--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-15T00:48:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"f60ce9a1-4da3-4c4d-b95b-59ebbe9ea162"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-15T00:48:46Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: f60ce9a1-4da3-4c4d-b95b-59ebbe9ea162 resourceVersion: "2460" uid: 3702b2ff-c1f6-42b8-aa3e-b697de66a521 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-15T00:48:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-15T00:48:46Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2452" uid: ed4b0a86-976f-4c52-8690-37e93b2e87ff - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-15T00:48:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"f60ce9a1-4da3-4c4d-b95b-59ebbe9ea162"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-15T00:48:46Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: f60ce9a1-4da3-4c4d-b95b-59ebbe9ea162 resourceVersion: "2451" uid: 0d4c0396-317e-4e36-9149-cba300a99431 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIHHGcaq/msecwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxNTAwNDYzNloX DTM2MDYxMjAwNDYzNlowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVrRt8hJtY6E vulKqk8Ylbv/nmgtk2RvoiAKmcQ3BoblbtTGe54rP2SaKjNhnnX99uz0MhgHTGe6 AwKf7IkA+YtbZw6MuRwNRQfHCYWguojoqnB6BZhQ371FKl3SCKGANpRK9w8ZS/pV tgN3NoFExXi5uvR01fd87q8x4cSpDq30ogcU07N17f5+1KqNrCC2BL0ox1v9Wj9N x2JQhoU7QYnVER6+pbBvgkPdDF25SE6LIPHMOtTPxulHHH7zqrpaDYUJHl0PcFdE doiaja1dtKlVr3iGgIK+LGZQU24/uUd1Q2AiAEiTeFlpb+NBK0MV5Zm8eQNb3R3k VRlfvQUOeQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRA8T6cK4/4P3zGyJBH1QQlT8GLvIv2OgXaPeZEyERScDJiYE4Q AE3fT0gHVUOjwe5tjUSM6GhmU+h7UwMoI/eLojANBgkqhkiG9w0BAQsFAAOCAQEA PFkPyGGHvb0s6eWAUtSpDC0gXZM4mu1JpMAlaDzPR0/ZDz8ppA6BwKh9qY47iI2B Z3T+FVol1ja2lyL7GG+MXieMuKMMKcGeBZeQxedBXEkCt4SGz2j9wVNElTqaLjqw C52XCVvr6ZfOChjEH2vbaXGy6z87BjSAVtyJZofmVY84Sui9qLRQ36AtAG0qujy3 8zmR8bQKQ5jEvWaImNej9oPM5ij6fxkOFzoePsrXEhXEym8Zu7jEpbFIfRPfiip2 z/JMUf0gKzP2i7WrS/ujoE4NnkIlTum0o2bUaJjH1y4OIhZF+VbXADzzmyH7uJWz uNAYoLQIriMUm7fCWEoMYg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIeVgZ4kOyK8wwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxNTAwNDcwN1oX DTI3MDYxNTAwNDcwN1owMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ANHMEXnftnNQsaED8WvArwYHcSW1nuPYPhJD0N2YP3eC0ytza5V3g7h8OL8aEzau 6ij4xjJ+iIeVqjLINA0PrWgUsN97huAUQieLSCmuxOgu7s3Qkpoy1RbTYRxuI/mB aIjGsns6u4juwkTeKdryRNrCxfHDMRj6CbWOVU9QFtGCtkPoNX/wrQ/dEXkx5g/H 2MEdD/VhfYolhNpNnEecCwq5pE9zouflSAumCkv+778T8ZuMPGorC9OD26GakMdB GdlGtCivCKGqvwvRtQOpVge5tqNy4mPla00WnQGd+uBHat5F9Y8kH+WCRMhqt8xf dm1Me8mTyCUEBVhBGLQiMy8CAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRA0SVzYVNRSbzQstjUYRi/VsQbppQGNJWHmyGUTgRApwUBqhp4/H8nmyrc MvoH4PqVYaXTNtf04wvdT8AjoKVgNjBLBgNVHSMERDBCgEDxPpwrj/g/fMbIkEfV BCVPwYu8i/Y6Bdo95kTIRFJwMmJgThAATd9PSAdVQ6PB7m2NRIzoaGZT6HtTAygj 94uiMEsGA1UdEQREMEKCQCouYXBwcy45NDE0YWUzOS1hMGE5LTRjNTEtOGU4Yi1j YmU5ZTAyMWFmNjEucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAHFn+kG4BfvyMDYXIE8lnNl2V3NVVCIFyFn4pcC+ma6XW/Lx/h2m539ho9JI hr6IgV4zZ9tA+mUCJAvfuF6RNhlvKO/SSnO8dtPd56BjSDgE7SagNX471UySmMaj TxuS7jLqYIIUcHvhvVtrd4Drj5LW+jpT3rZlFFMlFvTTJv6RoDtmiK4MidK1noSA x3PUD8xrvYNc3N0dMCk1ut1fFoxxoTMQ4q3xpmbNES1yCCPAzqrrrlAl4kH95xUA eVt9nBL+tMZv0fDZLr1s+VYbb7Nzb7au+8MkxhS5RyBFUYo820WpzYHeCIhQtTE2 odL/tI8f3PmeMS0o9R0ytGxH0XU= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-15T00:48:43Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-15T00:49:47Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4460" uid: 22c150a0-d066-46c1-8e3b-c73757ab7396 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-15T00:48:47Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"f60ce9a1-4da3-4c4d-b95b-59ebbe9ea162"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-15T00:48:47Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: f60ce9a1-4da3-4c4d-b95b-59ebbe9ea162 resourceVersion: "2509" uid: 776f319b-7379-45eb-a66a-f458b98977a1 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIUv2DfrzHKA4wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTQ4NDk1MTAe Fw0yNjA2MTUwMDU1NTBaFw0yODA4MTMwMDU1NTFaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODE0ODQ5NTEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm/DSqcClmKWrEAH75GaBpNNOmkxNBqVVn FiK3BLnANjxjmsQ46pAy5BFv5jpNvSnsDfR1jwNxGPO2f8sCE4KWS5B9BfOOdm+A 2efBmGDTHc2elw/GhJILwuOQ/1wowzYCHLUJMIUxqw6yQuq8A8GX8my3wePhl8Nb fCRjyx2uZMUYGsG0oOls3SK44Hj+NQRiw/yHa4FR9USfECgQW6a9OlD2byUtin8K 3NI3JkvyzHa2w1IbQefY91gn25WsDRNdG5c4F4oAxkrngLm7PP1aJlYejQ7HF1De GWbkbtXkxsF/crIMvghcYEx5VDO/AA5b9qoZsRpt8VtAYBUppO81AgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS99D6F W8eh6bqCoBW6twCh6+17mDAfBgNVHSMEGDAWgBS99D6FW8eh6bqCoBW6twCh6+17 mDANBgkqhkiG9w0BAQsFAAOCAQEALPIp+cph4DWROSkT2ms6MrkYYeU0+NiVjWlm wpQek2q/OF9LFHI/m+pigF8RX6yXdOgrkk+REVOJKJxfOLoH1GfwaDBRYkRihzsI jvpexiGMrHQF28iyliyezE9pKJQ+rN6LqiRwtK2CdMrGl65q0+VveSCdHVIR/9Vh zH5O9ULszLcOE+2Qdu/Hl4rPv2zeHB/y4B3lRyqq/XE24BLWz4tTd72N8F/MglSw sF2XLQXiYFQ81jkjgM/lvNJCz/tIqwfFWwHB3b8y2aLeKpyHOZAPTxcdKj8E3l85 HmFaQxe2zOVO5oitXYwor67bRpfQrLAyjBtJG4BZdeg/wqlJDQ== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-15T00:48:43Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-15T00:48:43Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-15T00:56:04Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8410" uid: accbc759-2d76-4d08-b57a-38d7b841a526 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-15T00:48:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"f60ce9a1-4da3-4c4d-b95b-59ebbe9ea162"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-15T00:48:46Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: f60ce9a1-4da3-4c4d-b95b-59ebbe9ea162 resourceVersion: "2472" uid: 23b0c0fe-df34-4b1c-a799-c33e90ea998f kind: ConfigMapList metadata: resourceVersion: "11408"