--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.23 creationTimestamp: "2026-05-27T01:55:23Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"84bde009-82d0-46cd-8690-975ad58fbe8d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-27T01:55:23Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 84bde009-82d0-46cd-8690-975ad58fbe8d resourceVersion: "2362" uid: 03f1dfa1-8df3-4c1f-9056-ca092a7100dc - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.23 creationTimestamp: "2026-05-27T01:55:23Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-05-27T01:55:23Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2357" uid: b2879cf3-f14f-43c0-89aa-3681e6c4de1a - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.23 creationTimestamp: "2026-05-27T01:55:23Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"84bde009-82d0-46cd-8690-975ad58fbe8d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-27T01:55:23Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 84bde009-82d0-46cd-8690-975ad58fbe8d resourceVersion: "2356" uid: 55a542ec-a594-46e4-9b92-b38a822f4b89 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIPzXBLUT/eWUwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDUyNzAxNTMwNFoX DTM2MDUyNDAxNTMwNFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBB+v4V5n6gk ZbCwdWD9To57/0ZUpv5vUV4X/cw5JBCQcXwjiiorg2BIasjGVIw1GhE+w9yeGrbJ lZEFPFVs/D7PdD/4OEdpcEH35QQicqQDk3GwqZ8UBM5cJZX6Uw/geYXsJBzX9xxb j4tXZOK/ryJhKl2IxQKMKmoYf/sH0eardz+jA8eko4uiHVCF/gaidDiWZdD8D/Is MNi81AKg6H6tVB5fR2yLWD3ZYUQ9I5w+TFmAxx+5jk2sJ+OdKnC275lmO/O3vHD5 offSN/KIKf1kEwQcJXyXdNbQx/UI7fevd7OcxPMManaAtZjMPdKQgHbPZA6GjTvt LlKv89+efwIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAxsEDWoocfh8H0sO0t9T5Yoz/lypRACzDIgJf5pKQFebPm93c TtNEMtlQe/LUq+ndIgOroCXBMybZeGWIM8qTTjANBgkqhkiG9w0BAQsFAAOCAQEA oQa5wY/H3wqqralhU6ckToKLdT0AvS3j1UtrRuA6XyMxDOqHE133kKf/ZlYlKyw8 P2dSwH/NxW0zLKScBVxPnWbQm2R79oFxFmu4MKOKHhOhYpVJ6O8bNdL2Fo/caODi ht8TWCWV3p9lUkUY9saKLdYLlmtINbKK/ff0tXsQLw6Jnf6LhDgjr4MNfv24Hi+Y hpKMEhpIroC1Z7nIWuSH/+D8TUdrICEpnEOdI8VqQjnJyzfhqYzXupQ5vyVWogIo LsMg/xnyzyEJ21kcwRLkfSSWVN78uismke6wDYB9LLUniGMxOPxceEwr0wZ16tx7 vdzYswxTDT3t7L0zMy3nUg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIAVt7aPis4L4wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDUyNzAxNTMzOFoX DTI3MDUyNzAxNTMzOFowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AK+KsxcXZeWYI7N6MIs3x7B5co3QZulf2T6hlD6wxnOa9h6GMcFT5eKDyX7n0PB5 hTqRw2jjF2mwMwn5Tqq6XC9LTUD4PQEQmE0kA6QXxicCoH4+JLqtjeAIh+yhMIY/ b8Li0+NOlbZdXRlIB+lN1de5ElbxGpcaIigVgZEQ+uaebOS8ecX7wzBlaqqUD8zb dRj7hNrPZw6ThrKW1fzyRX5tAf8bCva2v5tpf4kAL1RXE6l8axyhGeWkTXeSR3aW puAUtiZ3v4Zye2IYdSjo1CKaYFAU0HrNawHncCxPePQ/QHgIR/TTcWyr21NTNLrZ zJL3ARRTELysJLAA270Br1sCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAcZDe34M09R8oIYRiGZwug1MMLdvx4ggeqkuKqCpDTGl6+rn6HiIZF7s5 eDIdqQuUNHuJtTMYDU8SuH4oCJxpKDBLBgNVHSMERDBCgEDGwQNaihx+HwfSw7S3 1PlijP+XKlEALMMiAl/mkpAV5s+b3dxO00Qy2VB78tSr6d0iA6ugJcEzJtl4ZYgz ypNOMEsGA1UdEQREMEKCQCouYXBwcy5mM2JhNmQyOS04MzA5LTRiZTQtYWVjMy1j MTEwNjgyMzYzZjUucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAGUxtMYW4oUDwl3IfW5lZJ9clauaE8gUcealqOjsMbuuYN+F5eipnVHrwoha 4MO3WFmmG9DaImSiTqh/PVQl8xTO35Mm5hQrRIiIIv80p9d6QcqesEq4s1UseUHi mi8NdluCw/5Y6ztV1wI/6jIXcCRb/BgZpFx44cXhj4xqrdas6Dh5k+QQ0zBjnq6B 2HgKUcyEWUqn+hGigI3fbvRtMOrjdZb54/ZUnah2PesRwzUVRYGsLJ2eX/qv9lco aevDTJ7c84s6swvSRVOJ7TPHkl3P2ShJ14vAkGKRNbI/qxzHlWSlgN3Wvw/adP0Z W7GaDfggO6K01VdnaZRVBSft+cg= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-05-27T01:55:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-05-27T01:55:57Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3219" uid: 6e3fec6d-1a46-4129-b1f9-3b1f6f85bc12 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-05-27T01:55:23Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"84bde009-82d0-46cd-8690-975ad58fbe8d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-27T01:55:23Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 84bde009-82d0-46cd-8690-975ad58fbe8d resourceVersion: "2375" uid: 760ecbe4-d3f6-4fdc-8ba9-278c374d17fc - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIbi906mYK45wwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3OTg0NzI5MTAe Fw0yNjA1MjcwMjAxMzBaFw0yODA3MjUwMjAxMzFaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3Nzk4NDcyOTEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzCU4MMBUNSPX30XrpGmssLp37MunJrmYf peGAfSszkZxNRymdieZk7rByLA6swdKevhQLMJ5iklIQIB+C1Ftwe083R8mKJGqQ pAD89k86LspSkPwEyg9NBOUJrkZ1ElygGpVOA5Ea/Ps+H8LCLKwsYPx3ugJ0lBvQ pc/ZDsph3jI9FuojJfv8xtuBYjzOAGS6J2UhyBYztaoRGNfGE2PkDbFZmwiVERyG Qvs8H9DSxqGSNxkMxBTRu9fXpJR6Hzv14PYmPpXgXUsh99oHYPItskfq6irl/R3G vOhHVjRORkGncXTiTx67NsaOV/dbKcLo5zCRQnrtIDPpDyO1naILAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS6fWcT CGTpM6AVPUgyNSnbBiDw1TAfBgNVHSMEGDAWgBS6fWcTCGTpM6AVPUgyNSnbBiDw 1TANBgkqhkiG9w0BAQsFAAOCAQEACXH2wnnmDL3QOsPeC0tq3BmldXHLpEIuBqNU 2bVAICfL6JHQRHeCeFr9CRnJNVCSgqzGgHffHvGDjZATJqjKtcwtqQU70QUEIq18 UlipDj8+v9+C2rLvCV5omL7axVm4s+9hrZ2llFrs/zGLVBy/sI3mqzrnr1vzFazx QQAHsOwuQyPK/a+GFuoz1eRRljdKNUepJfVZr1AHf0tEHbGVewzSRckL6VJ0C1W5 tkjZ00Gznd4yE4UO/ywyAt8vsYvMPvKffjIuK3fmwEUSviPxbHzbU7xIOQjt0mcg /2zbRJQAIEQwS+Re8tX7jJjouEEfk8zGvqp/mO52sNae5wiRiA== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-05-27T01:55:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-05-27T01:55:20Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-05-27T02:01:43Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8253" uid: 8c23cf20-db96-4859-9783-ba4c521edc50 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-05-27T01:55:23Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"84bde009-82d0-46cd-8690-975ad58fbe8d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-27T01:55:23Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 84bde009-82d0-46cd-8690-975ad58fbe8d resourceVersion: "2363" uid: 7b3f93e7-459d-4880-ad65-473d343828fb kind: ConfigMapList metadata: resourceVersion: "21951"