--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.24 creationTimestamp: "2026-06-02T08:55:14Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"0f4f09a9-131b-4f1b-85a6-31593419b523"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-02T08:55:14Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 0f4f09a9-131b-4f1b-85a6-31593419b523 resourceVersion: "2589" uid: 2e1808a6-110c-4668-9636-06f923c70b52 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.24 creationTimestamp: "2026-06-02T08:55:14Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-02T08:55:14Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2581" uid: d168e98f-a590-4362-a3da-195b370aac46 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.24 creationTimestamp: "2026-06-02T08:55:14Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"0f4f09a9-131b-4f1b-85a6-31593419b523"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-02T08:55:14Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 0f4f09a9-131b-4f1b-85a6-31593419b523 resourceVersion: "2580" uid: dd32071b-1a3a-4f76-bb33-3834ac2067e0 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIOPEpwLyQV6cwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwMjA4NTI0NFoX DTM2MDUzMDA4NTI0NFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJoGcf5GkKry 2EJyLygIoOuDxzENC9oOD0zeMGvkuuQNAx5SHPv38Bygoh0Df2hDLfEXB0wlGv3s fWPCmAO8bs4MwOIX5GXvY3/UocqKND7ddf+gtQew8q+Pb9bilLvEpvdFV8FcBibc ThEDr8M7vcxnYV6w9wr7Qgcq7szH2XQnvvEfE78lgsTEWTc7E0Ii4NgeAu5+3gQu zjVPGPIEQ/XOnd8tHcBlgkkeZD8Jet4ASpfZNDCVj1qvOOs/BH1swwJRMdQUnyUh zzQ23MogEKdOdnxrbrZLPI5j/LrcMNGi+/IU4NZg0MFArHhD+ZmKAU/jCLtL+haW qJm/5iNxdQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRA/sSJyXweNmfuwYQ59BjMufumFbeFOz8Id7C/conl9msAu1vh yMaKbWoZnSe6Eq161Ih+AOgfSp1vqvPPTzU77jANBgkqhkiG9w0BAQsFAAOCAQEA miCxMhCTjJRswONkmGUsN2o3tVU0K1r6K4ii51/vNkhV8batr5sA/soRnV2gVq98 IeFbFBlB1N9hpO+57CO5eG5WqVYNP2rZlYRBUnsIH2wHyJPBwFxP+OpkzHOo+B/g NUXZ4X/4QDvQqZgllb/OhpZCiSUUnxJyu1+T13qStYvouBQdL5B717FUVkIplDIW ZZuWV0DrM6XIaagBgiiXcST4CblM0fImKjID8NWB7geY6GlbV2MNpzudzwbRgweo 31OxCxML8oJIRcBdl0QnYxPJoMQoPqA6J9gG4uCWzQOVuiWD2JF+VL1joxCrncAV XZKO1drtBZ6y1cGT55woWA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIEUxC+Hg3EwEwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwMjA4NTMxN1oX DTI3MDYwMjA4NTMxN1owMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMBNiOfll/ApC5fzRWdAY6LX2gkMuYDytrBqoPl3ALk2ZLECVKyyxN8ZQEh99asY M2hkif7GsTBRqPQ3Zc9rstZ0mfQpJ70X2r3lvRHnfo4I4eyFcDpPpokFC7iou7eD wg/AMhiHjbYON/ffnb5HrgBgBgzXPzFOpd5ht6VJVW5xvKTnH5XKYgYM7qawFbXW UWuvC74xl22uS4LU5Qyn9u6osFhJLoB6IU3IVUf6+JlTSJeUjelWYAc2HKFnDBkQ O1/R022ulCtNWCasDj/E/qiTjs0gz6E8nmr9C1Nl2LUZx9ycMZ/dnVe4j1EyGTeC OLeRU8BBJKEFiyLOy56pddsCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAJh2PXjbRmB60bVcrksiGKaS5hdCFUyFlqelKXe5Wkrr9GZD6UCBtG3S/ XtvmEwQwB70PjFIZhv1A4c4fEFJogTBLBgNVHSMERDBCgED+xInJfB42Z+7BhDn0 GMy5+6YVt4U7Pwh3sL9yieX2awC7W+HIxoptahmdJ7oSrXrUiH4A6B9KnW+q889P NTvuMEsGA1UdEQREMEKCQCouYXBwcy4yZDk2ZDdkYi02ZmU4LTQyMDgtOWJkMS1m MDdiY2VhZjdhMzUucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAIQNjEyeM/m1qPb/n9rUIUZ++v82o0hYD6UK9cypaaEqfsTPjpcza8yRng8U c25L/6wo6HecTGTwcD4nNnPbADeoT8DEw9jZO0D0+xEa8A1dOU8KGMwTtwvkVu6X Egquu1FiiCN4+A+7J0/K8Y/LBzImyFXZzMCOJSrjoC5hIXpUbyZ7SteBSzq29PJm NTOlEAw8tLgaMbzndITR/K8FdScuDNylJpvINvgYkxOG2rGm95FXJB6nRV0f2c6D RjXfpC1Xcyoywgq7ytrqmMzPUAVZBY/T7BkDghpesZR2UUGR1rVDWQXmDHneaJ6P klfziGRSXg31JaC5tXFeW+xE6Yg= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-02T08:55:11Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-02T08:55:56Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4404" uid: 0be63fd3-dfb4-4a69-b0da-3fa8e4d06307 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-02T08:55:15Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"0f4f09a9-131b-4f1b-85a6-31593419b523"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-02T08:55:15Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 0f4f09a9-131b-4f1b-85a6-31593419b523 resourceVersion: "2602" uid: 3d4886e6-2bbf-44b5-abd9-95ebd9ea22cf - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIB52+MMhw3DkwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDM5MDg5MDAe Fw0yNjA2MDIwOTAxMjlaFw0yODA3MzEwOTAxMzBaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODAzOTA4OTAwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBWHs4scdKTlLOkZE3zcYnkl7KRk/SpfnE UyISgwLHe58xRr0GoIjlrFVJwqFd0YEi9tUCihNhnr5gWGL2ugO0Q+Voiv1mCwAk 4LBTy6D/rnlHRXWEp9RwG1USfvmOIjmgXCi7KSWdxck3z6kD2pRrYX7HXAeqKJm9 m3jMZho6HoIuChIKPOGb+EHoT+j7ETe70n/kIBSpBNZTj1OcKHOLfkKOJsAnSoix hANrSkXgV1u3AcLYBbaXLDtwMOsPYyrkkrKfVTY1OwE/j7UfjqjqqVkuvt272vEI I46ySoKJAaoMmXBX7s4ezQRW7yfgBCl4GyNg1npYkXeN63DvPcHbAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQR2LnZ 3N1JYwWOCLqp02qUit+AnTAfBgNVHSMEGDAWgBQR2LnZ3N1JYwWOCLqp02qUit+A nTANBgkqhkiG9w0BAQsFAAOCAQEAIEAcT4TvPgO9O5Zf0JP0uPbq4BJ3iqj9Eztf Rb1XVXVauiSwTJx50GjeBE5fh9mMMk12ofilFVu6YQKIrIuH79RGj5ycYkWw77nF duEhZsmiTMtt4TWNr35nppzMHbHYFp5bvN5B7H+afhG5nFxAhGJTouG1oDA/Gwqn vMOzoW3KSGLjRjK+D2KAZkQFjeH9MCE8DkWH4fB+xN/nilheqbZras0PIJ1jyOlc VgGIXGieQI5keJiJA9n1MEAJgtZ03klScO9j9L9w8PZ5S6jO8k6hYnKpS6+eZmyV hxQuU6OgyeVvWseVjuv2Yn86aALF7XQIUEQUeCsn4t/G9T1c8A== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-02T08:55:11Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-02T08:55:11Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-02T09:01:44Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8243" uid: 7b48064e-a48e-4861-9fc4-b077cd259bb3 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-02T08:55:14Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"0f4f09a9-131b-4f1b-85a6-31593419b523"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-02T08:55:14Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 0f4f09a9-131b-4f1b-85a6-31593419b523 resourceVersion: "2595" uid: 15ca3ac7-7d3f-4746-8138-7853832f439d kind: ConfigMapList metadata: resourceVersion: "11517"