--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-16T23:22:16Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"2ca23f93-6436-4cc7-8553-4332833ebb44"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-16T23:22:16Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 2ca23f93-6436-4cc7-8553-4332833ebb44 resourceVersion: "2264" uid: fa33db2f-31ee-4b74-9beb-d3bfa6dea621 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-16T23:22:16Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-16T23:22:16Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2261" uid: 01c91681-612f-466a-9bb9-f81761bc56a9 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-16T23:22:16Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"2ca23f93-6436-4cc7-8553-4332833ebb44"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-16T23:22:16Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 2ca23f93-6436-4cc7-8553-4332833ebb44 resourceVersion: "2260" uid: 42d0f6c4-324a-428a-ae58-ec16650871a4 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIPU6iFtimW54wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNjIzMjAyM1oX DTM2MDQxMzIzMjAyM1owJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgrXu2Q/N/fF eeJNgq5PO0SlgiRSSap+xZxexE3bSnF/eo9usFAnKr5rkfspNgncvDFnXuO4xAjU NF39Rh+nt8DKoIzAxDoaPH7rYuWn96dsduOCajSD71jM/aHVDsA8NoTUFu914kGX IXtT7MwxfqFvxVOHDPRzZhfjSYNTjEuHDQDYpD/lh6du6aTsM4bwQHjtwsBQt5fi MehpJpRsEtl2765zLZVrxWj7kt+Quz85iao/Y/Jfeo9gfcEHcnfM+3k/LdB47G5D B7EmFt35RmaHmuNWuaw39lC8cSLrCk4TroGQW3JFfJ8SOAsuehvgqjaKifEH5S1z DF5ZA5Jv2wIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRADj+BiXAq5aSSXgRA+bKpisO+49hdTC/+05tovzOhIXexeNyk APnpOSvvShLYor39YAMa0zT5SpqwEDw/noZtbDANBgkqhkiG9w0BAQsFAAOCAQEA BwnuBEMSFgSmtS2sCvcE28PdLCoYgzM6HHzwgH00Xb276lgWULw2WXPFQ4XYcYeH kDdcl/gf1EO2X0q/GveRbsEZZNLdacQRAmcIDVz+uaVdvCe3fWPv0YJjDkvSzJxZ Kw00kkOzeqXfyKgiVHWSzz2NLLrWmZdriF31UqoI8eo0YuZeJQIvLNmpveVmSH5Y WSazaWHaf5DUhOi2JWLFyms306jTINjhw9LTw3zCMoYn+/1kJksSRl6/tuf2dr1E EkON+3kzZ3e8kTdRPxYNFF+CaImaT4rKkJvZQoYa96yS5T6e1/g6O2gzaDbUSgb8 mFV9JcwyDhS5T+28e9xjcw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIOjGDDdmxn0gwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNjIzMjA0NVoX DTI3MDQxNjIzMjA0NVowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMrMjuYivXAPCpSRwv81Gd7GqPaNy68JzUiLVzm5NaRhVH0dWoDkFaH/92/w7bMx f9T/7j12+ziFayXmR6tIOZGrMJYUnlTMILvmPN5/auU61oJV5gTWDE86spimokGI u691witEjDZxbwUaeV4upR3++qS3zxmquvv7Ie2ox6pkybyh8+7GY1IjP9qqf0C+ 2HVMpbKoGIRx1FBqKhYdT4X7l44IrO9kKZblUn6t4h4MkTLUYIDNwTmAr7wKXq9a ihVFrZHGSqqsAsDXFDGyKSTnljZQPK/mLEN/A8wrrbgMr0CUqXHOMNtn4vIQLYL8 Qj4tokdkSdyWPebG8l2r0U8CAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAjki2zp1b0fIrZNqVad5OT2mOQfNV3VMsjRTUkhe2ouwShnlGTlDXm4Ym PskCWDE6PqEi1IB+lgfjybq5aJbjszBLBgNVHSMERDBCgEAOP4GJcCrlpJJeBED5 sqmKw77j2F1ML/7Tm2i/M6Ehd7F43KQA+ek5K+9KEtiivf1gAxrTNPlKmrAQPD+e hm1sMEsGA1UdEQREMEKCQCouYXBwcy4wNzJkZGU5My0xOTZhLTQyZDctYjEzOS0w NTcwMzQ1MjQ2NWYucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBADE4N8s8VQ8XF/Mt5/FQLYoq5yAH40ZoK2ZMc7xSOjueeI0WL2gBCGk1eXy1 ghc7U1xAazer+Sgey35UXQR+oHX7E3Rh2QrMyyQfKysgE3YBa1DAzAIuY0xbzIiu 2wQTWfTYLNAmDFb+u46tBaZ+FwYqy9SgIC6lYf1Dko48x6k/UgccV2lUzRq6cMXv xD4wdCRa/UEOkqRINuXjwEg6TgVGvgzAVdST34mZ65iW6Qz2hm1g/bOqNCxpf7DO WbUtK3H8UYXJonEjhva3FBT7IwZNsbJfU0oTZzpq3WdcDbEJ3lQwonhLOoHy3BYH AwDHAeuml0In8JRNWvmiLYNcbsU= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-16T23:22:31Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-16T23:22:31Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3381" uid: 73872806-88b4-4a7b-a64c-2dbc70531cd5 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-16T23:22:17Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"2ca23f93-6436-4cc7-8553-4332833ebb44"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-16T23:22:17Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 2ca23f93-6436-4cc7-8553-4332833ebb44 resourceVersion: "2267" uid: 3f466869-cd46-45f4-9f3c-557b401c9f7b - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIIJBM1aPRlRcwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjM4MjA5NDAe Fw0yNjA0MTYyMzI4MTNaFw0yODA2MTQyMzI4MTRaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzYzODIwOTQwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpo9+Xi4IokVNKU7my6FknG3Xnw3vcrSpY 6zVnWQj7WsHqj6/ZsimBa4mCJHI+Yn6ofd6aPg5ylvLAENKBw1Op81vib73UVLIZ eo+sLkIYFFSx+wn8ATP18ELEngyCILekpw919PwF/bcv0rZX55bjSwknpinAfQ6u +8wmbFkkVpPs5cHyRb5ATXeyGUBk0fdPtWDn34Wm6XnkjOPn3lQNdNdR5S7noB2N DVK0F321qqEZHDKBgi3/vb44kUzqT+jHqISbLv2vNyaPYke+jrOmKsvjZHUalW4b 0otz7b9b7QwP8Mo3SMeO9s7zOlOin8s+FfLTsSGBOjMLZfdZdtETAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSsFHHH aPTfBeiSj1hnPoAZ00JdkTAfBgNVHSMEGDAWgBSsFHHHaPTfBeiSj1hnPoAZ00Jd kTANBgkqhkiG9w0BAQsFAAOCAQEAaGCbNnKwc+T1UlhxZVL803tAd1d45gJVGtWW CTM58j22TsR0Ye4W02s04YhbUIYGVEclKsEvvf9lzjk7ju7mLaKTUIu46gDLqlu6 nsWTOnfG74e54X666//JkRyPLXfs4IADWsBqmI3fHRh2vkyBm6aI2RiCWzt3YjAN FCIn7AK3WsWCaIduDYBE6pXrCQz0bDZzLYbId9JgSCEDqhtmnzJqZpz37AjPffJo 2xS1rSMm9F89bRroIH7o6CMaUUIk66sPpbmYR0VDwFHZwk33zVwXM13hMn+hJWE2 I5b0GKL6y7MokqjlP2TtRa6URId+O/I9rEv+otC2Fz0lxWzyGQ== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-04-16T23:32:53Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-04-16T23:32:53Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "15205" uid: 7b127e05-8b20-4899-a1f7-872b10e634a1 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIIJBM1aPRlRcwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjM4MjA5NDAe Fw0yNjA0MTYyMzI4MTNaFw0yODA2MTQyMzI4MTRaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzYzODIwOTQwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpo9+Xi4IokVNKU7my6FknG3Xnw3vcrSpY 6zVnWQj7WsHqj6/ZsimBa4mCJHI+Yn6ofd6aPg5ylvLAENKBw1Op81vib73UVLIZ eo+sLkIYFFSx+wn8ATP18ELEngyCILekpw919PwF/bcv0rZX55bjSwknpinAfQ6u +8wmbFkkVpPs5cHyRb5ATXeyGUBk0fdPtWDn34Wm6XnkjOPn3lQNdNdR5S7noB2N DVK0F321qqEZHDKBgi3/vb44kUzqT+jHqISbLv2vNyaPYke+jrOmKsvjZHUalW4b 0otz7b9b7QwP8Mo3SMeO9s7zOlOin8s+FfLTsSGBOjMLZfdZdtETAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSsFHHH aPTfBeiSj1hnPoAZ00JdkTAfBgNVHSMEGDAWgBSsFHHHaPTfBeiSj1hnPoAZ00Jd kTANBgkqhkiG9w0BAQsFAAOCAQEAaGCbNnKwc+T1UlhxZVL803tAd1d45gJVGtWW CTM58j22TsR0Ye4W02s04YhbUIYGVEclKsEvvf9lzjk7ju7mLaKTUIu46gDLqlu6 nsWTOnfG74e54X666//JkRyPLXfs4IADWsBqmI3fHRh2vkyBm6aI2RiCWzt3YjAN FCIn7AK3WsWCaIduDYBE6pXrCQz0bDZzLYbId9JgSCEDqhtmnzJqZpz37AjPffJo 2xS1rSMm9F89bRroIH7o6CMaUUIk66sPpbmYR0VDwFHZwk33zVwXM13hMn+hJWE2 I5b0GKL6y7MokqjlP2TtRa6URId+O/I9rEv+otC2Fz0lxWzyGQ== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-16T23:22:31Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-16T23:22:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-16T23:28:26Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8165" uid: ab494121-fd91-469c-8ed6-9480b407e095 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-16T23:22:17Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"2ca23f93-6436-4cc7-8553-4332833ebb44"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-16T23:22:17Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 2ca23f93-6436-4cc7-8553-4332833ebb44 resourceVersion: "2266" uid: accb40ea-4df0-4d85-9bf3-3f1342888642 kind: ConfigMapList metadata: resourceVersion: "46506"