--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.23 creationTimestamp: "2026-05-28T10:58:49Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"6f1a74f2-ad72-4212-85e1-a907317810f6"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-28T10:58:49Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 6f1a74f2-ad72-4212-85e1-a907317810f6 resourceVersion: "2312" uid: 94245fcb-4d6b-46cc-9b8a-3cf82ec8bcd9 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.23 creationTimestamp: "2026-05-28T10:58:49Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-05-28T10:58:49Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2310" uid: c3d12ce0-82b1-44bf-bb4e-32b75154a4b5 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.23 creationTimestamp: "2026-05-28T10:58:49Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"6f1a74f2-ad72-4212-85e1-a907317810f6"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-28T10:58:49Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 6f1a74f2-ad72-4212-85e1-a907317810f6 resourceVersion: "2309" uid: 87d400e8-a420-41e7-ba27-8aa10e3f8a0b - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIINKNxg4+OQUcwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDUyODEwNTYzNFoX DTM2MDUyNTEwNTYzNFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjm5Ki2I5XeB Z4Nk9ypMVVAH2vllDGn9Z6CnzHA9RapKxPDOfeMvWxYerKJrxTa+aAOqI9ALO5at 3J75qC+S3K1EynmdgSTy5oPqt+ajvCvg+iqB47HpD4QJiZi+8CgeGdXRj/M0abCS FjMFRWLHUCgzcDuPYrhSot0EzOh6P6Qj5vpvEFi5E6PAHPdqLGCZN1NeF/HGmEss 9Gmoq0dNzrGOcz76P7sKn+NKrXw1G+/g8T1dEhtVMmQAS0cXC1xW+QjvZIeelDoo WvtycK18qqGSvi4XnT0qC0jDL0o8gnM5CtpbPf92nlIq7h3ginHra/uNAWm1VnlK uP0x2jerXQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAUNHHtBY1sfaiPuNENVzv24i1JaQ6clvxCH4V2IuQYM5uZNMp Vx8cHXvurOFgrtcGQSinZwZfunh/Ct6LaoEOgTANBgkqhkiG9w0BAQsFAAOCAQEA TV5jHgPSmZ5s1rMf2ygmLtqyTGPUVOG4VHpzXCN4q3qR18zyu/t3+PG1pqUUx0vY pnh8+5UO3d0zt9zUS6raeZNJoPmu8sUlrnwqSvkIkPHyQ7nApkQaNVPNjm/lCEMy ta1B5kifuzDaMTZqkEUvgZeBzlEXqGw2BsZs4KrJ/TqPuOpEItVCj+Y+1C9FvrMB Kf0kd+YkDhG6xdeGEgTEYXsqr9vcQDJsUbEwJzKLN1EqvwTnZTaVtYdno5qTMlOH UBKmJcyQaF20dEtqT3FPY9HdygvByDJtVzHuad0uyWzvI9mZId2YjLlLKoPsoBR3 j4k30Uknyfa/YVbD/nG81Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIJKhaRnMle1wwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDUyODEwNTcwN1oX DTI3MDUyODEwNTcwN1owMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AKsGoh7WW14hdJ5P2Yfryd/jXIpyDMzwYxX9GG+y0+MMm3WyO+7c+aGbYK0pWn2L 3q09xCtYNodz5P10MwZM0esdprKMlAkcPhzS0E/0jZEQo77n6zL6pY719/D0UzZx VM0j6CngCul4m7ilcJWygHFOxvSJpi32CUMGd5FdA9kAfmn38F696A+7pZlKz+Pw hOFcMSZCcNOKsCY+7z94a3MThQtBlgC3WtRVLnSOTj2faMctpkPpD/PIewi3kbOB wWJJ8vZ8ZJNGwBxPogACLuJhGjycp/wWk3NnC+jjxLHMKNZcbEeIgfbubDLmTofp kYt5ypxMdwc0bWdMPRsiIg0CAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAjFopMnf6MByrXhisB7Pk2wahB2JxhjUM+z828GHy1/lW7jUEjIP11ePW y++CtwVO8mbjltewKuMKhKRIfrp7LDBLBgNVHSMERDBCgEBQ0ce0FjWx9qI+40Q1 XO/biLUlpDpyW/EIfhXYi5Bgzm5k0ylXHxwde+6s4WCu1wZBKKdnBl+6eH8K3otq gQ6BMEsGA1UdEQREMEKCQCouYXBwcy41N2FhNDc0Mi0wYWMyLTQ5NTgtODc2NC00 YzRjMDBmNjJiMjAucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAMXHgxTsE0m+xTqQlZCMysVjot45d9y61c3ALIjmhA+4RkYUk2MGM85+8qvY HAUmnDpgMDNx+GEi6h4haCnVokKhXLLuM4xd1i0q468MCIUiXvgVpKQJWl/4OVJZ wA2khL9TQLoezBJbSMo6RCHm4cfQomluUmmVMGAfRFe9gwip5p0H32OMIEQLvBPG 9MRkDWUXNEchiNoKcFeI325gksoFeiuHsU5a48wvg3Xv16ZxF4lZs2lkAEuTSZQ+ 1BKT14z/ljoN+JNpvOBtVw0Qr9JKgs7wnDpdSvtYGiTtD7ZJa2bObnounATqrzTd 87QCY29BNcf7KQ1GLS2y9MrRhT4= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-05-28T10:59:05Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-05-28T10:59:05Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3010" uid: c348183e-befc-4da3-be36-cbea1fcf94fb - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-05-28T10:58:49Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"6f1a74f2-ad72-4212-85e1-a907317810f6"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-28T10:58:49Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 6f1a74f2-ad72-4212-85e1-a907317810f6 resourceVersion: "2318" uid: 5d30bb0e-5ee6-446a-9875-192e2e9628e2 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIZNc1wnLjer8wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3OTk2NjI3OTAe Fw0yNjA1MjgxMTA0MzhaFw0yODA3MjYxMTA0MzlaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3Nzk5NjYyNzkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjMwfZQ53paONRIy/EbwexOecx/U99FRpM L2buy7IMReCvGE7af0YfnLDR1q2j7TIEMLyxukyHly/5D2YE/HzP8w9jsq5gs6Qu ph/tRKDB0pek7xMUEQVe3fpFfx4XYny34XHyUE+wer9UXzr2J4Ktbsmc69HGGMRX YggEVy6fF/sSifSrtIRJO9wRPW2Edn9fifm8SVOl/2s9WpM0BceMQAOEY98gc3S9 nsJyhqm5HWpzxvy7LuxApaznqKO52cszLT8457BHH7p8XIvjLX8qMDyokLHAL5Gd lrOo1eMmfh35z517fpc+iBDbQucQ7H+1gArohhRHfhUxS34SBKCdAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS1/3A2 kA9PZ7k6qSUSgU25Qe9fWjAfBgNVHSMEGDAWgBS1/3A2kA9PZ7k6qSUSgU25Qe9f WjANBgkqhkiG9w0BAQsFAAOCAQEAkfr863Y0+ZSYFcF345QfV64KbEHolOajZYj5 aEDwHsVX1JT7e4h5Hw5SXIfVSAMh+mVKM/85TLVLkdn/VjbO3nib1zygOXFFbRIZ 3GYT5Rr/6TroDUMdQYDSaY82SlWHOmTczJ+HrlVXM+u1lbV4qI66M9gN4/1DZPJI hYLVGSAuSykcOqmQeDDvaq2g750ZhngRRiE0vb2FqHbq8tg2NH7hWvLspd+J8mm1 5TegF+cNovGGtLHe5PDXJtUOE8aTI6EZ6WW3+2dSfxx+2znyDnaOjrA5cW+m7R9L TLIqt6D0GYrHwgCqAflSIc2Og3IwWWiWxxxenm0mR0Nd+hFLug== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-05-28T10:59:05Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-05-28T10:59:05Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-05-28T11:04:52Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "7992" uid: 44e8ef65-6c18-4f66-803b-f3ba2c4b3d01 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-05-28T10:58:49Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"6f1a74f2-ad72-4212-85e1-a907317810f6"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-28T10:58:49Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 6f1a74f2-ad72-4212-85e1-a907317810f6 resourceVersion: "2316" uid: 0e906f1c-f4b6-4da7-9c60-05fe613a7804 kind: ConfigMapList metadata: resourceVersion: "21748"