--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.18 creationTimestamp: "2026-04-16T13:55:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"8536b712-c984-4758-a16e-dea87c51fc84"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-16T13:55:27Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 8536b712-c984-4758-a16e-dea87c51fc84 resourceVersion: "2367" uid: 183c1be5-4322-4f6e-9128-c4124a30100d - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.18 creationTimestamp: "2026-04-16T13:55:26Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-16T13:55:26Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2365" uid: d3c6a3a7-3110-40e0-a766-3b298fbbcdf2 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.18 creationTimestamp: "2026-04-16T13:55:26Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"8536b712-c984-4758-a16e-dea87c51fc84"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-16T13:55:26Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 8536b712-c984-4758-a16e-dea87c51fc84 resourceVersion: "2364" uid: b81660a5-d692-4373-81a1-80cc9b43969f - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIV9FP8q6a24gwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNjEzNTIxOFoX DTM2MDQxMzEzNTIxOFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvghf3DmtsOU3 ze1BBBpywy5Fxw1HN0gMcvCoNl7ZK8HYq8IuqXsTUEIxhfT0p21Ms/9AohI0opYD l+PSZnHxbzm9/+A7iOJk9FH0qjHAa9CXplNgDujuQEkaiQ7TCne8T4lq7hP1SJQE 7TJm9UgZyspQKtx+nZNcJA2eADi5UPlMaGt+OduEQodMa1hQNCU5tPZ3DOqH0qrs A1M37PR4oT4oAlAlQt9WkInAH/uu/r4lyX/+WkklfxGUhgjS5hqHyETLtsWmh9ef SxmqjUxYvFTaEthjv/pOpshH+cyzd7ImkdWA0NpTOuaP+qu9tTPS+ntVokCCKHwk uuWUqq737wIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAqoWPwjQft1EZ2+r666+AzC5FTbtbt3LybjKTbBcIB9YYdq6w gpFXaqRQC0iIPbsW4rectEpVuKf1sqHOaR1eEDANBgkqhkiG9w0BAQsFAAOCAQEA Lt6iaoQgm4O3lzCGBmieEwTR2h/dCF3TMKsR3Vzh5eNK3TpJCvsvFJsO+6h9g+sB PqFKx5htAKFUlMp4SEfViES9vPQkBRF5bGVVYUexK/KJ/ZVlnyLTLkTx1xZIKm2Y JvQVVda7SLifAMCS1wUiUK613Ive1vv3f0knpjmBYEtGL6MKgGlY7VzezUoFmzlT vtgikxwdvLebXpnq/9X8IpmkUjSPbQWXyqvncNYcHVU5DZuC8qFGb7nPIf+Ob/wu X1d/ftP3S2hIzJY33AjjEFl8yj4gC5lhEGMamhzFO+vXCHPiHyL3xDyjZeeJzMY3 zMag2vXsKiUHOxZDfZ8v4Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIA+W1teB+yewwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNjEzNTMxMloX DTI3MDQxNjEzNTMxMlowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AOn8EproUM+/sMfSVQD4jf4ffyjWcIUb8TGdBPLrZiO7zzpik67bmdlPYDcCZulm 4d2QEtuecThrMmjl0pqkONgCVrTr0CyNDbcnq68i1oinhHa6IQbYvQwMQcKmyFOZ jiKw987R4fsht6/EP1uzTaCs3zTpQULHB+Y76WtjTyfzVIVuNUdlHG2R1Sq2LR7m c/CrxQIXH5ofetLFMsJBlOyo4gySWUxqOsZ2Tm6oVGlVwh5QFbwt0pPZIEr+g2Tu KKDGTZENEnb2csLlP0PmrZJT5k4vjt07xxmj/MwWFmodQIuzgLp0jPMn6ekTmLal XYJ77duRpc6PqDZN55Xd6vMCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAULr82UCQ7wD8UekSMPon1k73O6xp0eNCVkV+WkjAv84cULUtBYGu0Ro4 uPWFeo759teagzQ+j0EB4KxM+6nb+TBLBgNVHSMERDBCgECqhY/CNB+3URnb6vrr r4DMLkVNu1u3cvJuMpNsFwgH1hh2rrCCkVdqpFALSIg9uxbit5y0SlW4p/Wyoc5p HV4QMEsGA1UdEQREMEKCQCouYXBwcy43Y2Y2ZTMzOC05YzYxLTRkNjYtYmQxZC1i NDc4MzIyZDA4MjUucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAGk+Yc/xXK5HMwg4Ec1igBSrgVou7RmdzsOj6g2CIMfiuTYrzTPCsoTdybNU LbzvqTF8BSdmP0oQQLNGVmYxWeBJnr23wTrqiRFrCQOsYGsC5eo/AdHqGzsXzyrH Y0uGxnQL0Nk++SahgyHJuTgANFBRICMkVTKG3v1jahxFvBFQmBkQhkkZ+kNb5Fjd 79D1hy9y4elD8n/y/LXP3p2YQnEr0Qri55Do+IDE37ykXSFy+lIqsJ3V1UyeyPfq F3zM0H0mh9Enyo6dmJrz3SHBb4RinIHQnVzhp3P66LoWUylHJQaf7fErdy5R9Kgi S6azdR0c6m3oIFpdFXcF+8nMOpQ= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-16T13:55:24Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-16T13:55:48Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4220" uid: 9474941b-7a76-4d8b-8e48-aad30841a36a - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-16T13:55:27Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"8536b712-c984-4758-a16e-dea87c51fc84"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-16T13:55:27Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 8536b712-c984-4758-a16e-dea87c51fc84 resourceVersion: "2378" uid: 8f4002de-6d25-48dc-8149-9dba49ad976b - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIILnf7HxofedIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjM0ODA4MTAe Fw0yNjA0MTYxNDAxMjBaFw0yODA2MTQxNDAxMjFaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzYzNDgwODEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhkMZ470ZEVnDdgMzyod4dVOa0m1C+vgfe sIiF0SQFnaRu1nmpUatmV5OuHXyA+jUCFGG9evvnurz0KIH8LfqQo8VuO0YV5P1C ADX5vdJCC9ER+IlKUbxhWVghgD6lwGZSJmO17KtolUsg72WKw0vyT9Ho1jJ898YP iS9/jroWmffXkGW7zE+lndcD4mcSnrfQuMERnaPE5JzUx8VVWMPTPg9URRMU993t Y6jaSe3tgVId6FgNpJZBG2wfIRta88dHeUhs6/Msd45pdSOcAlsYPAI1mw9a9nEs y04Jlvq7iDTf7VcfFLUJa/MmWO1hwbUuIAwG2WT9Ha6qWAb7N4lFAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR3V25b zt5ZGyZPRsTf8daH3+2QzzAfBgNVHSMEGDAWgBR3V25bzt5ZGyZPRsTf8daH3+2Q zzANBgkqhkiG9w0BAQsFAAOCAQEA3dUdpGZwKGtm0nlIsji1k9vKgH0Y0oqqXtCK lBo579emlJbtLoTZ8LhOEFt9eDMh6ZbLNZUCJholJ9VBsSqKCkAwiFD8feSkp4yt bTjE4Q0tXaIiMYlismv+zI8rsBncBMHWVM90TU9dL2cCWcXA+cBvfxxiL+RzikJr H3EhcPJ0aL5sSdB9b5KYU3oabvg1ARYS3UqNz/nnZGsfbDl0RLQo6G1kUx1qHPPX YyhTjcKrbkA0AXPatlk0gn6uCN7sG5VH3Bpdg1FDXJT4y84/VKzQRaNZnwdZA7do /0tuPUyHI24/QyV1j5LcCG4U8kMNZ44nSpX0pYMYuM4CpfPKKg== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-04-16T14:11:14Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-04-16T14:11:14Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "20927" uid: 13c880fc-294b-4aa6-a16d-819c6b384acd - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIILnf7HxofedIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjM0ODA4MTAe Fw0yNjA0MTYxNDAxMjBaFw0yODA2MTQxNDAxMjFaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzYzNDgwODEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhkMZ470ZEVnDdgMzyod4dVOa0m1C+vgfe sIiF0SQFnaRu1nmpUatmV5OuHXyA+jUCFGG9evvnurz0KIH8LfqQo8VuO0YV5P1C ADX5vdJCC9ER+IlKUbxhWVghgD6lwGZSJmO17KtolUsg72WKw0vyT9Ho1jJ898YP iS9/jroWmffXkGW7zE+lndcD4mcSnrfQuMERnaPE5JzUx8VVWMPTPg9URRMU993t Y6jaSe3tgVId6FgNpJZBG2wfIRta88dHeUhs6/Msd45pdSOcAlsYPAI1mw9a9nEs y04Jlvq7iDTf7VcfFLUJa/MmWO1hwbUuIAwG2WT9Ha6qWAb7N4lFAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR3V25b zt5ZGyZPRsTf8daH3+2QzzAfBgNVHSMEGDAWgBR3V25bzt5ZGyZPRsTf8daH3+2Q zzANBgkqhkiG9w0BAQsFAAOCAQEA3dUdpGZwKGtm0nlIsji1k9vKgH0Y0oqqXtCK lBo579emlJbtLoTZ8LhOEFt9eDMh6ZbLNZUCJholJ9VBsSqKCkAwiFD8feSkp4yt bTjE4Q0tXaIiMYlismv+zI8rsBncBMHWVM90TU9dL2cCWcXA+cBvfxxiL+RzikJr H3EhcPJ0aL5sSdB9b5KYU3oabvg1ARYS3UqNz/nnZGsfbDl0RLQo6G1kUx1qHPPX YyhTjcKrbkA0AXPatlk0gn6uCN7sG5VH3Bpdg1FDXJT4y84/VKzQRaNZnwdZA7do /0tuPUyHI24/QyV1j5LcCG4U8kMNZ44nSpX0pYMYuM4CpfPKKg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-16T13:55:24Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-16T13:55:24Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-16T14:01:33Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8306" uid: 02605696-5deb-44bb-b16e-58062bcca4b7 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-16T13:55:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"8536b712-c984-4758-a16e-dea87c51fc84"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-16T13:55:27Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 8536b712-c984-4758-a16e-dea87c51fc84 resourceVersion: "2377" uid: 6e2c65e4-615c-40ec-9d88-7169a0dd0f8f kind: ConfigMapList metadata: resourceVersion: "37756"