--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T11:12:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"80b45490-1814-4a4d-9377-25d959d0bc16"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T11:12:20Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 80b45490-1814-4a4d-9377-25d959d0bc16 resourceVersion: "3400" uid: 38543177-b16a-4ae4-86a6-e070216b8c12 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T11:12:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-17T11:12:20Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "3383" uid: 43fcf8ff-5f3e-4eb6-a1ee-ba90d6fa90c0 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T11:12:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"80b45490-1814-4a4d-9377-25d959d0bc16"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T11:12:20Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 80b45490-1814-4a4d-9377-25d959d0bc16 resourceVersion: "3376" uid: 450397ec-6092-4770-a976-ab960e0ac5f1 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIDnNGFAHaSMgwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNzExMDkzMloX DTM2MDQxNDExMDkzMlowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5gnnWM4OxbPf 21FFM9JndLfCOwevbzT9jC1ZouOqv9lStXElQECyzr59BhapNpGkUkLKiBGsPV6s 16TSS+TXE88a+uEfhURVj3rnuHCpzx4AMw+gq6TOXgVUZq+lMbWMXXgJnjGS48RG 8Mk3PRuwDE6bVCA1yySE4/lVgNGITu13/tFFMj/NWORaKF8sZlzCyf7T5HNu36ev 9doBXjBkLpoIVz0ds0mus6UN1YDKXcKXv5hG7atjm97IWVq9Qw8uwRpeq41t0pFp EAXBCDbz5eZp8manUGsLI6S3VV/OscdzcIe9J2Z1qskRDruVXgX5Cj5jISjH/LfN AX2bAvR+XQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRARi4pKmhlL5CWMyjTvvFuGiec19e4UZw+Z2Wx8OujxbHr+Rod eZD0sRXPXPO9Z5sBTH7pCkLTxO1SzzaqkH7VQzANBgkqhkiG9w0BAQsFAAOCAQEA 5G9ugWVvhw57+SaCFX6VV7CiKbIo8GXXaMkVoSNZFotxZEmKrZUt6LiRyxETRepw LZBWFsmpkwG7rdsI9T5bWLOsplfsd9sZWLYd15ifB1BZhwBM/93K/0m3gZanCM9g VXFn2lHausyUgUqL0TGykZPPqhTOLcc27b5yPumxl1yQkj6aGaq5PBVo6wJZFB7q SbbcgHo8tk0r2dRa3nzwgtrL0cREvFMJ3po+lTZGgzHW2YbL7//vcpzrW6f1Kv5W B04hgGzDnRx5pD0JNay2SlIsc1hc2aDs1pYCpFGHfJHDFvKhnwgOtZfbNHs3V6Ch wbgIdwc99zfS2B/KrrlWhA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIU9M+fnqXQXgwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNzExMTAxMFoX DTI3MDQxNzExMTAxMFowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AL17/L6/PJBQgZcIdKjI8k3F1Z6ImyE7HtIeLu30te9RDSj6RseuBa92zzqpjNK6 wejrrM1SXjKpcjjGLKcVZp7BQBD3E8wfyvrSbupdTl6g+hfjhrWrjRIaDGbSqhw0 RoWDOyEyFbP+zO4dKCpvkngrjYvV2ooif8qUtbrfBYOjHurRlUpEzZ8jX+L9YSny 8Jj/9na7RQKNtfAHYq+j0StiXYXYDuctiuIjkC5cNVoOPl7LC4/NrELlaRKxE8Ht Yz2pvgZ5hCBOvqgbykuj9c80YRfcIHvcHRmrywb2jPAXUfZQFaqiLdQO2DOYWTeD ujk5Fl0imIcUkpILvbLXltcCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAgajHivzDNxtCmWWWx5ETEac4xFuRNwx+AcwPrMqJMz+WKFhMN67tteUK oA6A7JQzMT+uhxT9qMIeZt+dw9mVSzBLBgNVHSMERDBCgEBGLikqaGUvkJYzKNO+ 8W4aJ5zX17hRnD5nZbHw66PFsev5Gh15kPSxFc9c871nmwFMfukKQtPE7VLPNqqQ ftVDMEsGA1UdEQREMEKCQCouYXBwcy4xM2Y5Zjg1OC02MzcwLTQxN2YtYTE4My0x ZGUwYTMzNDhhODYucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAFnThJnoWVLQfldiAhschBKxpC/dDkFlfIagAZ3Wztc4tvZ2tAbvHv+CTslM fz9ScGN3oANCZopaF4b6aVgskoBlRnvtnlST374hhlUAO7dcZ94xJi3/dCk+n0zF Vf462O/fv1GdtQh6MBFbaF1xuJNk6RicMBW6L9Gtq0HMNsEJa7/7ndZaVli7gMbH qfHeCoAddAUz4ij/Sw1hMvLobALx0Q8b4T4AqZTwCU/ftS/50iIptAtFJN17wCxE DS4clB1dN4bQsQc3VXmarqbvsJSMOq2r8AGDzBlCfBjOZCVb41/14k26SPqsBXH0 A9QeEDgfnaUspkrFiaAjoRDRQ3w= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-17T11:12:58Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-17T11:12:58Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4458" uid: 875de36d-f515-4861-ba1a-c5ef6bca9eed - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-17T11:12:20Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"80b45490-1814-4a4d-9377-25d959d0bc16"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T11:12:20Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 80b45490-1814-4a4d-9377-25d959d0bc16 resourceVersion: "3446" uid: 781b6396-b552-4735-aa58-4c837e6d73d6 - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIbxcnWq2WrzIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjQyNDU4MjAe Fw0yNjA0MTcxMTE2MjJaFw0yODA2MTUxMTE2MjNaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY0MjQ1ODIwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDllMoKPY5UYWHs2UhtMpLsRob91rhEosTx WMI9TNQchM0o6ykcsNDyimr0em3PKx9HHPHZRXZKpB79U/Q308WsRjEjRz++Rc05 PcvGa1vQ67ZT9SeMDeq0LT/dUACAg1vHG56V9xXhcKR+onw4H/NrXtqLxWkZfkLK TcHyy7ytt5VqKEDVG7zPmWo1FlbzROyEQ0oEvL2Qk4cBlVDIqfPTI274MuttftYw zEg+m2tjuS79PYg1BVqu5vAFXc7ElPYn0McdHZ/16SHEYA/4p+i+tUUvmZBNmZ2B ctMT50NCrLsz7+hG54ti5T9LZZJyyTSHHfq4O+OmAY3NHeny9r8lAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR3ERzf P/zb9L3VfkbVE+uuj43SxzAfBgNVHSMEGDAWgBR3ERzfP/zb9L3VfkbVE+uuj43S xzANBgkqhkiG9w0BAQsFAAOCAQEAaMVgbPmHuhgx8p1gyjA8iakAq7a2UyJbk+iE 70UxzcIsVn22kbdaSDj5qqcKzmRfzXbFzp04HL8dTSYv06GP79aAPctkFs6GuI3W i801A7V49IK9GYWyAsXYyvkvd9lYEid2oouiwxIajbJwuit333i9Fojy8YIc5xEK rKsVfIcAWj7eecxN3HtYdi7XHkIszg3m1dcvRVOnY+RF+lR8PQstuNANVL77TiBw X5oWG2Aq1NBPm1XpwXirZ1x/eobf9GiTCQH9fYV7bmO3ZkooLOaUr62a7PNJCFmE 9DF/C5ju3R23Rh9EeVQCyT7qnDTWL3mQRKoyToNbvVaAbMVBKA== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-04-17T11:22:43Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-04-17T11:22:43Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "12754" uid: e210ea03-d447-4476-be61-99f11c8bd68a - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIbxcnWq2WrzIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjQyNDU4MjAe Fw0yNjA0MTcxMTE2MjJaFw0yODA2MTUxMTE2MjNaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY0MjQ1ODIwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDllMoKPY5UYWHs2UhtMpLsRob91rhEosTx WMI9TNQchM0o6ykcsNDyimr0em3PKx9HHPHZRXZKpB79U/Q308WsRjEjRz++Rc05 PcvGa1vQ67ZT9SeMDeq0LT/dUACAg1vHG56V9xXhcKR+onw4H/NrXtqLxWkZfkLK TcHyy7ytt5VqKEDVG7zPmWo1FlbzROyEQ0oEvL2Qk4cBlVDIqfPTI274MuttftYw zEg+m2tjuS79PYg1BVqu5vAFXc7ElPYn0McdHZ/16SHEYA/4p+i+tUUvmZBNmZ2B ctMT50NCrLsz7+hG54ti5T9LZZJyyTSHHfq4O+OmAY3NHeny9r8lAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR3ERzf P/zb9L3VfkbVE+uuj43SxzAfBgNVHSMEGDAWgBR3ERzfP/zb9L3VfkbVE+uuj43S xzANBgkqhkiG9w0BAQsFAAOCAQEAaMVgbPmHuhgx8p1gyjA8iakAq7a2UyJbk+iE 70UxzcIsVn22kbdaSDj5qqcKzmRfzXbFzp04HL8dTSYv06GP79aAPctkFs6GuI3W i801A7V49IK9GYWyAsXYyvkvd9lYEid2oouiwxIajbJwuit333i9Fojy8YIc5xEK rKsVfIcAWj7eecxN3HtYdi7XHkIszg3m1dcvRVOnY+RF+lR8PQstuNANVL77TiBw X5oWG2Aq1NBPm1XpwXirZ1x/eobf9GiTCQH9fYV7bmO3ZkooLOaUr62a7PNJCFmE 9DF/C5ju3R23Rh9EeVQCyT7qnDTWL3mQRKoyToNbvVaAbMVBKA== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-17T11:12:57Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-17T11:12:57Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-17T11:16:35Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "7548" uid: d4df4e85-25e2-4776-87e9-7c4d4b87e8d8 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-17T11:12:20Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"80b45490-1814-4a4d-9377-25d959d0bc16"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T11:12:20Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 80b45490-1814-4a4d-9377-25d959d0bc16 resourceVersion: "3423" uid: 095ff299-2f77-443a-a4c0-9314299b8999 kind: ConfigMapList metadata: resourceVersion: "13774"