--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-11T16:19:45Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"5c345122-ee94-44fd-817f-fd246b967269"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T16:19:45Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5c345122-ee94-44fd-817f-fd246b967269 resourceVersion: "2504" uid: dd7028a8-20b6-4f56-893a-853331e34063 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-11T16:19:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-11T16:19:44Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2497" uid: 7b14a9e7-af75-4ca7-8d16-22bd961ead73 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-11T16:19:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"5c345122-ee94-44fd-817f-fd246b967269"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T16:19:44Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5c345122-ee94-44fd-817f-fd246b967269 resourceVersion: "2496" uid: af7cf3d8-6840-4574-8894-36bdc70e979a - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIKdklD4beYpgwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMTE2MTYzMFoX DTM2MDYwODE2MTYzMFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GV/TRStuCz5 lgGCk6cdnQYU1BUxZMcrbOnL7oqqtsErB4tWn31aesJlOaWTyKlyeU/ILhpdEwyJ vPLXopUxksPL7JrJAJ5TXaLoTC9tS8PmDkZJVVyN6QmtmbzgniaxQOCjbb+P1+JT YGONc+yfVvQ4pQMto8cYqpMvBVeB0oUxtg13DnGLDeBI7IcWGpN0n4t6pzQXp44D wNI0tWRs2so4xzvq5ydc0+xS0IyaRvHctzEPQ1ZLKtr4Bkr4ayR4i4cbYOgzbtWq 9cnHhotXYmU8wCsTzEVudiN3WQ5s3KKx5/nU7XsrYmzpy2QFwy9Wo+IsDgdfS+GR plab7jWd9QIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAVl/35zpBYdn5pW9P1XNFUwxt0OpxqKpJPK05DyYw1w4lmOCe OfXJMMiVgH/CJnwATCnKkhJdSvIzBxE+kaRhSDANBgkqhkiG9w0BAQsFAAOCAQEA LQvIpPC+6eeQND6r/6yC4vprKMeI5VueF0ByN50OpLTDNnzbrX1J5839VU9cBbT1 UFUYuG8aXZN9U0KTWLP3fWdcNUGlC1CGNiqJ3wGug71lf9YvfJ85QpJcot/EXJR0 WYi3Rp6xywcCZ9trsBAGJLonAjsXRtey4n7Bwbn0NRgS66qTHEmT/EdJgyf5jMUu NakN769TFOQarWFZ/fpEjxvXf6DsggjejRxDxBuwNgiq+XcyWTbavqvOmzOl994f 5nm6bON1rw2S4jfXb5HeWtP9Pq56/VQaPtFyXUMfGQEdvZwK0HDwsTr+B2uRnxor mRAKsecDuATGc3PbvHW53Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIK42G41gI+/QwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMTE2MTcxMloX DTI3MDYxMTE2MTcxMlowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AL/1MqSRTEVd5E7n6POIcDuQtdT2ROkg0UUTx6PIG1juW0gVG7a37y1sasnc0VXp fzAIGwdIv6HDJf7TQnD5lRdl1de/5c3habndyw6wv6oftFcAKlc+Dje282xwhX7l 4Lyhz6iiIQzns2V5GmFmiz3Dx1M98yFGbdJufo/zR3q+UcMxivvgPoUTqVpx8ur0 MMLAuZ/CH2qG/jqsaRzuthru2Nz1PNoCfXF0oqFG2Lrra42w4nzQVEZPy7ju2hh+ H4aLvlYvfzDwePSNj9l9yLlbEUYkKn72XkHly0CqmgCy8wKOubvzkAddiHxX/E7E ILnNhQ7jkKY3yC55SaRI1GsCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAeKHYWURdkzgNV5VWm7WtBovPfSlgG7U9o9bqneFQGvsfUCSLP3IY/YtE wR16gnqJWdtfA2+idgCEZjnAf/UkzjBLBgNVHSMERDBCgEBWX/fnOkFh2fmlb0/V c0VTDG3Q6nGoqkk8rTkPJjDXDiWY4J459ckwyJWAf8ImfABMKcqSEl1K8jMHET6R pGFIMEsGA1UdEQREMEKCQCouYXBwcy44NDVhMWIzMS00ZGQzLTQ5ZmEtOTc4Ny1m ZGY3MmJlZjczZDQucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAGRUu90hvWkGSz6CIcJVsUNB25zZ6IdvLOL0uaYd+gOoY5gpUIoL9d8nNHBk UlSAHNK8JZ7QfFmCepap6IstPGYF4K2W1yj2K3YxsuVL2kKVazwHzz9//wsKKDUf R8MotOSsSEPGKtMTeDO8L15a6QM8BdIIU/rQjSJ3xOXfzojuxX3LOSBK4vSDa5Gc MBRZflkjD+Q2vBYDCmNQhUbNhNxR2NbfUjDbYPnSr/GGbAlvLM213BSLa0+Hj7ue 2Z1+/8ETjeHHCMEHGHSyzPDqkpkgmpNU7mGE4Qq1ALplX7JXGHRtzWZPnOE7a4xW w4GFUGPwwfBDL8p4fYePqkrQYGs= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-11T16:19:57Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-11T16:19:57Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3180" uid: 8a61a85b-e77c-46dd-b2e2-af366cf1ae0f - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-11T16:19:45Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"5c345122-ee94-44fd-817f-fd246b967269"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T16:19:45Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5c345122-ee94-44fd-817f-fd246b967269 resourceVersion: "2513" uid: 5bd5025c-4332-424a-bb60-90b8c9ee3345 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIfb3Butz5QPswDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTE5NTQwMzAe Fw0yNjA2MTExNjMwMDNaFw0yODA4MDkxNjMwMDRaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODExOTU0MDMwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vhznudjXi4R4rhXfcwFw2x7RNU/7GqR6 yZ48PLvmUZP2/IxWW5n+ba4gIhIH7eEh/qpVTcsKKCp3SooAdzHkDfeUxJChz545 jI1kt6IzQeMalKL6IASZSyzYpru+MQ5bfPyp3S/mhttaWs95hTQFe5ZQ2E228qGY cdP69jkMriSgaPBYnAFQ+xsaYEZ2UzYPr1/F/6IooMMWZr0sZs6U8DriysbavesN 4Itu1ZH2bqQRdKv+tmywdJ5BMqi3UWyJovl0imB3hsRK9sFX4wpplu/3ZnfpiI1X oGN7ii1oUFMKT2v0BKd5U8toyPU1Np1p2Hqw5d7GTG0wgj1Bi+hlAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRA+HCZ JFgWbM7MBXD5Jcp/See5hTAfBgNVHSMEGDAWgBRA+HCZJFgWbM7MBXD5Jcp/See5 hTANBgkqhkiG9w0BAQsFAAOCAQEASXxv8nhbWGH+NDgIstApSZOZwHsloHbE2xE9 NjxT/IKZ6HbpMt+x9dCgz4//g1gbBVCP9E4ydVCVTjYtA4r/WVyyen9sEdbYSyCL NxX6MEtvHsjjLUGnvfA74axFelan/SRABzSHepyjIw500K4cILeYrT89Dnp3Czyn ndJkgu5OsD5PzebyisV8EP0KBhmMMSgSVwsCD7340lwIdoCu+mkPrsG6wgt3WCEq yeKB85iwqo+Pbju3UT1yfWAWFsI/44gHXbI0nyTOQgavJn0sEz85J+L6K1xD3cNr CqAtyzuZMOmXiJR4KTqnufi1WFMMW8KSA4w5UT5SwsJXchp6gA== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-11T16:19:57Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-11T16:19:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-11T16:30:15Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9328" uid: e44a787f-61dd-4f79-b5f6-2bcf5025d80f - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-11T16:19:45Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"5c345122-ee94-44fd-817f-fd246b967269"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T16:19:45Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5c345122-ee94-44fd-817f-fd246b967269 resourceVersion: "2510" uid: 4769a253-5974-439f-9e17-d01541de46f0 kind: ConfigMapList metadata: resourceVersion: "12688"