--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T16:28:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"9f2cdf8d-dfe9-4644-8514-a40257515408"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T16:28:27Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 9f2cdf8d-dfe9-4644-8514-a40257515408 resourceVersion: "2596" uid: 15c8518f-b252-4bff-800a-26bc79f561ff - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T16:28:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-17T16:28:27Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2588" uid: fde7ff4b-97ca-49a5-b89e-f6fc63ebdc3d - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T16:28:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"9f2cdf8d-dfe9-4644-8514-a40257515408"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T16:28:27Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 9f2cdf8d-dfe9-4644-8514-a40257515408 resourceVersion: "2587" uid: 605989a5-72e5-4beb-847e-51c1f10cd6a4 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIbD51hG95eEAwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNzE2MjQzNFoX DTM2MDQxNDE2MjQzNFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7d0QQsquqRKH lw7NTYhz0bpKw60cxgckJ47RTm69UBnKevX/PZO9XxvqyqrOPQ4G7kneF1/Azcg/ i9HW2VMCMLO384BmroN2KtTghFsPAcf8jnABHX2W7s3TWJmdhJNFVz3d341smmPU dEYcC7dcHB0u9kPHW37yUknbngCpR40b+VknqKOWEXk6pvw+IqC5YUz7X48+eYL4 XGfq3FFR3ISq0IuYDwCks+1jdu6ZEV+VOagEeJDFOIhNdQNpk9D/0919Hlx7n7PP xIkIJtnm5M7I56jMIscMgcCdghd77CdV9ayTCQiL7raPa2hl5wyNiWT/sECXZ73/ hEoX9nA8mQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRA78Z7NPF0Uhga2GPexycVVirZxaSiZQ4A4TbFSB6ER98XvJzO DJNbrrxI78zMz2ABpexFv0u1WfaGdWJzsvaunjANBgkqhkiG9w0BAQsFAAOCAQEA vAWNr8LeP4vIHVc8GExrepLUdpHdlmly88nTNAITwqK1ZXkzOkw0SNecGPBh5izb h+Ra/Ab5MY+6yEF7yUc+Jiy7JTOLoZcjuxDEeeXxMRNvf/YIsosbxkyGM52r+Rmg hmYmCEHpPIF96m3rP/+TCT75qxV0d3891ZKqnY1Yh0tfpXhT/GnJdlREB8n6rKYE 1S9edV7aIgH4xv47SyDRgHuXOgw33laL3rl6JRSvFDaf26zihYaoRATNWsy/poBH gI1O8ncXmLlLSD52N+9xwb4hGdBs5n8Dnmmmv5vhiqluvPJHtRf3dbkTj1j6CxFL osgxhjL4HHPbmWQbeE441Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIY/e9MsGQYI4wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNzE2MjUwN1oX DTI3MDQxNzE2MjUwN1owMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB APKtyXFfLUfWdfPsiJYLlIdT3Cs1R8nYazUUV6qCNlj9/sdNrm5rex5rLEtWc2a9 lNdS1ZZ60IcPGyoNNRPnfb28yh+avgMfanICiSaf+4W/Pnrd0+1H8aRxKKWl7n1q SbIe8M3cz9gmFW4L60/mTBuk0XKdQssQtHEpGZ9BfFF3wtrWpHxvwaim3tSqSFPq bukY49slXYAHKLrRl3zqubCaUz3VLa500l7GnPyl74Ah14NlFvfXGq+zr2yjQIaA C1iuOSGmLZMAEEN6YJRnu4ByIt3aCqNEu2G9AjjIPEApL4pfpR+zLoiQVAnRqtbT vmzPK6TWsvOw3gGPE/S9H4kCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAOGZ2YJtt4grCIBPxOsZDJsB1d0e8j5NV2xTR57+FyegYSlTY0kjVQK3U bYdH827c8MO0NFklXVl8RIuF5FvcjDBLBgNVHSMERDBCgEDvxns08XRSGBrYY97H JxVWKtnFpKJlDgDhNsVIHoRH3xe8nM4Mk1uuvEjvzMzPYAGl7EW/S7VZ9oZ1YnOy 9q6eMEsGA1UdEQREMEKCQCouYXBwcy5mN2U3NDY2NS00MmVhLTQ1MzItYWQ0Yy1l OGRjNmQwNWVkZTQucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBADmWgc7lRUSFwbvf+lLMRCFvMDpFOKtPd2Y2T/dOMxBAk+TyrRus//5yV+25 TMnsWOQFSjXeCymWAKiJOszJOEnVW4Ur25rn4LXU/U5KtXGFAyunTvIm7cqKN38o sUsnsfb6HXXZmZj2r/NUDhjFTsg+zD+YTOXxZtCTDLgnC/ToiKPm+rGfPoi/tSyb 7DHszTOcXx4G058kJ++hnM1YEydueD73cYqns+y42M6pdFwaXa1GfMTVQ2Lkfs9K HrEhUt55I2Zva6NUS8Vxk3AhFPyOzS4JmhEEGkxqjYF3V7lB+o4iPPkZFfkiANZx gT4xg+lw5QEWmCzjPz1/BqhtQfU= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-17T16:28:36Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-17T16:28:36Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3880" uid: d6c02135-d95c-4fe8-b264-b1f5ee48775f - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-17T16:28:28Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"9f2cdf8d-dfe9-4644-8514-a40257515408"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T16:28:28Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 9f2cdf8d-dfe9-4644-8514-a40257515408 resourceVersion: "2610" uid: edef3e23-e308-45a0-9414-9acce48fd6da - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIN2iL3cDDYXcwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjQ0MzUyNTAe Fw0yNjA0MTcxNjMyMDRaFw0yODA2MTUxNjMyMDVaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY0NDM1MjUwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5tk2rQJYypw8mrhQdS2lTDHsdAfEkTeSr Lk0peE5BE8zbBeYy9Bm4ms95UGxjDfIIOVt0JxE+PWKXuuOeIkJUpFsV0M0KLM1I riC/1qKHN7es3pkIWtXpU4+54AnJWmkZErx28R5op6rNGlsBkL9tK9XOzeZAAJBT OmeojJ4CgD3l+iB/+BNgmeRIHr4k3UcJ7m1RYpNI9I/OwqLVyESbo/K8kwnNBi0M fTcdRVcvsaxXjMcxQxkkJmG8j66bMXRnbnJjeHHdXM6iens9CCwljXbfEUHhWe9I moL+waFOsBuLN/gUNq9XC4t7J8VLxNhTtz6IJrEaT9Qu3tO/hdFHAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRmokqF /EXqjf9aCMpgXny9odx/szAfBgNVHSMEGDAWgBRmokqF/EXqjf9aCMpgXny9odx/ szANBgkqhkiG9w0BAQsFAAOCAQEA7OrMQux0Ov0Khru4lw1fB7JvufUQkAsrn2ws SsTiYAXM9QGx7Svgk4UcWQX1WR7Z5e+qgXDT1i37RVWZVd5CrqgF0qllr7ZQR861 cCsn3jUPLQnwI214j7wuIgrfHOvYSqNSizWx2speUyEzjiHBFEugd2hACyKXLERr nN4n1qI2NwPbSF0I1KurkiLUb48kg8lBLTlh9nyHtE/II43McamSHezpUrK4Qu2P zh6C73s1weN+JrMCuncP7zOsNJRIBBJdyYumv+cuY7kwRiqWBa3KFi71Mf+t4kiR +HTV2Rrt+sWRFWjl5cAKfiIfI8uDSmguFdXFNzUZ1SBmWRPiXw== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-04-17T16:39:27Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-04-17T16:39:27Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "12993" uid: 1311c6d6-1776-4e3e-a457-7b4f94aacd61 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIN2iL3cDDYXcwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjQ0MzUyNTAe Fw0yNjA0MTcxNjMyMDRaFw0yODA2MTUxNjMyMDVaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY0NDM1MjUwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5tk2rQJYypw8mrhQdS2lTDHsdAfEkTeSr Lk0peE5BE8zbBeYy9Bm4ms95UGxjDfIIOVt0JxE+PWKXuuOeIkJUpFsV0M0KLM1I riC/1qKHN7es3pkIWtXpU4+54AnJWmkZErx28R5op6rNGlsBkL9tK9XOzeZAAJBT OmeojJ4CgD3l+iB/+BNgmeRIHr4k3UcJ7m1RYpNI9I/OwqLVyESbo/K8kwnNBi0M fTcdRVcvsaxXjMcxQxkkJmG8j66bMXRnbnJjeHHdXM6iens9CCwljXbfEUHhWe9I moL+waFOsBuLN/gUNq9XC4t7J8VLxNhTtz6IJrEaT9Qu3tO/hdFHAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRmokqF /EXqjf9aCMpgXny9odx/szAfBgNVHSMEGDAWgBRmokqF/EXqjf9aCMpgXny9odx/ szANBgkqhkiG9w0BAQsFAAOCAQEA7OrMQux0Ov0Khru4lw1fB7JvufUQkAsrn2ws SsTiYAXM9QGx7Svgk4UcWQX1WR7Z5e+qgXDT1i37RVWZVd5CrqgF0qllr7ZQR861 cCsn3jUPLQnwI214j7wuIgrfHOvYSqNSizWx2speUyEzjiHBFEugd2hACyKXLERr nN4n1qI2NwPbSF0I1KurkiLUb48kg8lBLTlh9nyHtE/II43McamSHezpUrK4Qu2P zh6C73s1weN+JrMCuncP7zOsNJRIBBJdyYumv+cuY7kwRiqWBa3KFi71Mf+t4kiR +HTV2Rrt+sWRFWjl5cAKfiIfI8uDSmguFdXFNzUZ1SBmWRPiXw== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-17T16:28:36Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-17T16:28:36Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-17T16:32:17Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "7898" uid: 513fd6d4-9704-4d74-87a5-4903f2fcd70e - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-17T16:28:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"9f2cdf8d-dfe9-4644-8514-a40257515408"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T16:28:27Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 9f2cdf8d-dfe9-4644-8514-a40257515408 resourceVersion: "2601" uid: a96a5d07-f3f5-46c9-bebd-810867b7ce65 kind: ConfigMapList metadata: resourceVersion: "21092"