--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-11T20:00:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"eeb5f143-82a6-46f5-91d6-bc9a04efbe68"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T20:00:44Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: eeb5f143-82a6-46f5-91d6-bc9a04efbe68 resourceVersion: "2721" uid: 63986862-1b32-411c-898c-6b698f278e0c - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-11T20:00:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-11T20:00:44Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2705" uid: d0e3e60c-ac8a-45c4-8f40-c3655ca9a291 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-11T20:00:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"eeb5f143-82a6-46f5-91d6-bc9a04efbe68"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T20:00:44Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: eeb5f143-82a6-46f5-91d6-bc9a04efbe68 resourceVersion: "2701" uid: b61e42e1-b5a9-40b2-bf4a-a391a3b100a4 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIUW92qWakImgwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMTE5NTgyOVoX DTM2MDYwODE5NTgyOVowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks5uNRjAWFvi kOneestEoCy9+XVzMNlLqiLgu6sWNghFU3EJ71l9zySMaifrQ5nMZ3m4lb1OtocA aAsm2YzZijHoRtifD6OCp8pYBlKMtARdx8JcUlUJ3/qxVtxvESCAgHsYdzo/Gp0m 9UEQ7kcYn3YyF7rhkwCHnCp9hwjlFREVAO6BADdp/1/PrnclBcA23uRty6Ql5ufF wxfIwQ0y1N3E/vNOOyUueWsVs0oIiG0HRB243sXSVNTUr2u6SZHkeITN7RGTQYcw wMOoF3WnX10xeP2uGtouy/Pp5g49yEek0rJ1YcUPoFoyAltjEWPdmpU7gBVQj1P4 633RJwsQxwIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRA2/BbPPE5HpKWbHE2yEJeyYt7sXOBZGuZ06t8Cmecd/SuudTs gBN5iBBPAvyhuKSBlkk6VPRY+hN09N/JsozzADANBgkqhkiG9w0BAQsFAAOCAQEA jqUEnKYm6spWQYgmZwsPHqg6/GkGCRGPzZCgl0CamlG8+5tqhAbFuTMeBMZPFnKV Sfh0Y8BptfkX8sVBh8UR53Jl4aqUQWTBQuwZ1/iLxSxUPDEdo7c+GYmWrPWSHlHH t+5USSw8MsBLAHnVDegsuv+m9u1Qb6qQVkXNB+ReBl89Llbpq+9rt7Z+6IC1QAz7 hlw4N+SGJFGU/8xrV0hpPGft/6SIpglLn2EHROKDVD1AE5EPBfiDYmPiEknPopjz 5qWzPG/DntzFNnb5RxInXQuT3SojtMI85L6b7+a1EBuA312OijNmaWc0GaI2tBS/ XkM2uWDmHNX9HYWf+r4bgA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIfa8QdeizpPcwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMTE5NTg1NloX DTI3MDYxMTE5NTg1NlowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALSw5nP4h6oOdLRHnMDCIoiXjg1OB71Ap41DyuM0nCeFi2Uym7Iz6iNSi8ZopSUn h4qA8R5zHZtu0fvCfJUIDs9z+YAJJhLdbKpsv13PFWvxp9UUtxa3uEJckkNHnxp0 RXz5NhAsdtxbtBRpGMIqFOv7qrExbcTbqOOCTC4PcRaJQ1aOsJhFN0qtOvxoKB+W WwWUbMVqzQkKhLTl8CnBphuZDd0yjuuQ7GYsx49KAZSklq50xm5k1foA6yGcEr9r R/2C5tD5DgRfkjccohG7ged910Yp3/G+b7dKJqdGBtxsSd89m3M8D+TKb7R48wgz TI5+Urn3M0006GnJFFbGeYcCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAKgrdSPIVVI8p9PV+RycXiaBdjc+DjDnKNsLiTyOfsdXYdDNac+K1n9gJ Xm4vziLs0Ct8/5BsU9cpg+0TJsty6DBLBgNVHSMERDBCgEDb8Fs88TkekpZscTbI Ql7Ji3uxc4Fka5nTq3wKZ5x39K651OyAE3mIEE8C/KG4pIGWSTpU9Fj6E3T038my jPMAMEsGA1UdEQREMEKCQCouYXBwcy4zMWZmYWRlMC01YzEwLTQxZmUtOTYzNy1m ODYyZTc4ZDBjOWQucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAG0i+ss3uDE8RHKLOad7bGoPCkyE1nFRZsTmpGHdyf3FQt6VBizTjzXwvRa9 FzFmmEzlYrL25hJx3u7tMzNXZnxLrxzdLXIamMgQDYL12G8QsWfZJDJ05EcjZpWo XwNftBH0RCeUJ8TzriyO9sDxba+qETtKSCz4rbNHBOkbDIQnQLGz7Nk2wiriAL9r Nde2bQDkU8mab2hH1SBN3TME0QlAY8JqaCLOnP9FzQk9elyG5mRKJFz/sGnnpMXc hqhYidP0NQ/5ZQo0CFCVf0P0Jz/G6Lgl4QC2UpJO2Fr5KcxU7rohHl3K/rsuAYAq dZXkLN8IaYLugOK0Ub6MHdrVAm0= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-11T20:00:56Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-11T20:00:56Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3377" uid: b685090f-01ba-4f93-af41-5da2a969e0f5 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-11T20:00:45Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"eeb5f143-82a6-46f5-91d6-bc9a04efbe68"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T20:00:45Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: eeb5f143-82a6-46f5-91d6-bc9a04efbe68 resourceVersion: "2747" uid: 8a9d6ea7-3fa3-4483-ac73-d5b99085e31e - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIN016ZlZWgM4wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTIwODY2MzAe Fw0yNjA2MTEyMDExMDNaFw0yODA4MDkyMDExMDRaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODEyMDg2NjMwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwA25AaU7AfE1qYwKBYlRP1jkzX5EFVWfH 8SPLcotpGFa7EqkmnFi+sCssY6iKcBwOrrc1BA22QALTSQ8x0cbx++8uVsEWCaIr OPBGzzyL4Qdkx9s075n8Ctq+hnyhsqfXrjiG6yJX/xbOnTtNpYqhUneLh3BU7Yry uFntOQWpPFEX4bFykzmjJDvL3TVjyJUlw3iKLhDcV41Vgvo9Ki1Rj1LcRwECvy88 WwZNxU3TEB3ONyzcuELmShDe1I4J+Z64aABpBvcSCXn8uc1iQGQUd9pUg97Xy0Ak f3TANNjZr7smKIdjKZ224jJKvQUW5acVtYwFLrQbmKDfCHOeuWIlAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTyXjgr W1YTshiKJFyMHvxYfDXR6TAfBgNVHSMEGDAWgBTyXjgrW1YTshiKJFyMHvxYfDXR 6TANBgkqhkiG9w0BAQsFAAOCAQEAkiuK+uTkPgNcYgDGR2DM6txk65n4tFs6pE5S UFU0VZ5psIr1YLwlRNr++XvKEtk/vWKuMgXe/V+LyhVGC5c+Gar/9xcbkEKsACLA Q+B8PtDj9nRMz1GqnS1462+ng8KCLyzucRmr9EVxwV2XbAa6Tfx+uKU55v4Fzw4A 4nrluYnmY0xz4mdYZ0MI69o14XHdSE1Afr2Q8H+NcRlxHecS10kH4cqJ2RqG6fqm p8wRYt8vfW6eaj1BF8btoEMt12yM1u6ZvcmtrGVYuyYM5MLc1KsIn7qUPP/gcIZs MKQCfAcFD3ee0O8P2wvivjAYRyzjZ9N+MmbLFw1fEtPlwdl0IQ== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-11T20:00:56Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-11T20:00:56Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-11T20:11:17Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9049" uid: 1b35ddda-a17e-4804-a68d-c1620653c549 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-11T20:00:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"eeb5f143-82a6-46f5-91d6-bc9a04efbe68"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T20:00:44Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: eeb5f143-82a6-46f5-91d6-bc9a04efbe68 resourceVersion: "2736" uid: b1fea92b-1c52-48ed-a0b5-bfa96dd9738a kind: ConfigMapList metadata: resourceVersion: "12276"