--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-12T20:51:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"ccd0c65c-a643-4bab-adac-baa48baf5540"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-12T20:51:20Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: ccd0c65c-a643-4bab-adac-baa48baf5540 resourceVersion: "3979" uid: 36ce5834-f0f2-4f69-bb49-50cd30a62710 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-12T20:51:19Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-12T20:51:19Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "3975" uid: 5bceab14-cf52-468c-abeb-b82cd865f9b5 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-12T20:51:19Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"ccd0c65c-a643-4bab-adac-baa48baf5540"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-12T20:51:19Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: ccd0c65c-a643-4bab-adac-baa48baf5540 resourceVersion: "3974" uid: 261eb861-067c-41fc-933c-ecca663bc182 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIINZDBsKnYB2cwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMjIwNDczOVoX DTM2MDYwOTIwNDczOVowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr17g4iPt0RiG R1hPEiR+LeYORAkWbCp3Lr+3WdAut79SpS+QjtVO9d9dP3fZBNKJWXcgoZZ9dg++ CCVpKhymkxetRltI0QhtYfzONMawZZjktWIMWx68LRzWGHs67/3rWbxfUqw9R47G 3uWDsVXDcA/bVJ6VPAwuZESf4fpPbJ+oAcTsRxoXofrl9fi/H1DraWYGF8TiYq0X XQZnbKd8d70btEUGehjo9A01EaRcwzU2ADZee+dWtN3UOsCtz9VlTql3gYy36DZj K6c8Hdmi/+lnJQWXJ7+BXfVyPmYRiNxa8+7AGCx2aOEXE7B5n/BP3XWIEt5cOM5U brywMVhx8QIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAb3kHJaLot45uPvFxDBWsHMzk4frGIas4vPJknMIn1y2UKWHd Avfp9L96FATB5/RORrM/Y1X1Jv7aqChGh/tu2zANBgkqhkiG9w0BAQsFAAOCAQEA b8PxQzzktcj9X1GE4W+DHnU65VrKHFnZ+qRX1GfpTOi2y9KJ4/4So+RDcH8gQ0FH F6jutoGND64YTVcX+XyBq4Hn0UQNYN09xA7LnC5ipfdPwpNZZClbYU/eOKBOWRAi +WcYRD7W17eRB4RSvQFC/7y8JzC631YFXf0605MsjH1VWzkips5N7iLnirNwFXde 7Y6tqM90hebXdh7ekk4NA+JeDIWDaqZ3jNk2l/Pd5U+aH/wzLpvp5/sSTvE+TxG1 KaWGbADSEK/JePbu6JyqWMfdn43TURze0Q4KW2MTjfTDGkvjdmoe703MZV6crvge vftWfx6JfLTbhlMJdOKpeQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIN7qYfgpk+m8wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMjIwNDgyMVoX DTI3MDYxMjIwNDgyMVowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AL1mQGWuiR87h6ufGp2zVLK5YfO3aMvpAIeb9WiXfGmJJ2uE2vrpSxVF/08Ora46 nHOKJUs6r+uQCQ9p47b+QVPYqLuudHwFY2irES9qYU6Ur78xFyVm/IJOeR2arM9R ExgGL1H0dfYZChhqEhRdEgNG5Jmb1kcgyt4Wk0TwHgfDIZJB55NzH6mBhbxvim8E jb17OuUcNVpxNL/j9P4RnQu0yG9vn9T4HLVdpwTCmFotp0bjPlD4pN/brXEwaISg dK5yELdLUK7wai7EsjSr4nwmfyvnj+RDoxjJ35H7QWD1pvxjgU6cYwUf6Ap1EMq+ zpyzGpI1LDvSJRr2cwbvLXUCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRATsOjnlNgl0OaLiz/+hNBJUiyVI+KrhDDz0mqyDdqFNiq+dL3WoC6NGLM f+wEBD22L669UkAQVom/lnrLcEXchzBLBgNVHSMERDBCgEBveQcloui3jm4+8XEM FawczOTh+sYhqzi88mScwifXLZQpYd0C9+n0v3oUBMHn9E5Gsz9jVfUm/tqoKEaH +27bMEsGA1UdEQREMEKCQCouYXBwcy4wNTkzNmU0ZC04YzI4LTQ5YjItODkxYS1h OTA3NzllNWFkNzkucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAFcurhySCPni65bWlvFu06uc6AaFm+9SOOcHek2l4NHmZKvBLMI4fJqmk+gj Tor7/42Qr9uEL6+BD5HYdn5wP18D4H1NB+SLWzVTc9oUbt18UF4cFctMXtF+hoJg UbDhaNXBq285uakBfakiYHOr2ByeoOVngKmTw+X0BSQOL8I75cPZ7jSAz/eXEH9W xeYKnOaAex2Qn+MVGvA9AcYmt8YNxsKGxTPjkkWiL1T5pXbaw/b/TDgvNEVCD5pA k+k64jx5ZcZnJUmCHxAeHAbKbG7VRlDti64tSDzPw+MXJn8erhLglQqIkvOtw/Pk NBjKK3BtnFtPfwHeL0/9NYQSRGM= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-12T20:51:17Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-12T20:51:17Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3901" uid: b78aa72d-4952-4b94-9a6f-dbb3eb1056ef - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-12T20:51:20Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"ccd0c65c-a643-4bab-adac-baa48baf5540"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-12T20:51:20Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: ccd0c65c-a643-4bab-adac-baa48baf5540 resourceVersion: "3983" uid: c5bef15d-3242-49c5-88df-6fc6bfe75983 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIHreSOL6u7S0wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTI5NzgzNzAe Fw0yNjA2MTIyMDU3MTZaFw0yODA4MTAyMDU3MTdaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODEyOTc4MzcwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8eZohkDNTdz5bVG/RWemkF41v1tTjLRhw fQMNk7gi38zFffrN6ytoMVHIrZGBADSACiZESORJzzeeto7UHOXT+ynnxcC8m7+o bDrQ0/6QrmgQD9I9q2r3uYsLtiNmhCxJVnMG7waYMuem9glym8XL4srDm9YrLDA3 3x3d71JThTrC+x+YzPSHBMPJqnx9zQ7K3os25vjPEhRyIkTCmMcrOI/szX6Vb/WQ wQAB3s7VjhqID3QRUV4TTWVNsb/Dc09RYgTL23CPmEOTcA/FpfNZIZtak7mtRXbX JvxPb7lCVAYpki0Cs9vMJS68p/3YFt888QauNmlj51SJRXqQXWafAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTteEPT xQDDTwoAxw37ixtwKwu6rDAfBgNVHSMEGDAWgBTteEPTxQDDTwoAxw37ixtwKwu6 rDANBgkqhkiG9w0BAQsFAAOCAQEARfVfO/xArvV9NiZq71WlhNNpBDVIGk4FneVq VqhabnIqHBAsyj4b/kPPZBkQ0mERU/fgRxJs7hn7Eh+PuBFdPJpLj99DrH4bBQ+P BQjtdgR9Qs7ATCBEfMy7o7pt29UVRFr74Lwa5OqngjFuyFyGF/jsTiIOhYZnZ6OT 4c9duRiM7+d0ndLiGTU95fHg2rkyWZAMw+Js3zYn4uy3vIM0okSDTZOJC/OsplpW bkTEBqVZgjgcigoZBkx/Bqm0hRDZTxl6Vr0gYjk0kD/o6eXHehbp8gqb+ehePha9 6J/x5y1dHQ8e7Zu7gcxcJKh2rjZB1S5Hj7fq2gJ+SHXC9GO3og== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-12T20:51:17Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-12T20:51:17Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-12T20:57:31Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8256" uid: f84e650d-4690-4dbe-950f-9e1de8c6c3e8 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-12T20:51:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"ccd0c65c-a643-4bab-adac-baa48baf5540"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-12T20:51:20Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: ccd0c65c-a643-4bab-adac-baa48baf5540 resourceVersion: "3981" uid: ed35ce26-2e60-4b8e-882e-0ba0594a7344 kind: ConfigMapList metadata: resourceVersion: "11361"