apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
    meta.helm.sh/release-name: cinder
    meta.helm.sh/release-namespace: openstack
    openstackhelm.openstack.org/release_uuid: ""
  creationTimestamp: "2026-03-18T01:58:09Z"
  generation: 1
  labels:
    app.kubernetes.io/managed-by: Helm
    application: cinder
    component: volume
    release_group: cinder
  name: cinder-volume
  namespace: openstack
  resourceVersion: "11713"
  uid: d25be655-9244-40e3-87cf-554ba3b3a341
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      application: cinder
      component: volume
      release_group: cinder
  strategy:
    rollingUpdate:
      maxSurge: 3
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        configmap-bin-hash: 23d794b59bd8376c7916308c451019defcd089385b3075016e1a6d38af1a1bae
        configmap-etc-hash: c023b8e517e544bfac4beb9d22c00ca9119ff59c37687671b99d3d1e5b1f2fc7
        openstackhelm.openstack.org/release_uuid: ""
      creationTimestamp: null
      labels:
        application: cinder
        component: volume
        release_group: cinder
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: release_group
                  operator: In
                  values:
                  - cinder
                - key: application
                  operator: In
                  values:
                  - cinder
                - key: component
                  operator: In
                  values:
                  - volume
              topologyKey: kubernetes.io/hostname
            weight: 10
      containers:
      - command:
        - /tmp/cinder-volume.sh
        image: harbor.atmosphere.dev/ghcr.io/vexxhost/cinder:main@sha256:abbffdab1bddcb6cfbcdcd10d618c53f34f0c72cb81043957c14b3d1abe7c499
        imagePullPolicy: IfNotPresent
        name: cinder-volume
        resources: {}
        securityContext:
          capabilities:
            add:
            - SYS_ADMIN
          privileged: true
          readOnlyRootFilesystem: true
        terminationMessagePath: /var/log/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /tmp
          name: pod-tmp
        - mountPath: /tmp/cinder-volume.sh
          name: cinder-bin
          readOnly: true
          subPath: cinder-volume.sh
        - mountPath: /tmp/pod-shared
          name: pod-shared
        - mountPath: /var/lib/cinder/conversion
          name: cinder-conversion
        - mountPath: /etc/cinder/cinder.conf
          name: cinder-etc
          readOnly: true
          subPath: cinder.conf
        - mountPath: /etc/cinder/conf/backends.conf
          name: cinder-etc
          readOnly: true
          subPath: backends.conf
        - mountPath: /etc/ceph
          name: etcceph
        - mountPath: /etc/ceph/ceph.conf
          name: ceph-etc
          readOnly: true
          subPath: ceph.conf
        - mountPath: /tmp/client-keyring
          name: ceph-keyring
          readOnly: true
          subPath: key
        - mountPath: /var/lib/cinder/coordination
          name: cinder-coordination
        - mountPath: /etc/sudoers.d/kolla_cinder_sudoers
          name: cinder-etc
          readOnly: true
          subPath: cinder_sudoers
        - mountPath: /etc/sudoers.d/kolla_cinder_volume_sudoers
          name: cinder-etc
          readOnly: true
          subPath: cinder_sudoers
        - mountPath: /etc/cinder/rootwrap.conf
          name: cinder-etc
          readOnly: true
          subPath: rootwrap.conf
        - mountPath: /etc/cinder/rootwrap.d/volume.filters
          name: cinder-etc
          readOnly: true
          subPath: volume.filters
        - mountPath: /var/lib/cinder/tmp
          name: cinder-tmp
      dnsPolicy: ClusterFirst
      initContainers:
      - command:
        - kubernetes-entrypoint
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: INTERFACE_NAME
          value: eth0
        - name: PATH
          value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
        - name: DEPENDENCY_SERVICE
          value: openstack:keystone-api,openstack:cinder-api
        - name: DEPENDENCY_JOBS
          value: cinder-db-sync,cinder-ks-user,cinder-ks-endpoints,cinder-rabbit-init,cinder-storage-init
        - name: DEPENDENCY_DAEMONSET
        - name: DEPENDENCY_CONTAINER
        - name: DEPENDENCY_POD_JSON
        - name: DEPENDENCY_CUSTOM_RESOURCE
        image: harbor.atmosphere.dev/ghcr.io/vexxhost/kubernetes-entrypoint:edge
        imagePullPolicy: IfNotPresent
        name: init
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
          runAsUser: 65534
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      - command:
        - /tmp/ceph-keyring.sh
        env:
        - name: RBD_USER
          value: cinder
        image: harbor.atmosphere.dev/ghcr.io/vexxhost/cinder:main@sha256:abbffdab1bddcb6cfbcdcd10d618c53f34f0c72cb81043957c14b3d1abe7c499
        imagePullPolicy: IfNotPresent
        name: ceph-keyring-placement-rbd1
        resources: {}
        securityContext:
          readOnlyRootFilesystem: true
          runAsUser: 0
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /tmp
          name: pod-tmp
        - mountPath: /etc/ceph
          name: etcceph
        - mountPath: /tmp/ceph-keyring.sh
          name: cinder-bin
          readOnly: true
          subPath: ceph-keyring.sh
        - mountPath: /tmp/client-keyring
          name: ceph-keyring
          readOnly: true
          subPath: key
      - command:
        - chown
        - -R
        - 'cinder:'
        - /var/lib/cinder/coordination
        image: harbor.atmosphere.dev/ghcr.io/vexxhost/cinder:main@sha256:abbffdab1bddcb6cfbcdcd10d618c53f34f0c72cb81043957c14b3d1abe7c499
        imagePullPolicy: IfNotPresent
        name: ceph-coordination-volume-perms
        resources: {}
        securityContext:
          readOnlyRootFilesystem: true
          runAsUser: 0
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /tmp
          name: pod-tmp
        - mountPath: /var/lib/cinder/coordination
          name: cinder-coordination
      - command:
        - /tmp/retrieve-internal-tenant.sh
        env:
        - name: OS_IDENTITY_API_VERSION
          value: "3"
        - name: OS_AUTH_URL
          valueFrom:
            secretKeyRef:
              key: OS_AUTH_URL
              name: cinder-keystone-admin
        - name: OS_REGION_NAME
          valueFrom:
            secretKeyRef:
              key: OS_REGION_NAME
              name: cinder-keystone-admin
        - name: OS_INTERFACE
          valueFrom:
            secretKeyRef:
              key: OS_INTERFACE
              name: cinder-keystone-admin
        - name: OS_ENDPOINT_TYPE
          valueFrom:
            secretKeyRef:
              key: OS_INTERFACE
              name: cinder-keystone-admin
        - name: OS_PROJECT_DOMAIN_NAME
          valueFrom:
            secretKeyRef:
              key: OS_PROJECT_DOMAIN_NAME
              name: cinder-keystone-admin
        - name: OS_PROJECT_NAME
          valueFrom:
            secretKeyRef:
              key: OS_PROJECT_NAME
              name: cinder-keystone-admin
        - name: OS_USER_DOMAIN_NAME
          valueFrom:
            secretKeyRef:
              key: OS_USER_DOMAIN_NAME
              name: cinder-keystone-admin
        - name: OS_USERNAME
          valueFrom:
            secretKeyRef:
              key: OS_USERNAME
              name: cinder-keystone-admin
        - name: OS_PASSWORD
          valueFrom:
            secretKeyRef:
              key: OS_PASSWORD
              name: cinder-keystone-admin
        - name: OS_DEFAULT_DOMAIN
          valueFrom:
            secretKeyRef:
              key: OS_DEFAULT_DOMAIN
              name: cinder-keystone-admin
        - name: INTERNAL_PROJECT_NAME
          value: internal_cinder
        - name: INTERNAL_USER_NAME
          value: internal_cinder
        - name: SERVICE_OS_REGION_NAME
          valueFrom:
            secretKeyRef:
              key: OS_REGION_NAME
              name: cinder-keystone-user
        - name: SERVICE_OS_PROJECT_DOMAIN_NAME
          valueFrom:
            secretKeyRef:
              key: OS_PROJECT_DOMAIN_NAME
              name: cinder-keystone-user
        - name: SERVICE_OS_PROJECT_NAME
          valueFrom:
            secretKeyRef:
              key: OS_PROJECT_NAME
              name: cinder-keystone-user
        - name: SERVICE_OS_USER_DOMAIN_NAME
          valueFrom:
            secretKeyRef:
              key: OS_USER_DOMAIN_NAME
              name: cinder-keystone-user
        - name: SERVICE_OS_USERNAME
          valueFrom:
            secretKeyRef:
              key: OS_USERNAME
              name: cinder-keystone-user
        - name: SERVICE_OS_PASSWORD
          valueFrom:
            secretKeyRef:
              key: OS_PASSWORD
              name: cinder-keystone-user
        image: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:main@sha256:3be2b3d1ab07714491f915307416d288783e484669a4b58a8fe3b7412b97044c
        imagePullPolicy: IfNotPresent
        name: init-cinder-conf
        resources: {}
        securityContext:
          readOnlyRootFilesystem: true
          runAsUser: 0
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /tmp
          name: pod-tmp
        - mountPath: /tmp/retrieve-internal-tenant.sh
          name: cinder-bin
          readOnly: true
          subPath: retrieve-internal-tenant.sh
        - mountPath: /tmp/pod-shared
          name: pod-shared
      nodeSelector:
        openstack-control-plane: enabled
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        runAsUser: 42424
      serviceAccount: cinder-volume
      serviceAccountName: cinder-volume
      terminationGracePeriodSeconds: 30
      volumes:
      - emptyDir: {}
        name: pod-tmp
      - configMap:
          defaultMode: 365
          name: cinder-bin
        name: cinder-bin
      - name: cinder-etc
        secret:
          defaultMode: 292
          secretName: cinder-etc
      - emptyDir: {}
        name: pod-shared
      - emptyDir: {}
        name: cinder-conversion
      - emptyDir: {}
        name: etcceph
      - configMap:
          defaultMode: 292
          name: ceph-etc
        name: ceph-etc
      - name: ceph-keyring
        secret:
          defaultMode: 420
          secretName: cinder-volume-rbd-keyring
      - emptyDir: {}
        name: cinder-coordination
      - emptyDir: {}
        name: cinder-tmp
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2026-03-18T01:58:09Z"
    lastUpdateTime: "2026-03-18T01:58:09Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2026-03-18T01:58:09Z"
    lastUpdateTime: "2026-03-18T02:02:34Z"
    message: ReplicaSet "cinder-volume-d8c76fd8b" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 1
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1