: 420 secretName: telemeter-client-tls - name: federate-client-tls secret: defaultMode: 420 secretName: federate-client-certs - name: secret-telemeter-client-kube-rbac-proxy-config secret: defaultMode: 420 secretName: telemeter-client-kube-rbac-proxy-config - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: tls-ca-bundle.pem name: telemeter-trusted-ca-bundle-8i12ta5c71j38 optional: true name: telemeter-trusted-ca-bundle - name: kube-api-access-n8m59 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:36Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:33Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:36Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:36Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:18:33Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 20Mi containerID: cri-o://7eae49ab3e3fc7559277791a318d8cee12382b143f9ad88c2d1dcfcac5ea76a7 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 20Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:35Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: telemeter-client-tls - mountPath: /etc/kube-rbac-policy name: secret-telemeter-client-kube-rbac-proxy-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n8m59 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 10Mi containerID: cri-o://20880b7266b0734662c6eebac1667fb8fe4e88236ee97e55c3ed3111666e36b4 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef540dbe38dea5d0ce23ed13830e92834f3f6b8ba5d2ebfd371d8986c6f65cb9 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf8da2e0d568c69a8f868efdaac2db783d9e0e7e01ae6fe33de9e6fcf7cbdaf1 lastState: {} name: reload ready: true resources: requests: cpu: 1m memory: 10Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:35Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n8m59 readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 40Mi containerID: cri-o://843f57db105f13698c62785be1910554e5e76af47a78ff7f0fd8ffe4ee243b81 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4cec7489b9c3e1cc031aad504a594ba4a5765a6584b76141ff515728c5b05729 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:35da2ec719f2e4e8e93b0fc2b4727287aa13298d1731d73ce391d556f153e027 lastState: {} name: telemeter-client ready: true resources: requests: cpu: 1m memory: 40Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:18:35Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/serving-certs-ca-bundle name: serving-certs-ca-bundle - mountPath: /etc/telemeter name: secret-telemeter-client - mountPath: /etc/tls/private name: federate-client-tls - mountPath: /etc/pki/ca-trust/extracted/pem/ name: telemeter-trusted-ca-bundle readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-n8m59 readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.139.125 hostIPs: - ip: 10.0.139.125 observedGeneration: 1 phase: Running podIP: 10.132.0.19 podIPs: - ip: 10.132.0.19 qosClass: Burstable startTime: "2026-06-05T11:18:33Z" - apiVersion: v1 kind: Pod metadata: annotations: k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.134.0.16/23"],"mac_address":"0a:58:0a:86:00:10","gateway_ips":["10.134.0.1"],"routes":[{"dest":"10.132.0.0/14","nextHop":"10.134.0.1"},{"dest":"172.31.0.0/16","nextHop":"10.134.0.1"},{"dest":"169.254.0.5/32","nextHop":"10.134.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.134.0.1"}],"ip_address":"10.134.0.16/23","gateway_ip":"10.134.0.1","role":"primary"}}' k8s.v1.cni.cncf.io/network-status: |- [{ "name": "ovn-kubernetes", "interface": "eth0", "ips": [ "10.134.0.16" ], "mac": "0a:58:0a:86:00:10", "default": true, "dns": {} }] openshift.io/required-scc: restricted-v2 openshift.io/scc: restricted-v2 seccomp.security.alpha.kubernetes.io/pod: runtime/default security.openshift.io/validated-scc-subject-type: user creationTimestamp: "2026-06-05T11:17:11Z" generateName: thanos-querier-6ffc4c66b7- generation: 1 labels: app.kubernetes.io/component: query-layer app.kubernetes.io/instance: thanos-querier app.kubernetes.io/managed-by: cluster-monitoring-operator app.kubernetes.io/name: thanos-query app.kubernetes.io/part-of: openshift-monitoring app.kubernetes.io/version: 0.39.2 pod-template-hash: 6ffc4c66b7 managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.ovn.org/pod-networks: {} manager: ip-10-0-134-225 operation: Update subresource: status time: "2026-06-05T11:17:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} f:app.kubernetes.io/instance: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/name: {} f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"5e2b828f-42df-4020-b873-5940ae31dfa4"}: {} f:spec: f:containers: k:{"name":"kube-rbac-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9092,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-metrics"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9094,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/client"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-rules"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9093,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"kube-rbac-proxy-web"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":9091,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/kube-rbac-proxy"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/tls/private"}: .: {} f:mountPath: {} f:name: {} k:{"name":"prom-label-proxy"}: .: {} f:args: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} k:{"name":"thanos-query"}: .: {} f:args: {} f:env: .: {} k:{"name":"HOST_IP_ADDRESS"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":9090,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:allowPrivilegeEscalation: {} f:capabilities: .: {} f:drop: {} f:readOnlyRootFilesystem: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/tls/grpc"}: .: {} f:mountPath: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:runAsNonRoot: {} f:seccompProfile: .: {} f:type: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:volumes: .: {} k:{"name":"metrics-client-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"secret-grpc-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-metrics"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-rules"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-kube-rbac-proxy-web"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} k:{"name":"secret-thanos-querier-tls"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:secretName: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:17:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:k8s.v1.cni.cncf.io/network-status: {} manager: multus-daemon operation: Update subresource: status time: "2026-06-05T11:17:12Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} k:{"type":"PodScheduled"}: f:observedGeneration: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:observedGeneration: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:observedGeneration: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.134.0.16"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-06-05T11:17:22Z" name: thanos-querier-6ffc4c66b7-p9tk8 namespace: openshift-monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: thanos-querier-6ffc4c66b7 uid: 5e2b828f-42df-4020-b873-5940ae31dfa4 resourceVersion: "9953" uid: f11342df-b91a-4a9b-aefe-83e363a18235 spec: containers: - args: - query - --grpc-address=127.0.0.1:10901 - --http-address=127.0.0.1:9090 - --log.format=logfmt - --query.replica-label=prometheus_replica - --query.replica-label=thanos_ruler_replica - --endpoint=dnssrv+_grpc._tcp.prometheus-operated.openshift-monitoring.svc.cluster.local - --query.auto-downsampling - --store.sd-dns-resolver=miekgdns - --grpc-client-tls-secure - --grpc-client-tls-cert=/etc/tls/grpc/client.crt - --grpc-client-tls-key=/etc/tls/grpc/client.key - --grpc-client-tls-ca=/etc/tls/grpc/ca.crt - --grpc-client-server-name=prometheus-grpc - --web.disable-cors env: - name: HOST_IP_ADDRESS valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imagePullPolicy: IfNotPresent name: thanos-query ports: - containerPort: 9090 name: http protocol: TCP resources: requests: cpu: 10m memory: 12Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000450000 seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true - args: - --secure-listen-address=0.0.0.0:9091 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --ignore-paths=/-/healthy,/-/ready - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 4 httpGet: path: /-/healthy port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 name: kube-rbac-proxy-web ports: - containerPort: 9091 name: web protocol: TCP readinessProbe: failureThreshold: 20 httpGet: path: /-/ready port: 9091 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true - args: - --secure-listen-address=0.0.0.0:9092 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/query,/api/v1/query_range,/api/v1/labels,/api/v1/label/*/values,/api/v1/series - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9092 name: tenancy protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true - args: - --insecure-listen-address=127.0.0.1:9095 - --upstream=http://127.0.0.1:9090 - --label=namespace - --enable-label-apis - --error-on-replace - --rules-with-active-alerts - --enable-label-matchers-for-rules-api image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imagePullPolicy: IfNotPresent name: prom-label-proxy resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true - args: - --secure-listen-address=0.0.0.0:9093 - --upstream=http://127.0.0.1:9095 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --allow-paths=/api/v1/rules,/api/v1/alerts - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-rules ports: - containerPort: 9093 name: tenancy-rules protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-rules - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true - args: - --secure-listen-address=0.0.0.0:9094 - --upstream=http://127.0.0.1:9090 - --config-file=/etc/kube-rbac-proxy/config.yaml - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --client-ca-file=/etc/tls/client/client-ca.crt - --allow-paths=/metrics - --tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imagePullPolicy: IfNotPresent name: kube-rbac-proxy-metrics ports: - containerPort: 9094 name: metrics protocol: TCP resources: requests: cpu: 1m memory: 15Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsUser: 1000450000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-metrics - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true imagePullSecrets: - name: thanos-querier-dockercfg-4jhln nodeName: ip-10-0-134-225.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000450000 runAsNonRoot: true seLinuxOptions: level: s0:c21,c15 seccompProfile: type: RuntimeDefault serviceAccount: thanos-querier serviceAccountName: thanos-querier terminationGracePeriodSeconds: 120 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - effect: NoSchedule key: node.kubernetes.io/memory-pressure operator: Exists volumes: - name: secret-thanos-querier-tls secret: defaultMode: 420 secretName: thanos-querier-tls - name: secret-thanos-querier-kube-rbac-proxy secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy - name: secret-thanos-querier-kube-rbac-proxy-web secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-web - name: secret-thanos-querier-kube-rbac-proxy-rules secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-rules - name: secret-thanos-querier-kube-rbac-proxy-metrics secret: defaultMode: 420 secretName: thanos-querier-kube-rbac-proxy-metrics - configMap: defaultMode: 420 name: metrics-client-ca name: metrics-client-ca - name: secret-grpc-tls secret: defaultMode: 420 secretName: thanos-querier-grpc-tls-66c54nmpvn1ji - name: kube-api-access-ppzjx projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:16Z" observedGeneration: 1 status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:22Z" observedGeneration: 1 status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:22Z" observedGeneration: 1 status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-05T11:17:11Z" observedGeneration: 1 status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://4bd822f211ad0472cf15cf56e417840e87f4a96259fded08e89513dde58c8e39 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:14Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://6dffe9dbcfc0f72d264b4a2d55be72e1c4e06a2c311955b4d71b08e7c8d9b825 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-metrics ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:15Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-metrics - mountPath: /etc/tls/client name: metrics-client-ca readOnly: true recursiveReadOnly: Disabled - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://1b98106bfcddb145add3022447c2b2e87ed2fec71028d20bb1a368c614901297 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-rules ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:15Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-rules - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://df59112f6bdf020ea17cfb63b5f6db37f842901f17b71ff052b1fee4c4e9510e image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c46116fef319d12c66333805d7ff38d291796e1c1ea1a7407263e914f37c2ea imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0299bce77fb9f786465c23efc36aca6557ddea63b9642c2176b17f827addddb2 lastState: {} name: kube-rbac-proxy-web ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:14Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/private name: secret-thanos-querier-tls - mountPath: /etc/kube-rbac-proxy name: secret-thanos-querier-kube-rbac-proxy-web - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 1m memory: 15Mi containerID: cri-o://45234770e42e6d79fe25d2927dc88fbbb1ecb59e4ab588273962d09f764d9fef image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5003f1338805001022e6ddf222c44d67884305fcdc3ed0d4acbb9b395c25eedd lastState: {} name: prom-label-proxy ready: true resources: requests: cpu: 1m memory: 15Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:15Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true recursiveReadOnly: Disabled - allocatedResources: cpu: 10m memory: 12Mi containerID: cri-o://3f0543b22e45a0311cbe93e799a3c1eaf1ea68d83dccb9757bd27b8e42962cc9 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83214869ae8a2114f0576913ae6f50fd1054e65aff6d8e10b53709dc0929ef57 imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:640fefc608be90a772c385f404c6385b035e679a671f1861810ac7d1db805f84 lastState: {} name: thanos-query ready: true resources: requests: cpu: 10m memory: 12Mi restartCount: 0 started: true state: running: startedAt: "2026-06-05T11:17:14Z" user: linux: gid: 0 supplementalGroups: - 0 - 1000450000 uid: 1000450000 volumeMounts: - mountPath: /etc/tls/grpc name: secret-grpc-tls - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-ppzjx readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.134.225 hostIPs: - ip: 10.0.134.225 observedGeneration: 1 phase: Running podIP: 10.134.0.16 podIPs: - ip: 10.134.0.16 qosClass: Burstable startTime: "2026-06-05T11:17:11Z" kind: PodList metadata: resourceVersion: "20203"