--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-12T19:15:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"530085fd-136b-4c51-a536-7c79af68fa35"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-12T19:15:10Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 530085fd-136b-4c51-a536-7c79af68fa35 resourceVersion: "2317" uid: eb7c8ee9-bba4-4781-9d35-1a7ad09ca2cb - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-12T19:15:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-12T19:15:10Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2314" uid: 8fec88e4-cd5b-477c-9696-484ffefb3ee8 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-12T19:15:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"530085fd-136b-4c51-a536-7c79af68fa35"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-12T19:15:10Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 530085fd-136b-4c51-a536-7c79af68fa35 resourceVersion: "2313" uid: 58fba938-ea7a-455d-8d96-76d25e83b40c - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIXgNRNv38vlwwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMjE5MTIwOFoX DTM2MDYwOTE5MTIwOFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljdFPyAWlv4x eK6jP1GrnrFdIjl2E3viW7TYOYTqPzAM36M0tO0aDB5wrMI4eS61rO6IHFA86ATI 95zEPYgUqtye+8muSnQ1xKo9yLWAQrFLOZ2tGOsyTqCh+1GMgU0BVqXCgwNhoCND Qc/88QcNeuE4gVM8L9TbCV6PDd6+aHITOut67Gbxi/okd0GDKqmhtjcgqi+WP3PP Q21RJb4xvLKaz65+tutoeV2+w8uboCcTSF0KsjKPhl9gKwfLyemac//XKxhHy4Tp r65+nwWd4z4SeiFrGUoxReU6nh3tz1o2r3bd/LODwwxfrG3GlBj9xwesOpMhOpJ8 SF031gK2gQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAA8hWIfcuE+PcBj01prZdfUygRDkJnzCDVAKRu3SQZkeW5IxT XZEhwgu6nOHgUBjdIWMm/tgUn+b7OyXHpm7yUjANBgkqhkiG9w0BAQsFAAOCAQEA AOH2Z1rjbLHXHjaTIGdG1NvDGUII1xP/CNFcRpGM0a3F7XXcvwkllYa5wVg4YnG9 4xjQceeHS7E2LBPIAmWgNoMcLmsoyw2ta1aSMFNYFZOjvEP0d4DZfQFgvfAffDpV sbhMBYneS/MQjtfkm3YkpWxSAioSMuE0SMkXAAiiACylwWu6Vd6X33w9acNez1y+ Bl6tbsS4oIr+JURuVWW3wTROZPAHtr2+CXAgjk7Ox5fLdIPVJ2rCLk6bASGhp4nt Xk4speJ7hYvsKQ0EShSBAzaQwSy50IHEBo2lxCduNYAchtXfoLQPULo8hC+QIHrb SlF3Jb5mCKA1yJsU40+YHw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIU/SBn2PKa1UwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMjE5MTI1NloX DTI3MDYxMjE5MTI1NlowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALmlcfsJDSv5ejSYzIEIYT5kVPgGg2/7wL+vmsDhaguCJwH8UQn0PzIabaQwgD3v JHSE0sJse/Zmyp0QH3VQ3zuoFn+Jf21gncV8+WGTr8WET0Y7MwZP/YQT4qCgIHh4 YKNjsQtAp4AStYYI19RfWsSx8zu2IcjpJI7PhMAOen7rUjm3saYuMqQbyCPF9qol 1w6q6N0R3+mM5+A7hCL2N98kbTZ0k1GFt0ZFHZKCNCMk1mXLb+av7eM5i22AGnbk mVleKw+bmH5uOGxqvqyLInu26siy03N2Ca2YudweZ82XhkQRjpEg5FxGD3nosA+3 MlJBaf5d2sXF9J8WaMzOy7ECAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRA/sf7XRoJFxSYteINTCvhZw6U0kVTHp33gmyJ1Udg+NOWRWvBp53hYIr9 56pSCxX8uS98Ydba4IugEgr3rCXPNTBLBgNVHSMERDBCgEADyFYh9y4T49wGPTWm tl19TKBEOQmfMINUApG7dJBmR5bkjFNdkSHCC7qc4eBQGN0hYyb+2BSf5vs7Jcem bvJSMEsGA1UdEQREMEKCQCouYXBwcy41ZDgxN2M4NS02N2QyLTQ1NjYtOTM5Yi0w N2IyZGZlY2RjMzAucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAIsGcd6KrcKAj+ewmd1rSU1/B/JMe04Y9VqlWZnDjK7X4bBpNR0I4CW4twtN XowkGCefNM/JciDn4TnL2vKDOZ7rISGfJJq5QxJy27bKniNcJroc4a//p1X8rxNF kjJaIzSd/dUTu79E7WcRNX/sV2l+SjO92D4wqa7QTOjXWo6MHBsWgcYtyy40fgS7 m5tUBvezBPhxmAqhnhsr39jy5QlCVmawcHMO6wSmgHWBxlOBuK3zqihBukVSqM+H iLl17UjOMavr8cOl4sTMM/qbjDjsO/UK2YqqWH+xsRZ/3i5NO3yAiUidIy0eTbKi GWuONw5Lvjk7q4PEhUkrPlDtL84= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-12T19:15:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-12T19:15:27Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4121" uid: 0356f076-8cae-4033-a449-041074a288c1 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-12T19:15:11Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"530085fd-136b-4c51-a536-7c79af68fa35"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-12T19:15:11Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 530085fd-136b-4c51-a536-7c79af68fa35 resourceVersion: "2323" uid: 881694eb-e312-4ddf-9889-52fadd5a9e8c - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIb1eMOVaChxowDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTI5MjMzMzAe Fw0yNjA2MTIxOTI1MzJaFw0yODA4MTAxOTI1MzNaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODEyOTIzMzMwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKLzjS2dBPpr5DZ43QcQb8jQS4KY1hsBU dBoLXAxxm4bQ7f6gVOPjS0ZsAs9IIggMJ/zBC1f/FNH9zUB2g1SgsggKPfWWnMYL H6cd4EWC8IjdXkYzywtrfSu0ylZNXGTLlF0/yYQnb0twCi4QfVN70riYbbWLvxd3 io7Z1ggifdpxbLu0yE7Fq9WEmy/M5X2el/tSmbuO0q4TT42btIhu3X6e872WL1Un U+PqLju8eNyC6PBx+D9xesIHiKvyD+/tOf3loVOvTYhaYHxjuOacjDV8YSg+xvh6 DX2lF0ceLdytUAUQnwWUm7uXQdGMyFgRXTbcbNIGQKlyfEWJJ9j7AgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTxbwI6 AHRhxZ9UUhcE3o0XPQ9VhDAfBgNVHSMEGDAWgBTxbwI6AHRhxZ9UUhcE3o0XPQ9V hDANBgkqhkiG9w0BAQsFAAOCAQEAGJChzPO4s86HMzKVWRofFQTmjz7fvxt5Q4h1 8AT1D++fH69OngAlXJD8VKA6G8kXHi+YQzNzUAd9H5gLFiUX0UrobeYyj7fjGrqk 7ZI/R5MOd3zf7ptj6wZDXDtJwNzw+cu/aiLJPuo7J0XngHCghJSGTsGbx+KZqwgX IZ4CcrA5czFlTAcULpN4MqGcCj/wmi2Y0mxq9Zgn2FIy32jovlJqBU7DyIfSG/78 Ayi40r9wAuJh2JpeB2jghCRuFVWvCA//FkL5I+ocmFz+6ISYzTX4DQtDkdqGhCjc PViNPQSqhFHIgyX/18GTbRxvQyiFEciTJoSAM5oyOUyDgzBeVg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-12T19:15:26Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-12T19:15:26Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-12T19:25:45Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9272" uid: d01ade91-3a02-4cb5-bccc-e28fd6928fae - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-12T19:15:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"530085fd-136b-4c51-a536-7c79af68fa35"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-12T19:15:10Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 530085fd-136b-4c51-a536-7c79af68fa35 resourceVersion: "2319" uid: c088a3b6-7502-4c8f-ac1b-992d8b92ce84 kind: ConfigMapList metadata: resourceVersion: "12152"