--- apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" creationTimestamp: "2026-04-23T17:55:02Z" generateName: multus- generation: 1 labels: app: multus component: network controller-revision-hash: 7d4df7fd7c openshift.io/component: network pod-template-generation: "1" type: infra managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:component: {} f:controller-revision-hash: {} f:openshift.io/component: {} f:pod-template-generation: {} f:type: {} f:ownerReferences: .: {} k:{"uid":"ff9a354f-bd38-46ec-a226-06471e3b93dd"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"kube-multus"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DEFAULT_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"K8S_NODE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"KUBERNETES_SERVICE_HOST"}: .: {} f:name: {} f:value: {} k:{"name":"KUBERNETES_SERVICE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"MULTUS_NODE_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RHEL8_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL9_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/entrypoint"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/cni/multus/certs"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/cni/multus/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/cni/net.d/multus.d"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/kubernetes"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/cni/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/os-release"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/opt/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/run/multus"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} k:{"mountPath":"/host/run/multus/cni/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/hostroot"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} k:{"mountPath":"/run/k8s.cni.cncf.io"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/run/netns"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} k:{"mountPath":"/var/lib/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/cni/multus"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cni-binary-copy"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cnibin"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"etc-kubernetes"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-run-k8s-cni-cncf-io"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-run-multus-certs"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-run-netns"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-var-lib-cni-bin"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-var-lib-cni-multus"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-var-lib-kubelet"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"hostroot"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-cni-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-conf-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-daemon-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"multus-socket-dir-parent"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"os-release"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"system-cni-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-23T17:55:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.130.202"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-23T17:55:14Z" name: multus-2zdbf namespace: openshift-multus ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: multus uid: ff9a354f-bd38-46ec-a226-06471e3b93dd resourceVersion: "6169" uid: ed24d47a-1604-4017-b22f-4d68978cdb27 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-130-202.ec2.internal containers: - args: - | MULTUS_DAEMON_OPT="" /entrypoint/cnibincopy.sh; exec /usr/src/multus-cni/bin/multus-daemon $MULTUS_DAEMON_OPT command: - /bin/bash - -ec - -- env: - name: RHEL8_SOURCE_DIRECTORY value: /usr/src/multus-cni/rhel8/bin/ - name: RHEL9_SOURCE_DIRECTORY value: /usr/src/multus-cni/rhel9/bin/ - name: DEFAULT_SOURCE_DIRECTORY value: /usr/src/multus-cni/bin/ - name: KUBERNETES_SERVICE_PORT value: "6443" - name: KUBERNETES_SERVICE_HOST value: a8db5b969e950483188b6531afe0b5a5-bceca851381a2b43.elb.us-east-1.amazonaws.com - name: MULTUS_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: K8S_NODE valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a imagePullPolicy: IfNotPresent name: kube-multus resources: requests: cpu: 10m memory: 65Mi securityContext: privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/etc/os-release name: os-release - mountPath: /host/etc/cni/net.d name: system-cni-dir - mountPath: /host/run/multus/cni/net.d name: multus-cni-dir - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/run/multus mountPropagation: HostToContainer name: multus-socket-dir-parent - mountPath: /run/k8s.cni.cncf.io name: host-run-k8s-cni-cncf-io - mountPath: /run/netns mountPropagation: HostToContainer name: host-run-netns - mountPath: /var/lib/cni/bin name: host-var-lib-cni-bin - mountPath: /var/lib/cni/multus name: host-var-lib-cni-multus - mountPath: /var/lib/kubelet mountPropagation: HostToContainer name: host-var-lib-kubelet - mountPath: /hostroot mountPropagation: HostToContainer name: hostroot - mountPath: /etc/cni/multus/net.d name: multus-conf-dir - mountPath: /etc/cni/net.d/multus.d name: multus-daemon-config readOnly: true - mountPath: /etc/cni/multus/certs name: host-run-multus-certs - mountPath: /etc/kubernetes name: etc-kubernetes - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-8ftzr readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: default-dockercfg-4kn7n nodeName: ip-10-0-130-202.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /etc/kubernetes/cni/net.d type: Directory name: system-cni-dir - hostPath: path: /var/run/multus/cni/net.d type: Directory name: multus-cni-dir - hostPath: path: /var/lib/cni/bin type: Directory name: cnibin - hostPath: path: /etc/os-release type: File name: os-release - configMap: defaultMode: 484 name: cni-copy-resources name: cni-binary-copy - hostPath: path: /run/multus type: DirectoryOrCreate name: multus-socket-dir-parent - hostPath: path: /run/k8s.cni.cncf.io type: "" name: host-run-k8s-cni-cncf-io - hostPath: path: /run/netns/ type: "" name: host-run-netns - hostPath: path: /var/lib/cni/bin type: "" name: host-var-lib-cni-bin - hostPath: path: /var/lib/cni/multus type: "" name: host-var-lib-cni-multus - hostPath: path: /var/lib/kubelet type: "" name: host-var-lib-kubelet - hostPath: path: / type: "" name: hostroot - hostPath: path: /etc/cni/multus/net.d type: "" name: multus-conf-dir - configMap: defaultMode: 420 items: - key: daemon-config.json path: daemon-config.json name: multus-daemon-config name: multus-daemon-config - hostPath: path: /etc/cni/multus/certs type: "" name: host-run-multus-certs - hostPath: path: /etc/kubernetes type: "" name: etc-kubernetes - name: kube-api-access-8ftzr projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:14Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:02Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:14Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:14Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:02Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 65Mi containerID: cri-o://3b7ac5a2e063336df9d2eefdba5201419f322557a228ed55b888795f3311c042 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a lastState: {} name: kube-multus ready: true resources: requests: cpu: 10m memory: 65Mi restartCount: 0 started: true state: running: startedAt: "2026-04-23T17:55:13Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/etc/os-release name: os-release - mountPath: /host/etc/cni/net.d name: system-cni-dir - mountPath: /host/run/multus/cni/net.d name: multus-cni-dir - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/run/multus name: multus-socket-dir-parent - mountPath: /run/k8s.cni.cncf.io name: host-run-k8s-cni-cncf-io - mountPath: /run/netns name: host-run-netns - mountPath: /var/lib/cni/bin name: host-var-lib-cni-bin - mountPath: /var/lib/cni/multus name: host-var-lib-cni-multus - mountPath: /var/lib/kubelet name: host-var-lib-kubelet - mountPath: /hostroot name: hostroot - mountPath: /etc/cni/multus/net.d name: multus-conf-dir - mountPath: /etc/cni/net.d/multus.d name: multus-daemon-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cni/multus/certs name: host-run-multus-certs - mountPath: /etc/kubernetes name: etc-kubernetes - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-8ftzr readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.130.202 hostIPs: - ip: 10.0.130.202 phase: Running podIP: 10.0.130.202 podIPs: - ip: 10.0.130.202 qosClass: Burstable startTime: "2026-04-23T17:55:02Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" creationTimestamp: "2026-04-23T17:55:02Z" generateName: multus- generation: 1 labels: app: multus component: network controller-revision-hash: 7d4df7fd7c openshift.io/component: network pod-template-generation: "1" type: infra managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:component: {} f:controller-revision-hash: {} f:openshift.io/component: {} f:pod-template-generation: {} f:type: {} f:ownerReferences: .: {} k:{"uid":"ff9a354f-bd38-46ec-a226-06471e3b93dd"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"kube-multus"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DEFAULT_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"K8S_NODE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"KUBERNETES_SERVICE_HOST"}: .: {} f:name: {} f:value: {} k:{"name":"KUBERNETES_SERVICE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"MULTUS_NODE_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RHEL8_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL9_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/entrypoint"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/cni/multus/certs"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/cni/multus/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/cni/net.d/multus.d"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/kubernetes"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/cni/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/os-release"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/opt/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/run/multus"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} k:{"mountPath":"/host/run/multus/cni/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/hostroot"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} k:{"mountPath":"/run/k8s.cni.cncf.io"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/run/netns"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} k:{"mountPath":"/var/lib/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/cni/multus"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cni-binary-copy"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cnibin"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"etc-kubernetes"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-run-k8s-cni-cncf-io"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-run-multus-certs"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-run-netns"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-var-lib-cni-bin"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-var-lib-cni-multus"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-var-lib-kubelet"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"hostroot"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-cni-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-conf-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-daemon-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"multus-socket-dir-parent"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"os-release"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"system-cni-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-23T17:55:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.132.102"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-23T17:55:40Z" name: multus-6g56n namespace: openshift-multus ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: multus uid: ff9a354f-bd38-46ec-a226-06471e3b93dd resourceVersion: "6935" uid: ae56a92f-dfae-4763-b849-dca72bc2cf3d spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-132-102.ec2.internal containers: - args: - | MULTUS_DAEMON_OPT="" /entrypoint/cnibincopy.sh; exec /usr/src/multus-cni/bin/multus-daemon $MULTUS_DAEMON_OPT command: - /bin/bash - -ec - -- env: - name: RHEL8_SOURCE_DIRECTORY value: /usr/src/multus-cni/rhel8/bin/ - name: RHEL9_SOURCE_DIRECTORY value: /usr/src/multus-cni/rhel9/bin/ - name: DEFAULT_SOURCE_DIRECTORY value: /usr/src/multus-cni/bin/ - name: KUBERNETES_SERVICE_PORT value: "6443" - name: KUBERNETES_SERVICE_HOST value: a8db5b969e950483188b6531afe0b5a5-bceca851381a2b43.elb.us-east-1.amazonaws.com - name: MULTUS_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: K8S_NODE valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a imagePullPolicy: IfNotPresent name: kube-multus resources: requests: cpu: 10m memory: 65Mi securityContext: privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/etc/os-release name: os-release - mountPath: /host/etc/cni/net.d name: system-cni-dir - mountPath: /host/run/multus/cni/net.d name: multus-cni-dir - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/run/multus mountPropagation: HostToContainer name: multus-socket-dir-parent - mountPath: /run/k8s.cni.cncf.io name: host-run-k8s-cni-cncf-io - mountPath: /run/netns mountPropagation: HostToContainer name: host-run-netns - mountPath: /var/lib/cni/bin name: host-var-lib-cni-bin - mountPath: /var/lib/cni/multus name: host-var-lib-cni-multus - mountPath: /var/lib/kubelet mountPropagation: HostToContainer name: host-var-lib-kubelet - mountPath: /hostroot mountPropagation: HostToContainer name: hostroot - mountPath: /etc/cni/multus/net.d name: multus-conf-dir - mountPath: /etc/cni/net.d/multus.d name: multus-daemon-config readOnly: true - mountPath: /etc/cni/multus/certs name: host-run-multus-certs - mountPath: /etc/kubernetes name: etc-kubernetes - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xx8dp readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: default-dockercfg-4kn7n nodeName: ip-10-0-132-102.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /etc/kubernetes/cni/net.d type: Directory name: system-cni-dir - hostPath: path: /var/run/multus/cni/net.d type: Directory name: multus-cni-dir - hostPath: path: /var/lib/cni/bin type: Directory name: cnibin - hostPath: path: /etc/os-release type: File name: os-release - configMap: defaultMode: 484 name: cni-copy-resources name: cni-binary-copy - hostPath: path: /run/multus type: DirectoryOrCreate name: multus-socket-dir-parent - hostPath: path: /run/k8s.cni.cncf.io type: "" name: host-run-k8s-cni-cncf-io - hostPath: path: /run/netns/ type: "" name: host-run-netns - hostPath: path: /var/lib/cni/bin type: "" name: host-var-lib-cni-bin - hostPath: path: /var/lib/cni/multus type: "" name: host-var-lib-cni-multus - hostPath: path: /var/lib/kubelet type: "" name: host-var-lib-kubelet - hostPath: path: / type: "" name: hostroot - hostPath: path: /etc/cni/multus/net.d type: "" name: multus-conf-dir - configMap: defaultMode: 420 items: - key: daemon-config.json path: daemon-config.json name: multus-daemon-config name: multus-daemon-config - hostPath: path: /etc/cni/multus/certs type: "" name: host-run-multus-certs - hostPath: path: /etc/kubernetes type: "" name: etc-kubernetes - name: kube-api-access-xx8dp projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:13Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:02Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:40Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:40Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:02Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 65Mi containerID: cri-o://8f7b23264c5219c35ba3f42e72e834e217555efae9ee2af7332531f004b7eb2c image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a lastState: terminated: containerID: cri-o://aca5adc6a19b0a329c7471b6ff92d6713f7c1042f723106b7edf813e54eb35d6 exitCode: 2 finishedAt: "2026-04-23T17:55:39Z" message: "2026-04-23T17:55:13+00:00 [cnibincopy] Successfully copied files in /usr/src/multus-cni/rhel9/bin/ to /host/opt/cni/bin/upgrade_6b0db8cf-8ad3-4c0c-ad6a-194d0edbcdbd\n2026-04-23T17:55:13+00:00 [cnibincopy] Successfully moved files in /host/opt/cni/bin/upgrade_6b0db8cf-8ad3-4c0c-ad6a-194d0edbcdbd to /host/opt/cni/bin/\n2026-04-23T17:55:13Z [verbose] multus-daemon started\n2026-04-23T17:55:13Z [verbose] Readiness Indicator file check\n2026-04-23T17:55:38Z [verbose] Readiness Indicator file check done!\n2026-04-23T17:55:38Z [verbose] Waiting for certificate\n2026-04-23T17:55:38Z [error] failed to list pods with new certs: pods is forbidden: User \"system:node:ip-10-0-132-102.ec2.internal\" cannot list resource \"pods\" in API group \"\" at the cluster scope: can only list/watch pods with spec.nodeName field selector\nI0423 17:55:39.231052 \ 3139 certificate_store.go:130] Loading cert/key pair from \"/etc/cni/multus/certs/multus-client-current.pem\".\n2026-04-23T17:55:39Z [verbose] Certificate found!\n2026-04-23T17:55:39Z [verbose] server configured with chroot: /hostroot\n2026-04-23T17:55:39Z [verbose] Filtering pod watch for node \"ip-10-0-132-102.ec2.internal\"\n2026-04-23T17:55:39Z [verbose] API readiness check\n2026-04-23T17:55:39Z [verbose] API readiness check done!\n2026-04-23T17:55:39Z [error] failed to access the primary CNI configuration from /host/run/multus/cni/net.d/10-ovn-kubernetes.conf: failed to read the cluster primary CNI config /host/run/multus/cni/net.d/10-ovn-kubernetes.conf: open /host/run/multus/cni/net.d/10-ovn-kubernetes.conf: no such file or directory\n2026-04-23T17:55:39Z [error] failed to read the primary CNI plugin config from /host/run/multus/cni/net.d/10-ovn-kubernetes.conf\n2026-04-23T17:55:39Z [verbose] Generated MultusCNI config: \n2026-04-23T17:55:39Z [verbose] started to watch file /host/run/multus/cni/net.d/10-ovn-kubernetes.conf\n2026-04-23T17:55:39Z [verbose] readiness indicator file is gone. restart multus-daemon\n" reason: Error startedAt: "2026-04-23T17:55:13Z" name: kube-multus ready: true resources: requests: cpu: 10m memory: 65Mi restartCount: 1 started: true state: running: startedAt: "2026-04-23T17:55:39Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/etc/os-release name: os-release - mountPath: /host/etc/cni/net.d name: system-cni-dir - mountPath: /host/run/multus/cni/net.d name: multus-cni-dir - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/run/multus name: multus-socket-dir-parent - mountPath: /run/k8s.cni.cncf.io name: host-run-k8s-cni-cncf-io - mountPath: /run/netns name: host-run-netns - mountPath: /var/lib/cni/bin name: host-var-lib-cni-bin - mountPath: /var/lib/cni/multus name: host-var-lib-cni-multus - mountPath: /var/lib/kubelet name: host-var-lib-kubelet - mountPath: /hostroot name: hostroot - mountPath: /etc/cni/multus/net.d name: multus-conf-dir - mountPath: /etc/cni/net.d/multus.d name: multus-daemon-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cni/multus/certs name: host-run-multus-certs - mountPath: /etc/kubernetes name: etc-kubernetes - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xx8dp readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.132.102 hostIPs: - ip: 10.0.132.102 phase: Running podIP: 10.0.132.102 podIPs: - ip: 10.0.132.102 qosClass: Burstable startTime: "2026-04-23T17:55:02Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" creationTimestamp: "2026-04-23T17:55:02Z" generateName: multus- generation: 1 labels: app: multus component: network controller-revision-hash: 7d4df7fd7c openshift.io/component: network pod-template-generation: "1" type: infra managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:component: {} f:controller-revision-hash: {} f:openshift.io/component: {} f:pod-template-generation: {} f:type: {} f:ownerReferences: .: {} k:{"uid":"ff9a354f-bd38-46ec-a226-06471e3b93dd"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"kube-multus"}: .: {} f:args: {} f:command: {} f:env: .: {} k:{"name":"DEFAULT_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"K8S_NODE"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"KUBERNETES_SERVICE_HOST"}: .: {} f:name: {} f:value: {} k:{"name":"KUBERNETES_SERVICE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"MULTUS_NODE_NAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"RHEL8_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL9_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/entrypoint"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/cni/multus/certs"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/cni/multus/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/cni/net.d/multus.d"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/etc/kubernetes"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/cni/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/os-release"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/opt/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/run/multus"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} k:{"mountPath":"/host/run/multus/cni/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/hostroot"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} k:{"mountPath":"/run/k8s.cni.cncf.io"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/run/netns"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} k:{"mountPath":"/var/lib/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/cni/multus"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet"}: .: {} f:mountPath: {} f:mountPropagation: {} f:name: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:hostPID: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cni-binary-copy"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cnibin"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"etc-kubernetes"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-run-k8s-cni-cncf-io"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-run-multus-certs"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-run-netns"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-var-lib-cni-bin"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-var-lib-cni-multus"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"host-var-lib-kubelet"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"hostroot"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-cni-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-conf-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-daemon-config"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:name: {} k:{"name":"multus-socket-dir-parent"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"os-release"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"system-cni-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-23T17:55:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.141.209"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-23T17:55:13Z" name: multus-8pvs8 namespace: openshift-multus ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: multus uid: ff9a354f-bd38-46ec-a226-06471e3b93dd resourceVersion: "6163" uid: 60e98a1f-ca0f-4e88-883e-76057a6fcbe8 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-141-209.ec2.internal containers: - args: - | MULTUS_DAEMON_OPT="" /entrypoint/cnibincopy.sh; exec /usr/src/multus-cni/bin/multus-daemon $MULTUS_DAEMON_OPT command: - /bin/bash - -ec - -- env: - name: RHEL8_SOURCE_DIRECTORY value: /usr/src/multus-cni/rhel8/bin/ - name: RHEL9_SOURCE_DIRECTORY value: /usr/src/multus-cni/rhel9/bin/ - name: DEFAULT_SOURCE_DIRECTORY value: /usr/src/multus-cni/bin/ - name: KUBERNETES_SERVICE_PORT value: "6443" - name: KUBERNETES_SERVICE_HOST value: a8db5b969e950483188b6531afe0b5a5-bceca851381a2b43.elb.us-east-1.amazonaws.com - name: MULTUS_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: K8S_NODE valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a imagePullPolicy: IfNotPresent name: kube-multus resources: requests: cpu: 10m memory: 65Mi securityContext: privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/etc/os-release name: os-release - mountPath: /host/etc/cni/net.d name: system-cni-dir - mountPath: /host/run/multus/cni/net.d name: multus-cni-dir - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/run/multus mountPropagation: HostToContainer name: multus-socket-dir-parent - mountPath: /run/k8s.cni.cncf.io name: host-run-k8s-cni-cncf-io - mountPath: /run/netns mountPropagation: HostToContainer name: host-run-netns - mountPath: /var/lib/cni/bin name: host-var-lib-cni-bin - mountPath: /var/lib/cni/multus name: host-var-lib-cni-multus - mountPath: /var/lib/kubelet mountPropagation: HostToContainer name: host-var-lib-kubelet - mountPath: /hostroot mountPropagation: HostToContainer name: hostroot - mountPath: /etc/cni/multus/net.d name: multus-conf-dir - mountPath: /etc/cni/net.d/multus.d name: multus-daemon-config readOnly: true - mountPath: /etc/cni/multus/certs name: host-run-multus-certs - mountPath: /etc/kubernetes name: etc-kubernetes - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2j8sj readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true hostPID: true imagePullSecrets: - name: default-dockercfg-4kn7n nodeName: ip-10-0-141-209.ec2.internal nodeSelector: kubernetes.io/os: linux preemptionPolicy: PreemptLowerPriority priority: 2000001000 priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: - hostPath: path: /etc/kubernetes/cni/net.d type: Directory name: system-cni-dir - hostPath: path: /var/run/multus/cni/net.d type: Directory name: multus-cni-dir - hostPath: path: /var/lib/cni/bin type: Directory name: cnibin - hostPath: path: /etc/os-release type: File name: os-release - configMap: defaultMode: 484 name: cni-copy-resources name: cni-binary-copy - hostPath: path: /run/multus type: DirectoryOrCreate name: multus-socket-dir-parent - hostPath: path: /run/k8s.cni.cncf.io type: "" name: host-run-k8s-cni-cncf-io - hostPath: path: /run/netns/ type: "" name: host-run-netns - hostPath: path: /var/lib/cni/bin type: "" name: host-var-lib-cni-bin - hostPath: path: /var/lib/cni/multus type: "" name: host-var-lib-cni-multus - hostPath: path: /var/lib/kubelet type: "" name: host-var-lib-kubelet - hostPath: path: / type: "" name: hostroot - hostPath: path: /etc/cni/multus/net.d type: "" name: multus-conf-dir - configMap: defaultMode: 420 items: - key: daemon-config.json path: daemon-config.json name: multus-daemon-config name: multus-daemon-config - hostPath: path: /etc/cni/multus/certs type: "" name: host-run-multus-certs - hostPath: path: /etc/kubernetes type: "" name: etc-kubernetes - name: kube-api-access-2j8sj projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:13Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:02Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:13Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:13Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-23T17:55:02Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 10m memory: 65Mi containerID: cri-o://e1b1cbeb621760a1ede9e32f68d227c8cdcc2a233aa96f1b067fb6a158c17ba8 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a lastState: {} name: kube-multus ready: true resources: requests: cpu: 10m memory: 65Mi restartCount: 0 started: true state: running: startedAt: "2026-04-23T17:55:13Z" user: linux: gid: 0 supplementalGroups: - 0 uid: 0 volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/etc/os-release name: os-release - mountPath: /host/etc/cni/net.d name: system-cni-dir - mountPath: /host/run/multus/cni/net.d name: multus-cni-dir - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/run/multus name: multus-socket-dir-parent - mountPath: /run/k8s.cni.cncf.io name: host-run-k8s-cni-cncf-io - mountPath: /run/netns name: host-run-netns - mountPath: /var/lib/cni/bin name: host-var-lib-cni-bin - mountPath: /var/lib/cni/multus name: host-var-lib-cni-multus - mountPath: /var/lib/kubelet name: host-var-lib-kubelet - mountPath: /hostroot name: hostroot - mountPath: /etc/cni/multus/net.d name: multus-conf-dir - mountPath: /etc/cni/net.d/multus.d name: multus-daemon-config readOnly: true recursiveReadOnly: Disabled - mountPath: /etc/cni/multus/certs name: host-run-multus-certs - mountPath: /etc/kubernetes name: etc-kubernetes - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-2j8sj readOnly: true recursiveReadOnly: Disabled hostIP: 10.0.141.209 hostIPs: - ip: 10.0.141.209 phase: Running podIP: 10.0.141.209 podIPs: - ip: 10.0.141.209 qosClass: Burstable startTime: "2026-04-23T17:55:02Z" - apiVersion: v1 kind: Pod metadata: annotations: cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" creationTimestamp: "2026-04-23T17:55:02Z" generateName: multus-additional-cni-plugins- generation: 1 labels: app: multus-additional-cni-plugins component: network controller-revision-hash: 84cd75747b openshift.io/component: network pod-template-generation: "1" type: infra managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:cluster-autoscaler.kubernetes.io/enable-ds-eviction: {} f:target.workload.openshift.io/management: {} f:generateName: {} f:labels: .: {} f:app: {} f:component: {} f:controller-revision-hash: {} f:openshift.io/component: {} f:pod-template-generation: {} f:type: {} f:ownerReferences: .: {} k:{"uid":"f3b817cf-aaff-499c-aa68-a1f462480290"}: {} f:spec: f:affinity: .: {} f:nodeAffinity: .: {} f:requiredDuringSchedulingIgnoredDuringExecution: {} f:containers: k:{"name":"kube-multus-additional-cni-plugins"}: .: {} f:args: {} f:command: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:privileged: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:hostNetwork: {} f:initContainers: .: {} k:{"name":"bond-cni-plugin"}: .: {} f:command: {} f:env: .: {} k:{"name":"DEFAULT_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL8_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL9_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/entrypoint"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/os-release"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/opt/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"name":"cni-plugins"}: .: {} f:command: {} f:env: .: {} k:{"name":"DEFAULT_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL8_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL9_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/entrypoint"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/cni/tuning/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/os-release"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/opt/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/sysctls"}: .: {} f:mountPath: {} f:name: {} k:{"name":"egress-router-binary-copy"}: .: {} f:command: {} f:env: .: {} k:{"name":"DEFAULT_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL8_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL9_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/entrypoint"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/os-release"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/opt/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"name":"routeoverride-cni"}: .: {} f:command: {} f:env: .: {} k:{"name":"DEFAULT_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL8_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL9_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/entrypoint"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/os-release"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/opt/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"name":"whereabouts-cni"}: .: {} f:command: {} f:env: .: {} k:{"name":"CNI_BIN_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"CNI_CONF_DIR"}: .: {} f:name: {} f:value: {} k:{"name":"KUBERNETES_SERVICE_HOST"}: .: {} f:name: {} f:value: {} k:{"name":"KUBERNETES_SERVICE_PORT"}: .: {} f:name: {} f:value: {} k:{"name":"NODENAME"}: .: {} f:name: {} f:valueFrom: .: {} f:fieldRef: {} k:{"name":"SLEEP"}: .: {} f:name: {} f:value: {} k:{"name":"WHEREABOUTS_NAMESPACE"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/whereabouts/config"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/cni/net.d"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/opt/cni/bin"}: .: {} f:mountPath: {} f:name: {} k:{"name":"whereabouts-cni-bincopy"}: .: {} f:command: {} f:env: .: {} k:{"name":"DEFAULT_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL8_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} k:{"name":"RHEL9_SOURCE_DIRECTORY"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/entrypoint"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/host/etc/os-release"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/host/opt/cni/bin"}: .: {} f:mountPath: {} f:name: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:tolerations: {} f:volumes: .: {} k:{"name":"cni-binary-copy"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cni-sysctl-allowlist"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"cnibin"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"multus-cni-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"os-release"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"system-cni-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"tuning-conf-dir"}: .: {} f:hostPath: .: {} f:path: {} f:type: {} f:name: {} k:{"name":"whereabouts-flatfile-configmap"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-23T17:55:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"PodReadyToStartContainers"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:hostIPs: {} f:initContainerStatuses: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.0.132.102"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update subresource: status time: "2026-04-23T17:55:29Z" name: multus-additional-cni-plugins-ncg5g namespace: openshift-multus ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: DaemonSet name: multus-additional-cni-plugins uid: f3b817cf-aaff-499c-aa68-a1f462480290 resourceVersion: "6624" uid: 0c55482f-ee0e-4a40-a959-7530a690f4c2 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchFields: - key: metadata.name operator: In values: - ip-10-0-132-102.ec2.internal containers: - args: - | trap : TERM INT; sleep infinity & wait command: - /bin/bash - -ec - -- image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a61807a85f6a37f17eb42644bbc038bc04fc489626435da28b0d2c4a30f7e02a imagePullPolicy: IfNotPresent name: kube-multus-additional-cni-plugins resources: requests: cpu: 10m memory: 10Mi securityContext: privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7hb4n readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true imagePullSecrets: - name: multus-ancillary-tools-dockercfg-sv4gq initContainers: - command: - /entrypoint/cnibincopy.sh env: - name: RHEL8_SOURCE_DIRECTORY value: /usr/src/egress-router-cni/rhel8/bin/ - name: RHEL9_SOURCE_DIRECTORY value: /usr/src/egress-router-cni/rhel9/bin/ - name: DEFAULT_SOURCE_DIRECTORY value: /usr/src/egress-router-cni/bin/ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f7e28d9938f33314269d8079649373b4befb36895b8636c4c2ec3c0fee47c91c imagePullPolicy: IfNotPresent name: egress-router-binary-copy resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/etc/os-release name: os-release readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7hb4n readOnly: true - command: - /bin/bash - -c - /entrypoint/cnibincopy.sh && cp -n /sysctls/allowlist.conf /host/etc/cni/tuning/ env: - name: RHEL8_SOURCE_DIRECTORY value: /usr/src/plugins/rhel8/bin/ - name: RHEL9_SOURCE_DIRECTORY value: /usr/src/plugins/rhel9/bin/ - name: DEFAULT_SOURCE_DIRECTORY value: /usr/src/plugins/bin/ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:77f7e33000484395db2216d431d7f91158cbb0ddee564b65288f4ec47e3188b8 imagePullPolicy: IfNotPresent name: cni-plugins resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/etc/os-release name: os-release readOnly: true - mountPath: /host/etc/cni/tuning/ name: tuning-conf-dir - mountPath: /sysctls name: cni-sysctl-allowlist - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7hb4n readOnly: true - command: - /entrypoint/cnibincopy.sh env: - name: RHEL8_SOURCE_DIRECTORY value: /bondcni/rhel8/ - name: RHEL9_SOURCE_DIRECTORY value: /bondcni/rhel9/ - name: DEFAULT_SOURCE_DIRECTORY value: /bondcni/rhel9/ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:91034a2e8fa729a060ad18831a3c6e5de5d2b7b3de437b198ddc24fcb724dcf6 imagePullPolicy: IfNotPresent name: bond-cni-plugin resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/etc/os-release name: os-release readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7hb4n readOnly: true - command: - /entrypoint/cnibincopy.sh env: - name: RHEL8_SOURCE_DIRECTORY value: /usr/src/route-override/rhel8/bin/ - name: RHEL9_SOURCE_DIRECTORY value: /usr/src/route-override/rhel9/bin/ - name: DEFAULT_SOURCE_DIRECTORY value: /usr/src/route-override/bin/ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:18d788b8deb049d24dfdb101371f6d2211a5e731bacd64b08adb97f66b6c4eb1 imagePullPolicy: IfNotPresent name: routeoverride-cni resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/etc/os-release name: os-release readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7hb4n readOnly: true - command: - /entrypoint/cnibincopy.sh env: - name: RHEL8_SOURCE_DIRECTORY value: /usr/src/whereabouts/rhel8/bin/ - name: RHEL9_SOURCE_DIRECTORY value: /usr/src/whereabouts/rhel9/bin/ - name: DEFAULT_SOURCE_DIRECTORY value: /usr/src/whereabouts/bin/ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5c4d9f8fd250636b548d533d8f0af8bd5494ad6e5026569cefc634f0283d50df imagePullPolicy: IfNotPresent name: whereabouts-cni-bincopy resources: requests: cpu: 10m memory: 10Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /entrypoint name: cni-binary-copy - mountPath: /host/opt/cni/bin name: cnibin - mountPath: /host/etc/os-release name: os-release readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-7hb4n readOnly: true - command: - /bin/sh - -c - | #!/bin/sh set -u -e CNI_BIN_DIR=${CNI_BIN_DIR:-"/host/opt/cni/bin/"} WHEREABOUTS_KUBECONFIG_FILE_HOST=${WHEREABOUTS_KUBECONFIG_FILE_HOST:-"/etc/cni/net.d/whereabouts.d/whereabouts.kubeconfig"} CNI_CONF_DIR=${CNI_CONF_DIR:-"/host/etc/kubernetes/cni/net.d"} WHEREABOUTS_RECONCILER_CRON=${WHEREABOUTS_RECONCILER_CRON:-30 4 * * *} # Make a whereabouts.d directory (for our kubeconfig) mkdir -p $CNI_CONF_DIR/whereabouts.d WHEREABOUTS_KUBECONFIG=$CNI_CONF_DIR/whereabouts.d/whereabouts.kubeconfig WHEREABOUTS_CONF_FILE=$CNI_CONF_DIR/whereabouts.d/whereabouts.conf WHEREABOUTS_KUBECONFIG_LITERAL=$(echo "$WHEREABOUTS_KUBECONFIG" | sed -e s'|/host||') # Write the nodename to the whereabouts.d directory for standardized hostname reference across cloud providers echo $NODENAME > $CNI_CONF_DIR/whereabouts.d/nodename SERVICE_ACCOUNT_PATH=/var/run/secrets/kubernetes.io/serviceaccount KUBE_CA_FILE=${KUBE_CA_FILE:-$SERVICE_ACCOUNT_PATH/ca.crt} SERVICE_ACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token) SERVICE_ACCOUNT_TOKEN_PATH=$SERVICE_ACCOUNT_PATH/token SKIP_TLS_VERIFY=${SKIP_TLS_VERIFY:-false} function log() { echo "$(date -Iseconds) ${1}" } function error() { log "ERR: {$1}" } function warn() { log "WARN: {$1}" } function generateKubeConfig { # Check if we're running as a k8s pod. if [ -f "$SERVICE_ACCOUNT_PATH/token" ]; then # We're running as a k8d pod - expect some variables. if [ -z ${KUBERNETES_SERVICE_HOST} ]; then error "KUBERNETES_SERVICE_HOST not set"; exit 1; fi if [ -z ${KUBERNETES_SERVICE_PORT} ]; then error "KUBERNETES_SERVICE_PORT not set"; exit 1; fi if [ "$SKIP_TLS_VERIFY" == "true" ]; then TLS_CFG="insecure-skip-tls-verify: true" elif [ -f "$KUBE_CA_FILE" ]; then TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')" fi # Kubernetes service address must be wrapped if it is IPv6 address KUBERNETES_SERVICE_HOST_WRAP=$KUBERNETES_SERVICE_HOST if [ "$KUBERNETES_SERVICE_HOST_WRAP" != "${KUBERNETES_SERVICE_HOST_WRAP#*:[0-9a-fA-F]}" ]; then KUBERNETES_SERVICE_HOST_WRAP=\[$KUBERNETES_SERVICE_HOST_WRAP\] fi # Write a kubeconfig file for the CNI plugin. Do this # to skip TLS verification for now. We should eventually support # writing more complete kubeconfig files. This is only used # if the provided CNI network config references it. touch $WHEREABOUTS_KUBECONFIG chmod ${KUBECONFIG_MODE:-600} $WHEREABOUTS_KUBECONFIG cat > $WHEREABOUTS_KUBECONFIG < $WHEREABOUTS_CONF_FILE < $CNI_CONF_DIR/whereabouts.d/nodename SERVICE_ACCOUNT_PATH=/var/run/secrets/kubernetes.io/serviceaccount KUBE_CA_FILE=${KUBE_CA_FILE:-$SERVICE_ACCOUNT_PATH/ca.crt} SERVICE_ACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token) SERVICE_ACCOUNT_TOKEN_PATH=$SERVICE_ACCOUNT_PATH/token SKIP_TLS_VERIFY=${SKIP_TLS_VERIFY:-false} function log() { echo "$(date -Iseconds) ${1}" } function error() { log "ERR: {$1}" } function warn() { log "WARN: {$1}" } function generateKubeConfig { # Check if we're running as a k8s pod. if [ -f "$SERVICE_ACCOUNT_PATH/token" ]; then # We're running as a k8d pod - expect some variables. if [ -z ${KUBERNETES_SERVICE_HOST} ]; then error "KUBERNETES_SERVICE_HOST not set"; exit 1; fi if [ -z ${KUBERNETES_SERVICE_PORT} ]; then error "KUBERNETES_SERVICE_PORT not set"; exit 1; fi if [ "$SKIP_TLS_VERIFY" == "true" ]; then TLS_CFG="insecure-skip-tls-verify: true" elif [ -f "$KUBE_CA_FILE" ]; then TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')" fi # Kubernetes service address must be wrapped if it is IPv6 address KUBERNETES_SERVICE_HOST_WRAP=$KUBERNETES_SERVICE_HOST if [ "$KUBERNETES_SERVICE_HOST_WRAP" != "${KUBERNETES_SERVICE_HOST_WRAP#*:[0-9a-fA-F]}" ]; then KUBERNETES_SERVICE_HOST_WRAP=\[$KUBERNETES_SERVICE_HOST_WRAP\] fi # Write a kubeconfig file for the CNI plugin. Do this # to skip TLS verification for now. We should eventually support # writing more complete kubeconfig files. This is only used # if the provided CNI network config references it. touch $WHEREABOUTS_KUBECONFIG chmod ${KUBECONFIG_MODE:-600} $WHEREABOUTS_KUBECONFIG cat > $WHEREABOUTS_KUBECONFIG < $WHEREABOUTS_CONF_FILE < $CNI_CONF_DIR/whereabouts.d/nodename SERVICE_ACCOUNT_PATH=/var/run/secrets/kubernetes.io/serviceaccount KUBE_CA_FILE=${KUBE_CA_FILE:-$SERVICE_ACCOUNT_PATH/ca.crt} SERVICE_ACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token) SERVICE_ACCOUNT_TOKEN_PATH=$SERVICE_ACCOUNT_PATH/token SKIP_TLS_VERIFY=${SKIP_TLS_VERIFY:-false} function log() { echo "$(date -Iseconds) ${1}" } function error() { log "ERR: {$1}" } function warn() { log "WARN: {$1}" } function generateKubeConfig { # Check if we're running as a k8s pod. if [ -f "$SERVICE_ACCOUNT_PATH/token" ]; then # We're running as a k8d pod - expect some variables. if [ -z ${KUBERNETES_SERVICE_HOST} ]; then error "KUBERNETES_SERVICE_HOST not set"; exit 1; fi if [ -z ${KUBERNETES_SERVICE_PORT} ]; then error "KUBERNETES_SERVICE_PORT not set"; exit 1; fi if [ "$SKIP_TLS_VERIFY" == "true" ]; then TLS_CFG="insecure-skip-tls-verify: true" elif [ -f "$KUBE_CA_FILE" ]; then TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')" fi # Kubernetes service address must be wrapped if it is IPv6 address KUBERNETES_SERVICE_HOST_WRAP=$KUBERNETES_SERVICE_HOST if [ "$KUBERNETES_SERVICE_HOST_WRAP" != "${KUBERNETES_SERVICE_HOST_WRAP#*:[0-9a-fA-F]}" ]; then KUBERNETES_SERVICE_HOST_WRAP=\[$KUBERNETES_SERVICE_HOST_WRAP\] fi # Write a kubeconfig file for the CNI plugin. Do this # to skip TLS verification for now. We should eventually support # writing more complete kubeconfig files. This is only used # if the provided CNI network config references it. touch $WHEREABOUTS_KUBECONFIG chmod ${KUBECONFIG_MODE:-600} $WHEREABOUTS_KUBECONFIG cat > $WHEREABOUTS_KUBECONFIG < $WHEREABOUTS_CONF_FILE <