--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-09T11:36:23Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"494f5b04-82b9-40a0-86d9-cbb93f7331ba"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-09T11:36:23Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 494f5b04-82b9-40a0-86d9-cbb93f7331ba resourceVersion: "2376" uid: 8a5fa4a6-45ba-46f3-978c-af2d040cbfd9 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-09T11:36:23Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-09T11:36:23Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2370" uid: 010e2a35-3cef-467f-b6b5-46cbc6e9b258 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-09T11:36:23Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"494f5b04-82b9-40a0-86d9-cbb93f7331ba"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-09T11:36:23Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 494f5b04-82b9-40a0-86d9-cbb93f7331ba resourceVersion: "2369" uid: 74bbf052-d582-4dfc-95c7-2c74c9f2adb6 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIId2/BNatY/TAwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwOTExMzQwMVoX DTM2MDYwNjExMzQwMVowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAzwRtsofX3p YfPvT6BlFmLOa55r9gTAfyAlr5ANCbhSRva8d0bOIkj8PefaogsHQcxPzMy7xFxW +sQgkLk3DEadaxLwzpSwlcuXIASsT/IB6zhCzX17fqAjPP2uHXuTUKBh9PV/xW1i pTMgHQ8/+EHB/HhTFfssTmvgZDwHN95FdX/S1bShBg0w3HSFLa5j7s2y9xPaKDOm NFLcHpOhHFQ3zxdEWcvIQEuBfcA+jMWYzGz+p4qVT3mTI7yFUROPBuFSuDZKlzHU enXsKT8uUnOA6Kroe1dHW73cRz4R6mrvBSZCpkw01BNVXvhQnmapLbXIW6/Hn0mG DiCctTSFsQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAG0qNFWQwR8hKi7/n92XiHmUUH5cyj6ZPu6UC1jarLlgYt5XT YrGo5n2ghTLAxlnBc5KEKMErAdD2XJSBXN4jpTANBgkqhkiG9w0BAQsFAAOCAQEA Ro0rm94r/g7W6P4zF61huF4Hga67LxikQ27vvMRRSb5NeFjEvW9CCg4p3pkJ6QRn 8cLL9/87atE/nfSn85p0uXO8Wwjn4ob6DjMuYCzi2G/neHjxtusREfCNMnwopdc0 KQMcjhK/bOwIqxnPuJXvKdRr8isAAcPGuVjz7pAATVFTGpXwONytkkb2sSgWDf4s a+fcJnKXec/kf6ylgrX0H1l0f3OiVFO0cAKd+aQSuwm0k6rGE5oBoUKje8+8wZ5E 6sLD7rCy4sG25PDKJmu8TIvdPsBxjBljpjVEdEUAlAW2tWsOF+453PHsgGvj434r 6OykZL6o2CogvYutDmXiLA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIExyHmzN4NnowDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwOTExMzQzM1oX DTI3MDYwOTExMzQzM1owMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALu2aVmNRZ6UErvJ0VVDIGJTM9Dpi7MRZyL6x20lJUhAU7c4raV4eu6wfCWjJ3rJ hPUS291GeswgP82Kqpc4mW23ZMEZBLR65sabBtrkMPCvZevcJ29io9mB97mJXCUX F58eXe1Ihyxx4YQ8tKIUXSmPKqMj28W3weuKfzXB2ZBs90mKWhV2AvuH7QUMO+h0 KIAOI4lzHcMum0nPcltnAb8G0ckLxVPJiCX/3Rs8/87rwIQDcT58lVsGokpKJsML V7b3Z1pTaQrDuLFoKuwshDkbL43CDeBiqjRMrhVqYrqkX7Hc8RKU8t/NqU3uI+Bm fv6eOAlnAfstdsODE02GbDECAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAiDTMgRbnQQABAUfPTyY/Nw5EaF5PzJP9l2Ey0uAQwpM4fVlrgSQMIjyL NwufX664caqWtmo3eoH44kW3mlIlHjBLBgNVHSMERDBCgEAbSo0VZDBHyEqLv+f3 ZeIeZRQflzKPpk+7pQLWNqsuWBi3ldNisajmfaCFMsDGWcFzkoQowSsB0PZclIFc 3iOlMEsGA1UdEQREMEKCQCouYXBwcy40MTU1OTA3OC1iN2EyLTQxNDYtYjI4OC1m ODJiNjE0OTQwM2QucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBADkw/ctQAfK2izRvXWcCzpaKjjl2Fww7y1YoaDRGjUSsLF/U9X1NVEe3FZwq exey6H6BguTFD+DJZaklRGUD/fAySZ3Bol3cskhQXp6xcu9h0NN/nLl72i9CipV2 +i6nItLKIVRknZIe1u/bwr99ceE1QpR1+HNVGSpbeZ0h+ehaxvB10WvJ9BqIYS5p bNM0W5KXHVEkuG3XAX4YMwo/7QawDlvu3MwjFPXwJawcs+q2D1AXtVFl9OHetUSC 3TxhDwgg/HcPxLZdp8y8JI6R7JKXZRWD2B97EcM38luZgs77v5hAQpyPPnCbJIBr x8j+f9hHwbXQFwpItTNwMCNTQVY= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-09T11:36:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-09T11:36:46Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4187" uid: 3130231e-f912-4394-8349-e3f63951c027 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-09T11:36:24Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"494f5b04-82b9-40a0-86d9-cbb93f7331ba"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-09T11:36:24Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 494f5b04-82b9-40a0-86d9-cbb93f7331ba resourceVersion: "2380" uid: 8316ebb6-833c-4592-ba62-6a8037c9b2bc - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIPSzNAncEJlwwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTAwNTYxMTAe Fw0yNjA2MDkxMTQ2NTFaFw0yODA4MDcxMTQ2NTJaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODEwMDU2MTEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBSZLZ2eD72qgsEgrcNGS03C4iN8BNw9ET 5NhoLUQSXklQwjFsb+1gDRU7XI7g6S/Q36s6GG3zcWChUtsSXg3o35N0FedDwc14 horY2cbs+CyhnujVeO1x+ek7Fj699x/QEnnfosvKMIeQ6+Iq1uX3ga7zjirhAZEN xZUllsmZaRksxOzaI4FTVYjzwqwgyp9Tpymf4HQ6pKJ2pgKQQikeMBMc9yzHHOCg AvoOwWZdgZsRRMmXAdq0vX6KwQGBQOyGALGGQUhLJQDr0mjVvef+ldNrUTkYeFVD XU+n2+W6IsEYoyMs7l4syLxSEOzybVU/hFbC0UvQmF7/MtjsZvlbAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRrS74+ LMw4R4bQ+SzO3SqHHYD5AzAfBgNVHSMEGDAWgBRrS74+LMw4R4bQ+SzO3SqHHYD5 AzANBgkqhkiG9w0BAQsFAAOCAQEAZyzbywTv4XRHkf7trxOU2RlN+8NhP1IvzSH1 3d09nev0hqnp/MhX+WJw9C7nVWI594bNWQd8Wsge9sHTTWCg/d6eZeoOsTTDBRIl Q0vzXuInEQGC4NkO7NE/dWDNPMMi9DyDpUSn/oCREqlWPkP+gLM3vQ1gnDMNcAJT F+VPEJsylUx787YUFRqTG1eGPULBwGkNXxzVOlgj0asgo/cXhO71CPicDEBT945Q bY9Aft1ZPvss8zRYGoRuQmGITeAiBwnU42JzE3sCDMpSiAKSEYdKII8/BdHvw7l8 WE6yb3SdSAHF1F0xrdQbPob66DBNaTleRMJgIpksxHpWLf/n7g== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-09T11:36:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-09T11:36:20Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-09T11:47:06Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9311" uid: 64b0eccf-91af-4bcd-ab65-a668d2e0e5c6 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-09T11:36:24Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"494f5b04-82b9-40a0-86d9-cbb93f7331ba"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-09T11:36:24Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 494f5b04-82b9-40a0-86d9-cbb93f7331ba resourceVersion: "2378" uid: a906a9b0-b495-497b-811b-f3723f95f09e kind: ConfigMapList metadata: resourceVersion: "12339"