--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-08T11:41:30Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"a9b8b8b7-5e73-4cf6-91c7-5d255f5060a8"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-08T11:41:30Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: a9b8b8b7-5e73-4cf6-91c7-5d255f5060a8 resourceVersion: "2327" uid: 9c7f20be-940a-40e7-acf2-53c444737b3e - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-08T11:41:30Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-08T11:41:30Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2315" uid: 05ec66a1-1696-4602-a278-193abda54660 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-08T11:41:30Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"a9b8b8b7-5e73-4cf6-91c7-5d255f5060a8"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-08T11:41:30Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: a9b8b8b7-5e73-4cf6-91c7-5d255f5060a8 resourceVersion: "2314" uid: aea994c1-9d26-4a83-9918-40f93ec830e5 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIeCzN9kTEyVkwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwODExMzkwNloX DTM2MDYwNTExMzkwNlowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4yoEfehBreEX cRJFLqBIapX+jyiWf/lbJ6Ra1c+SmOULnDRR5l/MW551181zwV0opCvaQq5iFQb8 zwhOpwXh2ZnLRU559SsYl4vg6ZW8QYJfIv/1USgCT1BeYvoMVqycmyMHmqk6q7MG HkVdxTpcWNB+F6+7h+o+/1gucZafIhx6wyKAcsABjJVJ/u2q4vVQIJI0s0D/YjXQ P5I6gePx5OYbtVDKkk9NeFapvgmWZdUfLi3S3HpsrUEvWk4i2RUvBpK/LEMn0xRA gKyoxohg4w4VsGwgw5Rc21UawAtZC6irxGornlhFUfnPc8Qvx735gwkXv0lLLoa0 GB11Qk61BwIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRA+FnEOv9TnaEjgJw5617W2qcL6lcjCU8woF0oSThVsr6xAD49 cdh8Zj/khTwtdtt2OGsj8av8sFCbtZLm+SYnxTANBgkqhkiG9w0BAQsFAAOCAQEA FU01pkiJIYMNxFcv2Ig2kQSMKNpFGPo/1Gpcu+eeG5StZXF7OCKYGYPJi0Espo3v BaA/YApKbP0bYT4IoGJ3CN5Km6EEBohHXyz7FjE/Fj+3hGYUzxljY6CUe+AQFa11 6eJM6yD+gbNbylKczM2NieldDFUuZ02jYB9rcxn9J6e0Qj5+7TTS2RZjdejcGk+w 8au6fU9RXVfj6l7j+nGCmK6j70ET5P1uRAEj5WXcai6t37Cjo40FWzDU+YUovqIa ZS4xUOsnXAqO1yNSMhXe0TSMNKZxn3kD1QH9oNNrQ+K+2PfYcDwI5XR3PIZ0706m rat/iVpfhV9K+h96T6PBKg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIU62qu0EoO48wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwODExMzk0MVoX DTI3MDYwODExMzk0MVowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AJ8+hsWX0tr/zrTgOs4R++cv/0eaPcFyGtuC7eTdm7+qNxkgYQXtKfoh47CkTFCa Xds2+43QbaKyM/s3bhErGxODD6zNaKsFT1rbjidxORbdSM343qUE0sSlYWvPqNXL LZ1WIsXRtjwqPlpar+WBUL6z2YMGPbwwtAgFbcbzul2NjQQnziOc7KZ/clckKaln MxODH/Z0fIUdQf33sV/8GuBOnNpr6Rp769hbxH2KUhUCTEGsyX44oiiLEklFALMV Gf92YYzHBsQOXg8DvQbch5cRmEI8U6o4YuY+G+M82Trli2NuhcBVQamMa7iSDces 6PrN+c7X+vkESjJpB1fvm0sCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAWZA2e+jOSkEP6jB5MsEwoFUPaovX4+vEeXUATxMZoOExsx+yaTF1LIqi uT4RFmG91gM3AeD4teep85HlHqvX/zBLBgNVHSMERDBCgED4WcQ6/1OdoSOAnDnr XtbapwvqVyMJTzCgXShJOFWyvrEAPj1x2HxmP+SFPC1223Y4ayPxq/ywUJu1kub5 JifFMEsGA1UdEQREMEKCQCouYXBwcy42MDk1NTllOC1jZjk0LTQ5YjItOTg3Zi03 MzM0ZmY3MTBmYzcucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBANHVbLi4mDCEpKq4y1xkrSP2cygtGa1u4d8mqF3LJDQFzSbluvJjjOQ8x5Ao qHVOrCmDHh1+tDlsDgDi34PqSwDbsrS4335RKs/877qD4cyPXFmJwEIavNvh5u2t HEPGMJ5qs8MIH8IZyDVJP1AReT3Kj4NoCcneQC94a4kOQe7PaUy9e5JCzCtlY+d7 A4K+ukIhDWUfedu7AhDkjQeX9L5datQQHuHQLPDTcv5dWsQ+G9Et2Ti/WA5h1LHD 9ojzo/CBowyq0Lfpnx43dp4scnTvdlFiP+gvh9lOc8HMx05+hWQD7iyfVabSSIEG FjOTHwBxYbO7OFwnijWuzcm2O/E= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-08T11:41:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-08T11:42:30Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4407" uid: d861dfdf-0d78-4b55-8c3e-e4c9d1b85e0b - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-08T11:41:30Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"a9b8b8b7-5e73-4cf6-91c7-5d255f5060a8"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-08T11:41:30Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: a9b8b8b7-5e73-4cf6-91c7-5d255f5060a8 resourceVersion: "2330" uid: 2bce3e45-f72c-445e-ba0c-478b5d3bfa91 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIHysVPZKTOjMwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDkxOTU1NTAe Fw0yNjA2MDgxMTUyMzVaFw0yODA4MDYxMTUyMzZaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODA5MTk1NTUwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqyfHxARkNdmR2qWbV7F1c1CdajK0Pa3wl ar0I1BtyXvrbm3fwg/BWepPQI/qnvIYaBTBAzlYyOg4/PRNoZN1Ad3izrVrz7DAv XyUSwh0wSJ3ygdR0hxaM/rYpVaVd3oFCPMvPQ26849v+bvTaazwLZoPoDfJF/kXY 9CRUWkXmgKFJ6R8AY9cyGWz/mB2lSIVd1ZyS+yLwEgath0x8qxVfSLJQy524ImMe IK/t1RxlYnwaa1ca/P/j1G2F9J4eZ7yMg2/jJN5ev1CPKXrEkORTkbT9kgNs43Z9 Lqxw0dHCjtQZ86/pQx2ASYtTTGeT+PVUWZ0RkdkUl3eajceodpkpAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQENJsi gLYeTwBSpbhF4l2DEt1RtDAfBgNVHSMEGDAWgBQENJsigLYeTwBSpbhF4l2DEt1R tDANBgkqhkiG9w0BAQsFAAOCAQEAqU+JhyDvNst5zvpp6MaRdcQrZ+u6m1YCN6Uh pJNp8xcEkgi1/FnmmMdO2eW/t4noFGSbEZ2PL0WJmaTggx9xl3nPSZ3xOIKLSb8w nzwSoXYqpvP4DFBgE4YCHx0bPjH7Bi6NZnvRgb4UDiwO6y4QX1AN0MkqnVe3KpbV lAFEQ8xuQ/JjC/vGHzD8QxoVO2Vy/lH8jFGIjhv1Jz+tytLdqxUSpb8aTt0T5E1N tnwIcGJcmSfLTIpXYb+zkRnXa1ZFLFMQ3QxXT3Gy7TgSlhxLulXOAvU7X3X9XDnA ikED5lcw8sDWfUr6oJW/nBrgzks1oJtH6+nsRyenZYVlqxvX8A== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-08T11:41:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-08T11:41:27Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-08T11:52:48Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9398" uid: 3143ca0a-c652-41ac-9b50-5df5be4c79ac - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-08T11:41:30Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"a9b8b8b7-5e73-4cf6-91c7-5d255f5060a8"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-08T11:41:30Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: a9b8b8b7-5e73-4cf6-91c7-5d255f5060a8 resourceVersion: "2329" uid: bbec1306-1343-4f20-8850-b2b03f8544c2 kind: ConfigMapList metadata: resourceVersion: "23575"