apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "2" creationTimestamp: "2026-03-30T15:25:35Z" generation: 2 labels: cluster.x-k8s.io/provider: bootstrap-kubeadm clusterctl.cluster.x-k8s.io: "" control-plane: controller-manager name: capi-kubeadm-bootstrap-controller-manager namespace: capi-kubeadm-bootstrap-system resourceVersion: "2688" uid: fe73bbd0-c3d6-4355-8b05-52add0012563 spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: cluster.x-k8s.io/provider: bootstrap-kubeadm control-plane: controller-manager strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: cluster.x-k8s.io/provider: bootstrap-kubeadm control-plane: controller-manager spec: containers: - args: - --leader-elect - --diagnostics-address=:8443 - --insecure-diagnostics=false - --feature-gates=MachinePool=true,KubeadmBootstrapFormatIgnition=false,PriorityQueue=false - --bootstrap-token-ttl=15m command: - /manager env: - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_UID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.uid image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.10.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: healthz scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP - containerPort: 9440 name: healthz protocol: TCP - containerPort: 8443 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: healthz scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsGroup: 65532 runAsUser: 65532 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccount: capi-kubeadm-bootstrap-manager serviceAccountName: capi-kubeadm-bootstrap-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node-role.kubernetes.io/control-plane volumes: - name: cert secret: defaultMode: 420 secretName: capi-kubeadm-bootstrap-webhook-service-cert status: availableReplicas: 1 conditions: - lastTransitionTime: "2026-03-30T15:25:42Z" lastUpdateTime: "2026-03-30T15:25:42Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available - lastTransitionTime: "2026-03-30T15:25:35Z" lastUpdateTime: "2026-03-30T15:25:49Z" message: ReplicaSet "capi-kubeadm-bootstrap-controller-manager-dd6b84dc9" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 2 readyReplicas: 1 replicas: 1 updatedReplicas: 1