--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-06T05:01:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"5265d28b-a424-4d0f-a730-f6178ed39c4d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-06T05:01:44Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5265d28b-a424-4d0f-a730-f6178ed39c4d resourceVersion: "2335" uid: 12f4e358-0060-45ac-9d53-6e8dbdbfab38 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-06T05:01:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-06T05:01:44Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2330" uid: 6cd6a4be-ed00-4fe4-ae45-8bef6e707bd3 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-06T05:01:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"5265d28b-a424-4d0f-a730-f6178ed39c4d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-06T05:01:44Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5265d28b-a424-4d0f-a730-f6178ed39c4d resourceVersion: "2329" uid: c3374aee-7567-4f56-9bc4-f2589567249a - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIILE8cV/KYAVIwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwNjA0NTkzN1oX DTM2MDYwMzA0NTkzN1owJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNygLxNWE7It WvTq/btHAqEl9ekxYeX7XC4RSnv/XutboVD6XI/PA1wM3Rd1VURoujcp9NKR4Pw9 DiUwYkZHi01aUGRC6suRIDqLIFsXrEd5ZVtWeCpttxo7G9RoQeG1vwv3NygDmclO JAc5RGG07ULOiNZddek0cApEi7lfDp/w+FkGO4DZx9c3GAk16EmL0dec5XEWMQaM aCteGmZf2yEwj440HViOnigDNY54evDSGfrjxOVIg3kuko3KR4liNscn48DMmBFu pNZyPCqHmmT/xPEczuymSr2rbX6uBuTytWgUiOSPPYumKzGUG5AbvhQmBvolM5B1 fFJuK0gRZQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAhTyn6w+VLuVSQ4SmWq344VQKjdovC0Te5GtT2g2ezcDwSzit x2kfinC0KfbxIoSA2UNDAync8Fta/BdYPLfv9jANBgkqhkiG9w0BAQsFAAOCAQEA NUx/XCzNByprCTMR/Nhkq4g172wjZiFd13yjjLYB5cfjADHmzB1g34TZ1JHwZffT dUL0Lw3sbRXQfK32xG/bHJ0Kte2L1+2Mu7S1ibJ0om0PhD7GAfjx0SCu+jWNk7Zf HivTsRphkH2C0Qa7/TcHtXUWuOOgPuPvgnQ/T9eS2Oy+20Qtur5qCWmaD49YOY56 nfqLOXLK4Mb/PJhtv4LQ5+2vh/RxAfWccNBggkNBTUT5X+ThLQvd25gyusZGkO4U QHObWxFc7Rkcl8G5HxhT1GekcCzO6eIwkzju73ObhlrCw8cs8sbfKiMsbeNteUtO bd4/HiRubVBdQO+m+ce1+Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIITqhIXUftxwAwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwNjA1MDAwM1oX DTI3MDYwNjA1MDAwM1owMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AM3+7J2EQ4M8hqMRw1OgXiggt5nkXUM6r1fvDphA6nvb7JOmLK4JTZejRk1Limfy 39eY2pPnxlmuKiNumBG325HTeh0WXOYWnDrh2EzvFpptl60s1EKL2oJcoFD0T3tD 950J2LBXgu121sgR/YzRR/y0BwjdPTmJWcnCM3JwU56efMgTj1sGS7wBxX22BDgj 8i+3rIQ3AhSP7q9Fg5/mrmlnRHkOYD7WuiUa6pqQPljbRLh4saAYqMsWF3kJhjLD K32c/TFOtDHoxy0kc1B9WA+S9oi1g9UqJdNg+w4/XjzM7Zr/QmJKdEmpPsPwOepf QInHjdywbclBShlMbgOc+nMCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRA4pfC/xWLqXyAstl38DO+vjqjeb8uQoMqcWZzPbe88pt1+1iAZvXzTP/N 8YuQG2ygiRNLBVyjvT3deOSVZAlQ+TBLBgNVHSMERDBCgECFPKfrD5Uu5VJDhKZa rfjhVAqN2i8LRN7ka1PaDZ7NwPBLOK3HaR+KcLQp9vEihIDZQ0MDKdzwW1r8F1g8 t+/2MEsGA1UdEQREMEKCQCouYXBwcy4zODc5MWVjZS05NzBkLTQ3ODAtOWMxMi1i YThlYWIzYjBiMDAucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAAoC8b0Gqn2spcVoPfzQPZaIEFNp5OJ8GRvB55Pa0MQZPa6vTVKowFDB9iYp Pa8UlwBGyrWG8r/H3IU1g2F1niNz2wkrcJJ/g/NGb7ckAPzJ8sqIvuO5VgSTtPmB 1CtAtmEfeY3ejDzuVkK5FXphNF/vOBJf2pXk6XZcnTxCefWp+xdA+sHS6rV/jFDl thrHAqdV9AjzhTy8d2bVgeB7vKm1c4VdosnAMQd2ep7nupTm3mKB66NGp9ffDZA+ Tv2DGNeI+AbSGd+JgMDFathBz6/HvLoliNo8zgrYByg+uQ0pEQzl1fwcYe2nX0ep l3wxtZODpCmMEvykPLHd61Dxbhw= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-06T05:01:55Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-06T05:01:55Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "2797" uid: 94bfe5d5-3593-4d8c-a16b-9d84fd38f649 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-06T05:01:45Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"5265d28b-a424-4d0f-a730-f6178ed39c4d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-06T05:01:45Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5265d28b-a424-4d0f-a730-f6178ed39c4d resourceVersion: "2349" uid: 4082e202-19b3-4914-890b-54e500779d47 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIbV1eGVB/eAkwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDcyMjcyMDAe Fw0yNjA2MDYwNTEyMDBaFw0yODA4MDQwNTEyMDFaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODA3MjI3MjAwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzVVOIrbS/6AdbuG6fiLY/YscWVsopJNJR EVuU2h3TpJmOsfMNWhc7B4CmpVZULflmFouitYTDtXvolIp76eyEjXMrrtNtwTen OypbSfVUinsz3mQmvDGw5bH1lTOT29Obwit0hUzivAB96XZL+1S5Oeodp9b6hz2R lhFUUIIqZAh1U0PG/BPuGGpxMq6sxppefQ1y3qUQFMqifD8Rd0k3FO8z9J7nQF7O jle8mmJzI4gkZfgMUBeCktTPigWcoibfHiAQIhUYHJoxYQWq9cb2xV4SkLlSCoq+ xsZWeGKxOMWpVGeZatywteXaDZHMxSVKI6wrXrPqPC1DrB9aXINjAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRCndTE 3z8KOwHRQmt0SuV3w34qeTAfBgNVHSMEGDAWgBRCndTE3z8KOwHRQmt0SuV3w34q eTANBgkqhkiG9w0BAQsFAAOCAQEAOXm6eobmUotOwyFQorYEy8EGu6czL1XBgQ9n u1Qkg/XltLPpYiAqFrTGQpO6pwHC8kj0pia2gZBWZELI5pOpy77dhIQJuzfLI9JN eEnrCPzR5NqIRjFQcupx94pJ8tXnPJNlPnvaSHWS5pYRXKGEE8lAWpJk+bll4Vm/ DnocmPDOth7tKRE3zvEKJiDVag6huEjKkUYXrqFHQb4bXE7WMGvIRMtdJbIYyq95 rLN0+n/6ucn5uzuARVBxDGqRuuQNKw8t44x7wH077bc9biJD/vrw3YfnFFOG6mHd wUGNjMHApMJlnyQwrqBK5n5RUAwv3XN/Una6MON5npoOAqM39g== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-06T05:01:54Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-06T05:01:54Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-06T05:12:12Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9222" uid: 702ae98c-c0dd-4294-92a6-9fec75e57329 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-06T05:01:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"5265d28b-a424-4d0f-a730-f6178ed39c4d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-06T05:01:44Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5265d28b-a424-4d0f-a730-f6178ed39c4d resourceVersion: "2344" uid: 9e454723-669d-4bd6-b61a-198cbf717253 kind: ConfigMapList metadata: resourceVersion: "22830"