--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-11T23:32:05Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"3784db8a-4660-49bb-9030-87b6c00b8902"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T23:32:05Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 3784db8a-4660-49bb-9030-87b6c00b8902 resourceVersion: "2269" uid: cc3bbdfb-c787-41e8-b6c2-5581ed504cfe - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-11T23:32:05Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-11T23:32:05Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2263" uid: c8289b87-7e3c-43a9-9634-0b80e154b1b5 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-11T23:32:05Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"3784db8a-4660-49bb-9030-87b6c00b8902"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T23:32:05Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 3784db8a-4660-49bb-9030-87b6c00b8902 resourceVersion: "2262" uid: ce6a4b0e-1d5b-415c-ab68-07db8cc5d360 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIGuwfB/xlY/8wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMTIzMjk1NFoX DTM2MDYwODIzMjk1NFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGzZCGTN1PCl gB61dKuL3Mx+yuyfTsg33KGDfu5fkaCteG68hFO4fmI9qINtl0UcsNBcXukagG/8 s+y+JpewSfWXgsoTgx+91+qhioL2ebmLCGe9JbhrLN2rTe3hpnJxuh1hPR6KbhTw Kxr+XIJR7kSyFJ7EeEltxFKSAzmQ4MxSj0jy64cevlQNPtOGJKsUDIqpYyi+yX/e jMVw6AGdMaDOZkC3OXPoQj7xruMkMj3GBl8/+OG6VSa1wPhAoUANl4WQuJ8cRgNH 2mSQrNdlm6aQ8biZH6Zp8vK+ttV4Si14muPKjPfdBK97Mw9y6rq+7JyRwlD5HyO8 5CyaeM522QIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAYpbAuf92/MXU+jJsneMB7nttwfrY+UEPf4WQH42QJqJ413nM VRstWViV4+L0cjmfWIv1wk3R5fyVuwaCT8YVtDANBgkqhkiG9w0BAQsFAAOCAQEA kTvjiTM90yRkMiwIqfwK+rTq6v4ykbI+hD5eSFSPD2NT0xdAA58FrOCtUn9N/Gdm p8OM84hGa0BnsPR9T0oBBchTsxkfWSWNFbXbbO6xCaiQylvtZ3LwD/SgaRSazJ2j aPjvirLLKkkJOTcyJRbOBX1dlKMc37IMadbx6W0+1izey46/AZaOvJPlhZqqJgwT phBrTQQwGdyqMaL47N0B8tUaH+hrmeXPdfLq4txb3XhK/+J2rKLiLYPiyhLRItqb /yACAt5fYTGOgMCmpP4nNcUHUhDvaX460+l3B1c0OJNJ3W2E5iKbJPx8eDb9H9ih QJWnjEPtStaerBnDqZUZwA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIITGYZRun2Z6UwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMTIzMzAyNFoX DTI3MDYxMTIzMzAyNFowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALCMUaByDYU+YLzFZdyXdI/wJP4/q88YyC11/oPablNExwWAYNXRrSAxn4Aq6nO7 ullWvQ6k2MhiW7s0ZTiEmFDEIzebYXmCeT65f/u5R0CGoCCM1R9FGN68puXdBbbI MNX/TvudCL+wLuDPRnrH5hc5z5IQs0rSnffbfaCbWjAf5vM6WCvXGVMYYhCTQlnu JtE5eik5Ua2bWYgTuodtnNdh5l/qWVTFp6P524ApJH4e8u+P9sQkgO9nQxei9RBP aaEW2v29WWE/q/QVFkBZkiBjWvQe1FLS2CE6nk8MMAe34jFuRarse4wEkA37H2KL RI0pzI7c2W9012cBsgsBT88CAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAd99xJ8m9x1xy09QcC+BJ9o4/O1YQt44yY25IEvEKsOck0vE7hTShPeZk JF0p4oYvtOeV1JAfvtjtAcuxH7s2oDBLBgNVHSMERDBCgEBilsC5/3b8xdT6Mmyd 4wHue23B+tj5QQ9/hZAfjZAmonjXecxVGy1ZWJXj4vRyOZ9Yi/XCTdHl/JW7BoJP xhW0MEsGA1UdEQREMEKCQCouYXBwcy5kMWEzNDllMC1hZmFhLTQyMDAtODEwOC0y ZmQ4N2MwODkwYzgucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAILPhnrNQ88g8XDPUDKDFtQyd/LYIyFdNALwQVJW8iqIGaY4D+cbv9IxCZaM n3Hsc5zbHD87AN8Pw9nvg/3ePi7vBWBQCKbcmx2QBu5fAjuwKbs0kXaZAHnVms4m CUaucWeKsteqOeKcJaQsyHT2MQId1Trs1vC1nVqgmM+p9XfavuXyBFA/mxUr2iwp gudLbSbf/vsTrsQRAhSTEMJ5Mjr5PYg4WDuZKmNdzB5ISw3iN03qaAck+8ohpXnZ 3CGgmupJOrFZ1kEc3kLOqhbDaBRO85R8cm97Qi0gUtrf4qXFGNiODTYoVUYQ5NCy Tolu4ZBjaBcVP4SbeX6fBStJHI4= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-11T23:32:02Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-11T23:32:36Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4094" uid: 070cb048-ac0d-4eed-b1c4-68d1174659be - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-11T23:32:05Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"3784db8a-4660-49bb-9030-87b6c00b8902"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T23:32:05Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 3784db8a-4660-49bb-9030-87b6c00b8902 resourceVersion: "2273" uid: ae300278-0ddc-49c2-8813-2abb9ae1fbd1 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIafBtP7gQGHswDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTIyMTM2MjAe Fw0yNjA2MTEyMzQyNDJaFw0yODA4MDkyMzQyNDNaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODEyMjEzNjIwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7PQ+mZ3KORQ+/rtGdoB8A+AtuYW2jhKtj CuI7HcQvryZCCUtuqOb20+2Ha5bxXimiLSy6K1PKNwkHArR7JXX7U36Mf/emMNZ+ T9D7va0wXKngRJn3hVB0ql7NP8eso0j0m6mlNE8Vp2lVzRGZ8gUzBrYx/p4CmQzz 5r1OPtRmfjAwKHjduvzt7RTiO92MOLvKDaIlzugY1pN8GT048AygS4zkoq4ZgExc W1mBbFjB0d87Tf3OwBYpSgOXfjibVdQuN1IZCOVLSl4iLDALH+rAwU9gNCK8cwa7 H35YN//1T/ZfCl5TGEnE/zwjda2LFRUXqTFp7oJXP+8t3vnGZmy5AgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRNy6SX jevO2JHn1hnB+6BxqJA7CjAfBgNVHSMEGDAWgBRNy6SXjevO2JHn1hnB+6BxqJA7 CjANBgkqhkiG9w0BAQsFAAOCAQEAsHz82vBmY+4H2MS8+sodaAKkEqgdi7kds9gr GTX4PQq9IH/iX3jegaDkOiWvfCishAnTYOjdZZnTuFtZTKFCmeGl/YVAMmSnEDsS bAvaDPjMnQ/tzb3ItDPc+Gz1EDMjXjkBRUtJyukfdPXvKPhpPrB/mlglRWQwpPmG kfVReP51T1r2hqwD08r5uk7djPyPm9ye3qqFWpaZobNeRl4Euocp6qZqWkKlLHdC PWX1ZJlxA5vLyG9FusNcVWs0Qjnq5zh5I/HaqtlyToD9rjEWCqbhznhKIssPgSMA V8WGfgYx22DNelXksg7aE7gOdlp/fqeCf0XS/bRU//HAFt69OQ== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-11T23:32:02Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-11T23:32:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-11T23:42:57Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9261" uid: 0f49c415-0298-4193-8d2a-aa053665b61d - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-11T23:32:05Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"3784db8a-4660-49bb-9030-87b6c00b8902"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T23:32:05Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 3784db8a-4660-49bb-9030-87b6c00b8902 resourceVersion: "2271" uid: 76808300-b25f-4b38-9e50-122f8dd87a2a kind: ConfigMapList metadata: resourceVersion: "23163"