--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-24T14:20:33Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"5f654859-b787-442e-a5f0-098e49089de4"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-24T14:20:33Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5f654859-b787-442e-a5f0-098e49089de4 resourceVersion: "2397" uid: 9172ed02-d8f8-478e-b739-1ef2b8151c3f - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-24T14:20:33Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-24T14:20:33Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2393" uid: abda5d98-08cc-409d-a3a1-9c3fabe13fd7 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-24T14:20:33Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"5f654859-b787-442e-a5f0-098e49089de4"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-24T14:20:33Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5f654859-b787-442e-a5f0-098e49089de4 resourceVersion: "2391" uid: c804adc8-04fb-4909-8cb7-afd1394394a9 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIZm/tCofGMQwwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQyNDE0MTgwMVoX DTM2MDQyMTE0MTgwMVowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqXcunt1iIxD 3SfQMKFWCoTTMX8szU0+rqQdmLTKLVvT7s+/qfsSVz13yTbILp9yoAxa3xtTxW37 3PSzW1mopGTsFNItnR5FHhxNgFeWe/wAujCJTzhjMh7plszPG/Yj0xTdLHOg2UfM 2p2d1q3HRGpmwIDDNre2sgiddDleufFArgD1JQM79Xm4rDav2dt4M5DNZsbGSInc gSOKxa5s0QG2kSprDHob9F1caCB1Ny3XpARHd/sZsGMX8A1VanBEN4YZmEa36NZf 5902pLOjp8jcMlZyKwELYuVFen/Flfl2esUh4pDLmaor9OHmvXbvvrKGwDrQEvJu 7LMd6mC+9wIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAgUaPMFymkxIijVWCjOgCnyeIKLH6EQq9P1zWrNCCM98s/3Ud 2XUd1s4Xbk0YXaFKEmBbofgCjY0rxBXzOkW4lDANBgkqhkiG9w0BAQsFAAOCAQEA E7ki0MKYOas10n79yXhynbcN0Sx77z2PlYknF29eKo6lWDYSt3L9Xji7lPuzSztZ OSKRPo4eRA/3G88xEUx6tBF4qupUHktU08hYPkwiNERS+b2aoGybQr41T/DeBhSe /0pR9+ajqYWewWtSiWHK+O/Vph00JDHQEe5177pQEVm2EGFcb5atDJgiRZlyDhuy uqaCzFKKb6n5dqsG1MU7QLm5Bl/pkt4lQCKR7kxAEMoFxzs9dCIlNDOpDUr/mm6A D1oqVN7nPhFFjQ7M+2figE/vtLkGsvvgtVozt4k9US5YKNZB7YWlMynaF9HFZoiz CjKuSxsd6sal5SVQuj25zw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIWkMvUD0aYMUwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQyNDE0MTgzNFoX DTI3MDQyNDE0MTgzNFowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AOhT0YcAwopCbKVKAkXQXqWdgh0tF8r8J79TQ+8VJ1z6Dr1ZnYvQil36kPRDCKSO nO0bU58U/5rymdm/qXN3ZL34OQCQ95mggW37Fdg/7Um23CsFKR2S4wi9Kp0regJX DdcXVvjsms6KE0l5N7VKsge3r0jHgWzRXFFDSlkq9HlvxO65tRUsjZTdAssh+rGp K8/bTsE/th1P99C/Xon0lpuC3L7eZG2P//3IvJGRjtwCcModE/DzxQr05ktoCWQW 1xPKyUQyPVmN0z5Me4TxyH2aj7Xt1Rku7J+EzAqiBcXo+M6LEbm86cOh1D7ELT8P xFr5jw9m43RCAJNVUPNyAkMCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRA1SjU4yBvitoJ+gLjxu5c4fAgjPWVuNFuuivdIyLKgIMYaMYOYq4LwHb/ lsaXPG1ayGcpoeuBAW9FJGZGFqO2EjBLBgNVHSMERDBCgECBRo8wXKaTEiKNVYKM 6AKfJ4gosfoRCr0/XNas0IIz3yz/dR3ZdR3WzhduTRhdoUoSYFuh+AKNjSvEFfM6 RbiUMEsGA1UdEQREMEKCQCouYXBwcy44OTk2NTIyMS03OGZmLTQ2NGEtOTBiYS02 ODg5NWQxNDE1NmIucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBADE6DHjV9dnHRsIepNZHAk43y6aLPs7OcYd9d1GehYwEpy7r+p2jnSWJOQIj dnU4V/08z1GswcvU2ySaSSQRhQqgizUZo1eX5j7OWFzU2gBmmNhXsYKtWsmD+Jvo Q8jLk0gYPR3HrGb5+YOpHURITV+ipjsYnhvt2u0LoNRPxbKC10Wjuobk4iSMoHAh upAgezltTihquGZ2jaOjFfPLnpCFqDMpxNXmlcLS5XeKxEMn7VO6r4tJG7nPkDB8 Qbj8YUz/qRuzq3whnyyZNX4UayNa5shou3t3cWevON0u8AHVijQrVpi7wkGPqHVS +HgOW4HughF0N7WAGQQP7OdbtRY= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-24T14:20:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-24T14:20:46Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "2816" uid: fbdf15bb-91e9-44a7-9528-22f4d5045797 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-24T14:20:33Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"5f654859-b787-442e-a5f0-098e49089de4"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-24T14:20:33Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5f654859-b787-442e-a5f0-098e49089de4 resourceVersion: "2410" uid: e1df15a7-9e73-44f2-9f09-60faf3c6971f - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIbco3+Hkcer0wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NzA0MDY1OTAe Fw0yNjA0MjQxNDI0MThaFw0yODA2MjIxNDI0MTlaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzcwNDA2NTkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrk1EBaloaMsoXjcVOBufxgb3uu4oqVpet sf/uhSE4l4K/tnhajNBdfb9AtbGnDdTf7HOumaWETKpMkBRjnwzt3OzETq/mEWMM 1KqTaCyR4AdwAaA5wQxqr5hjcjzsyy9c1ytLDgL0+4FipLJB5LV3QbegWOB04KFC Im6/6Bz5MSOx6RuaHl6jqwcTZ5YkXrvB0S5EAYTQx7DlB2UZlw7oQTKM2jiHHofJ U+xw5uNZNIsRpzSOxmUu+o4E8/kDHSqtm3agNQU6eiEN/k6RR7xZOc9vakKv/5Fh F2V1U4zeq8GRP3ROjscnT4EylhJST3lwhIgzzrta5AGCTB+I2KtJAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVGVHV ykooga44DqoBt5YZXRa0HzAfBgNVHSMEGDAWgBTVGVHVykooga44DqoBt5YZXRa0 HzANBgkqhkiG9w0BAQsFAAOCAQEAUqUgLyaKHk/gO/BvdyNx7Bktj3O1KVrdGnzn URFnEwYfPhh7tEhCGNVP0ikJMQKWPi73Yt1ZLIxZWIwyOW57HcplPtrBkAYIWatZ AfO3SvlMyB1dGRB5zvr9ZNX4Inx30mmBfdzyNRESN3GzfsAJCGSMOUdJuy8H10YB DYDQDK9NqabCqrOvC78Kcgz+ottQfbPIBiLm0H6fjn/6VzOzJuNycvWBYlHfoDJK YRU9/Os1sVyj26HT1qWIqXPUmTXZ/kujTHIOwqm20BsMzJjNCwChrA+wOtAYks5H JCgNJNkrUBMf8GP+HP7fALfqpawf3RbHPNz0Cb5rGz/BCRyDbg== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-04-24T14:31:35Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-04-24T14:31:35Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "12852" uid: ec68f7a3-720a-4e07-9372-472abf15f148 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIbco3+Hkcer0wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NzA0MDY1OTAe Fw0yNjA0MjQxNDI0MThaFw0yODA2MjIxNDI0MTlaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzcwNDA2NTkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrk1EBaloaMsoXjcVOBufxgb3uu4oqVpet sf/uhSE4l4K/tnhajNBdfb9AtbGnDdTf7HOumaWETKpMkBRjnwzt3OzETq/mEWMM 1KqTaCyR4AdwAaA5wQxqr5hjcjzsyy9c1ytLDgL0+4FipLJB5LV3QbegWOB04KFC Im6/6Bz5MSOx6RuaHl6jqwcTZ5YkXrvB0S5EAYTQx7DlB2UZlw7oQTKM2jiHHofJ U+xw5uNZNIsRpzSOxmUu+o4E8/kDHSqtm3agNQU6eiEN/k6RR7xZOc9vakKv/5Fh F2V1U4zeq8GRP3ROjscnT4EylhJST3lwhIgzzrta5AGCTB+I2KtJAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVGVHV ykooga44DqoBt5YZXRa0HzAfBgNVHSMEGDAWgBTVGVHVykooga44DqoBt5YZXRa0 HzANBgkqhkiG9w0BAQsFAAOCAQEAUqUgLyaKHk/gO/BvdyNx7Bktj3O1KVrdGnzn URFnEwYfPhh7tEhCGNVP0ikJMQKWPi73Yt1ZLIxZWIwyOW57HcplPtrBkAYIWatZ AfO3SvlMyB1dGRB5zvr9ZNX4Inx30mmBfdzyNRESN3GzfsAJCGSMOUdJuy8H10YB DYDQDK9NqabCqrOvC78Kcgz+ottQfbPIBiLm0H6fjn/6VzOzJuNycvWBYlHfoDJK YRU9/Os1sVyj26HT1qWIqXPUmTXZ/kujTHIOwqm20BsMzJjNCwChrA+wOtAYks5H JCgNJNkrUBMf8GP+HP7fALfqpawf3RbHPNz0Cb5rGz/BCRyDbg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-24T14:20:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-24T14:20:46Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-24T14:24:31Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "7390" uid: cfc65533-9f23-426e-931b-d6573c57e51f - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-24T14:20:33Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"5f654859-b787-442e-a5f0-098e49089de4"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-24T14:20:33Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 5f654859-b787-442e-a5f0-098e49089de4 resourceVersion: "2405" uid: 0d56b3e2-7174-4b8b-b729-dc25232f9323 kind: ConfigMapList metadata: resourceVersion: "41786"