--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.18 creationTimestamp: "2026-06-03T22:43:40Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"7754649e-e513-4000-8d92-68fd9067cd42"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-03T22:43:40Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 7754649e-e513-4000-8d92-68fd9067cd42 resourceVersion: "2280" uid: 79bc968c-617f-4378-8e81-41d9cbbdc7ad - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.18 creationTimestamp: "2026-06-03T22:43:40Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-03T22:43:40Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2278" uid: ea78033e-4a83-4d3b-84e2-89dd97cca4ac - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.18 creationTimestamp: "2026-06-03T22:43:40Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"7754649e-e513-4000-8d92-68fd9067cd42"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-03T22:43:40Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 7754649e-e513-4000-8d92-68fd9067cd42 resourceVersion: "2277" uid: bf29d976-a37d-47ff-9b09-bc37faddbcb6 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIKAhKebyfTu8wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwMzIyNDEyMFoX DTM2MDUzMTIyNDEyMFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvX43bRXh2QHi tzFPoFtZSztAduHZ4hd3ZQISU/lXVUQG/EIdffieD2ITRdmYH3z2iXyyjbnV5AOo YfsEC8uOweaY2QksQMAIcuHEALkpt1LoNOdA7acJRIejs1vvXH2Nq12tZNrJ3+Gq 0fuqlZPir5S19kBau/8/ave/rFQbXDcywJQY9xXjfkzo55zYtJfFQw7fQLpSg60q n06u2eNG3l1LxLM7w4qP3Dnc1DThivFCbm7/YviplbzpFZ0bKbck3+oU5GSPYK/Y yMT2emCg35pd/Vl4JV0WwSklrfZMGog4Wx0H3UTatTN+nSTvXoKoqRB7xiwGBDMq wmwKOy+wZQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRA2eIavxbr+C0bFxiPZZRj+i/36y5reR/dLjR1HzgSSBMWe8ys +GyyAuQSOSLHs0loltYBuRmQZKQwr64xCQHKOTANBgkqhkiG9w0BAQsFAAOCAQEA i4dt7SQSDGVXnnO86cW6n4VPOnSbFyzjtatj4VN/kFuT2Z21l74PRFIgC+ZBjghC PVeE720MPjRIBjg2y9ePJ08x4dtq3V8mwqZ6DO5VP0Y9KjXhWitBZzZIDeWrIh4w JNcGiE4REkr220B6uX8fc4qFPS7AygLQi/Oh3cfROSXn0Y47MhVZ8afshogPO12p gQK9YOE7gXVzEJ6svpyNKnTvc9PPi8W6H+BL8N5qGTid+Spx1vsp3dDIau1SCtve I4XQGFIbHHtNdvnVike9PRNyiqWYFpS1eyOYZzB5TbE84fIMuWFjMgvHgf2ANGp+ z566BrerJ9AlMl3qAryu5A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIBjS4Q8Chr0AwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwMzIyNDE1OFoX DTI3MDYwMzIyNDE1OFowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AKeWN47HoMRXYodEYHQ6ZPd55Ibc1xoTCIKIoqn/vYgG/BI3IprG+EtemBZjDHM9 1oSDzoCIoEfq0IaSEE6y939win9N/v4jf2AEfxItx0akkSHcZGiNOEZtyciakc9c /Tpl//ze7445na81R1iWP6beQNsZ4DRNYrvSvrc/V126vUDgffTBThJTEPyVrHbC 12OxeuUr5W8RfVMspgqssXHm4++pUJ1aH4NMo3ep9sI2qTdJImxhy2TaXCMisoPo CDEIWl6T/o9T9uslQ/rWUYokUv78ik/W/jP8Yu52t1D9Mdopv/4Mnp6XsKmoLwBc 339lNe36zkhIII70td2qZ3ECAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRA8sOrqMCngz2PQGDPk5Ymdh93GnOQrNrlvl0Rftgw28lpIx9v7QIIgif1 abb8oybIa8OWJNp+PvpRrJnfbS+rEjBLBgNVHSMERDBCgEDZ4hq/Fuv4LRsXGI9l lGP6L/frLmt5H90uNHUfOBJIExZ7zKz4bLIC5BI5IsezSWiW1gG5GZBkpDCvrjEJ Aco5MEsGA1UdEQREMEKCQCouYXBwcy5lNjA4NGQ0OS03NThlLTRlN2UtYTUyOC1j NmE0YzQ5NzY0ZTkucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBACAXLngHaIrGpWP4pIN72Y2HesHxMU6nvly9W1/Bp6XJ22gMTPK9u32kGQvU GWWRDbzE9EoRso73T6+9z30o5tPC2KEjrReDiLXNBzTr27rhli6BT/ChH50B7rLx y6v01iLMPMWDC+FCcWwSfTn8vSeAhVXjWaR+a03MeRLXONdCNRjOwRJSDdYoxyOC V8pdS+JcH59PQp0GCPrry7zWww5T5I8QkmHI3nq5ZWhJFjv2NJ+mtBXfMsh1piIq Os8uKn+6GIh2wz76csPP5iB0deCufJcNIk6oqa03ce0/qcRXwsPcNbE0zrhTl0Yv xpSlcogiOFrsKWB96dv3HD2B6OQ= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-03T22:43:54Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-03T22:43:54Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3056" uid: 47be308c-1483-44dc-a51c-a60463f2de99 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-03T22:43:41Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"7754649e-e513-4000-8d92-68fd9067cd42"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-03T22:43:41Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 7754649e-e513-4000-8d92-68fd9067cd42 resourceVersion: "2284" uid: 4fd160b1-e9ac-4006-bac9-115423aa58a0 - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIINQw8VOj9CXIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDUyNzI0MDAe Fw0yNjA2MDMyMjUzNTlaFw0yODA4MDEyMjU0MDBaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODA1MjcyNDAwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHguCypCBeB4EbAR9rbCDo+LH0/ruBqknG CTsqItzXu8ZajqsPCSLtoaX3Q9RqYJPcDazOJ9rKFT+YS/yOq5H0IzDiFbV4+CNk 4qcGeMzTdsKe/Kt/q/YSjLBeJvkOjFSZrjQOdYZCMzCTNDLWWwGQGJH98NNBP1Gd caIbJjXQ8ojlwMKmkW0SvnKl/8dTpeKJj7qVLqkOXuswdkB3Hsh1zhMK8IFIvT4U W+v1Wzh2VKJOvT5avap/3LUXzoIIiISSRAeOOvquhqOQZwuHC46WY+b++fVpZKMy 3qBkIausV6NTHsmu+PUdXTlPWcXmReNb0u0FVVt5eDQMJ1BBVS/VAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQZS1Ia TKEWOPmVev+Q8snpOw1DtDAfBgNVHSMEGDAWgBQZS1IaTKEWOPmVev+Q8snpOw1D tDANBgkqhkiG9w0BAQsFAAOCAQEARW3kcmXPnqsY4Aasl+L6I//GQ96nMCcLKbEu SfO0xZBNqDOvOyCENnIvmHV5bEqbhl4htqhpVY4Kehjn6Afj1tFGD3jOayvbhPqV GW4wSE0Q4OHfe7MpMWU057n2dSEe43dxsBJJq+OY5f5kJxguaijv6/S7kHIxGLBF XVcnGvCiOoOJQpyq/dv6iVPCXOq7m/hy23TPoZ40A02nYLZevoj1tJIcyhIwYWCy 6y+mLzlGTb8+zUP99206N9ML9QuIfSioe+JBtkCme1dh+lOUS+3LJWTVjNAPbLyP M6DyX+aqrGklQsmB4DrPJZTKpQK3DXvulihxdHS+STbRm3WSjQ== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-06-03T22:59:35Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-06-03T22:59:35Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "15781" uid: 63a90afe-df8d-46fa-9317-0f5402f1ca93 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIINQw8VOj9CXIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDUyNzI0MDAe Fw0yNjA2MDMyMjUzNTlaFw0yODA4MDEyMjU0MDBaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODA1MjcyNDAwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHguCypCBeB4EbAR9rbCDo+LH0/ruBqknG CTsqItzXu8ZajqsPCSLtoaX3Q9RqYJPcDazOJ9rKFT+YS/yOq5H0IzDiFbV4+CNk 4qcGeMzTdsKe/Kt/q/YSjLBeJvkOjFSZrjQOdYZCMzCTNDLWWwGQGJH98NNBP1Gd caIbJjXQ8ojlwMKmkW0SvnKl/8dTpeKJj7qVLqkOXuswdkB3Hsh1zhMK8IFIvT4U W+v1Wzh2VKJOvT5avap/3LUXzoIIiISSRAeOOvquhqOQZwuHC46WY+b++fVpZKMy 3qBkIausV6NTHsmu+PUdXTlPWcXmReNb0u0FVVt5eDQMJ1BBVS/VAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQZS1Ia TKEWOPmVev+Q8snpOw1DtDAfBgNVHSMEGDAWgBQZS1IaTKEWOPmVev+Q8snpOw1D tDANBgkqhkiG9w0BAQsFAAOCAQEARW3kcmXPnqsY4Aasl+L6I//GQ96nMCcLKbEu SfO0xZBNqDOvOyCENnIvmHV5bEqbhl4htqhpVY4Kehjn6Afj1tFGD3jOayvbhPqV GW4wSE0Q4OHfe7MpMWU057n2dSEe43dxsBJJq+OY5f5kJxguaijv6/S7kHIxGLBF XVcnGvCiOoOJQpyq/dv6iVPCXOq7m/hy23TPoZ40A02nYLZevoj1tJIcyhIwYWCy 6y+mLzlGTb8+zUP99206N9ML9QuIfSioe+JBtkCme1dh+lOUS+3LJWTVjNAPbLyP M6DyX+aqrGklQsmB4DrPJZTKpQK3DXvulihxdHS+STbRm3WSjQ== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-03T22:43:54Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-03T22:43:54Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-03T22:54:14Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9131" uid: 787ced42-49f0-476e-b96f-f5f71734310f - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-03T22:43:40Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"7754649e-e513-4000-8d92-68fd9067cd42"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-03T22:43:40Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 7754649e-e513-4000-8d92-68fd9067cd42 resourceVersion: "2282" uid: 1daefe13-5e19-4419-9113-b8b92dcf949c kind: ConfigMapList metadata: resourceVersion: "53127"