--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T18:45:02Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"88ea9c32-4212-4296-a3b3-0214a7f9876f"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T18:45:02Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 88ea9c32-4212-4296-a3b3-0214a7f9876f resourceVersion: "2921" uid: b1f406f0-0cf9-4f23-8d88-b3dd23594182 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T18:45:02Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-17T18:45:02Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2896" uid: 3579c105-4959-4f2d-a825-302f81b8577b - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T18:45:02Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"88ea9c32-4212-4296-a3b3-0214a7f9876f"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T18:45:02Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 88ea9c32-4212-4296-a3b3-0214a7f9876f resourceVersion: "2895" uid: a6f9e369-f53b-4798-9d90-a4badfba624b - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIdbqHVm5G0vcwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNzE4NDI0OVoX DTM2MDQxNDE4NDI0OVowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnu0+AwTKWlqu x2WC16IAXNFs+swUS4oWDLin6jZFYtqT3+tw1v1XitvaDQU+7aFX5NLHtQPxgcQh DFh9h7IFopmG4LgyTz3zLps8F810KP/K+10tZK2kGkllGpPpubUMDduQ88nRgfo/ wH+TxIOCgaCoUWtRgg+/nvDrkpoaWVODIBOwltA4YsD6q0Fs80awtXBbm+y3Vgpq 8I5Nlc1dvuEzulFmhm5m4F/4AHRy3CymZQhoTQk6j8zF6nyTp27+2Nke4rHwhabT LZ0kKN40+DAJOYHmGNsLgqTkChgEWm1KhBrgBZVw97V7yepjvfwsauJi4wFQYAWG XellIohFBQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAK8ndpdjx0yFfeAPvL5AXtYWqKUOrFIJVZE4OzPDy8Gk4ULrX E50lhAir2bnbpkwv/3XaDvP6sYJy/e9zeeU7KTANBgkqhkiG9w0BAQsFAAOCAQEA f0N0e65u4xAA4xJ0zX+HXrv0fZkqFgXItubQ8kNrbs1OSP9o0Mi0xZdOa/Pq+yUo JSQyMRE0pQKo1wSSqUp2JM91ci18fhbMFrR9lKgVk4ldX+aa9JGeV712frzyGh+J U+1YP32xuSDdm5SYirISTNFJOqOawysdzyrRTipgAN0JzYmo21o9BKWEc0v46ws0 +L2AcvrJJ6Q+7SPj6dT2Onn11G5Ly6RO1Sj6mptL8rM6ElFWXC3abcTkKTYpBEY/ M+TaTjzevIE/vB+EYbEhsPRYuR6NV09uiBoy3ew89qnms7hL/A88CZJyR9p0uPWL 6mD86MsCtrlA5UfjbmOOYA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIMQ1GkdOVFoYwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNzE4NDMxOVoX DTI3MDQxNzE4NDMxOVowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AJOPagxz10zMRJrRx8gp64lThva4TaQrbEZmpg5d/EyWlLjLwuXbEOUINVcbukzn jU+mTZ6nwVb+1RVaLyFaSTqcKwgbPbf21IkI6HfDROzgX3JkAEiPwL+hDYNgtgE3 Vuzgk/q0jiix8AqizmdroBkHfe9Mcdnxow9RHpzYXaWQ4ghok6B04uFZCIMPf9eT NNTKGZa5gRwtrfM/qtG+zSHwd/i+LRjxgzbOm0jDxw1UmdCZ00UpHOOYYHiurE2l CCO3ISxATrmS9dtdgmP4968q6FI5gJw09BnqDc42cEUdf+sbLQffhsBRK39q2653 6PQOGtWJHJZrmVBJxhrnoy0CAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAw8rhiGUZfYVRmhMhBaHcd8ZVikbRJ/+PjfckkjljKYx3M1NuN48Ftmw0 ek0pdZbLN7h9EPr16wvFjtwQHi+9rDBLBgNVHSMERDBCgEAryd2l2PHTIV94A+8v kBe1haopQ6sUglVkTg7M8PLwaThQutcTnSWECKvZudumTC//ddoO8/qxgnL973N5 5TspMEsGA1UdEQREMEKCQCouYXBwcy5mZDk4NGYzOS02ZjQ0LTRlYTAtYjMxNC05 N2FhODUyZGNmNGEucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAJ5V1WZxGoA9nkkJM9kQt7CDEOg5jSR2l//3G/RFDGqME8AqHog5CcVzcUhm Nr/swjzWiMKu7mRY0W405Vv6/b4zAYVw5ZKgViP8/eMn6pf2iheGPrXULX7kIej6 YYfuuDvWoPYI+T+qnRB4XumLguKTpHHfBN/EoDYqxHeZuMS45BWHu9o+r5jJVQ+7 py2yc2FAlQchRGrxigcpgamF+3x8LbTuaoLKkrsBAadei0tOwyz53w0UBU0NMI/7 tceOgGORfvVZ0AZ6ja2pXlE3d6Vl4/4GNy+WxRFtX/u5ObPyog4EvYbVp2jm2cnj AlUa/F9jDvsDS2TTJfbbxO3YE10= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-17T18:45:09Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-17T18:45:09Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3952" uid: 697bcbe3-3c7a-463e-93a0-48ff8519d68b - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-17T18:45:02Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"88ea9c32-4212-4296-a3b3-0214a7f9876f"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T18:45:02Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 88ea9c32-4212-4296-a3b3-0214a7f9876f resourceVersion: "2976" uid: 0b28bf1e-7554-45cf-ada5-084f285597b7 - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIHz+ZtuiscM8wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjQ1MTg0MzAe Fw0yNjA0MTcxODUwNDJaFw0yODA2MTUxODUwNDNaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY0NTE4NDMwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7tgYjbuUJRicZiY+6f8qK4oOkyJcWpHHS nG3cs+st4PQRpCatzmLuA4DmhIBf0eKRhIA8Rra+OmiHEMjtP7MWfcwL9s7s0gMn FHWxOOgJJyf1lPHDGEo8H/YYZJ95eD6RxWCY7dStjltRH1fx7GVyIgO12ee21ajp 7niYZrZN0zXr3bk048/t5fwM+naBQdhqDqQj4e8Wx6Vgk1QJBd6QUnlitJQ23+sE 9QZwc1836eiYPg8joVFTQ5gnEfsXjU67Z9WDBLM28z+C+p34AFXO0v5PJgrpbCEK pHV4+fiiteNveAUQJvt7AVMkiex2Rroj3pdy8fv665sMrvDiVOfxAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRDd2RQ JvS3kxngb2cxxHX0931qyzAfBgNVHSMEGDAWgBRDd2RQJvS3kxngb2cxxHX0931q yzANBgkqhkiG9w0BAQsFAAOCAQEASqXvXXNxb8g2qWR9YQUdYjFlqitGN4Rpbo8q VlUS0shPxLpkNzj1lFatRGPIby/F53CVpT9GLvjzYaScWpaBZspvq6nt6CmZjozg JS+b9OGlvWGUjaoi4L96VVEuQgZvH4QqeFa0BwohZoMwc75eC1bPUHl8RgZD2hkZ Ox2mQc9qi+2Vpoc1IP1iX2s+io/76K0TaqsLJCgnCHKaWy9p6+y5cZ41ZphQ7N+G giGmgpzPu+Aztm8xVb+Q7/cTuHYl38s/J8FHHdPlOzvON1lzk0Ttia2V4p9v5/0M O9B6M14tyzSYsUyhOfKHvEIG+/sa6/+UIjLvnUvSIgnIf/TbZQ== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-04-17T18:56:45Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-04-17T18:56:45Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "15786" uid: fb5782df-77b3-47a0-9728-6f0e26631dc9 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIHz+ZtuiscM8wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjQ1MTg0MzAe Fw0yNjA0MTcxODUwNDJaFw0yODA2MTUxODUwNDNaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY0NTE4NDMwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7tgYjbuUJRicZiY+6f8qK4oOkyJcWpHHS nG3cs+st4PQRpCatzmLuA4DmhIBf0eKRhIA8Rra+OmiHEMjtP7MWfcwL9s7s0gMn FHWxOOgJJyf1lPHDGEo8H/YYZJ95eD6RxWCY7dStjltRH1fx7GVyIgO12ee21ajp 7niYZrZN0zXr3bk048/t5fwM+naBQdhqDqQj4e8Wx6Vgk1QJBd6QUnlitJQ23+sE 9QZwc1836eiYPg8joVFTQ5gnEfsXjU67Z9WDBLM28z+C+p34AFXO0v5PJgrpbCEK pHV4+fiiteNveAUQJvt7AVMkiex2Rroj3pdy8fv665sMrvDiVOfxAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRDd2RQ JvS3kxngb2cxxHX0931qyzAfBgNVHSMEGDAWgBRDd2RQJvS3kxngb2cxxHX0931q yzANBgkqhkiG9w0BAQsFAAOCAQEASqXvXXNxb8g2qWR9YQUdYjFlqitGN4Rpbo8q VlUS0shPxLpkNzj1lFatRGPIby/F53CVpT9GLvjzYaScWpaBZspvq6nt6CmZjozg JS+b9OGlvWGUjaoi4L96VVEuQgZvH4QqeFa0BwohZoMwc75eC1bPUHl8RgZD2hkZ Ox2mQc9qi+2Vpoc1IP1iX2s+io/76K0TaqsLJCgnCHKaWy9p6+y5cZ41ZphQ7N+G giGmgpzPu+Aztm8xVb+Q7/cTuHYl38s/J8FHHdPlOzvON1lzk0Ttia2V4p9v5/0M O9B6M14tyzSYsUyhOfKHvEIG+/sa6/+UIjLvnUvSIgnIf/TbZQ== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-17T18:45:09Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-17T18:45:09Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-17T18:50:58Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8043" uid: 7fd58365-b24a-4e36-8d5a-34c451f99511 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-17T18:45:02Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"88ea9c32-4212-4296-a3b3-0214a7f9876f"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T18:45:02Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 88ea9c32-4212-4296-a3b3-0214a7f9876f resourceVersion: "2949" uid: add88cb7-96c0-431d-827a-c46337658bf6 kind: ConfigMapList metadata: resourceVersion: "46756"