--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-14T14:48:39Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"088ff015-17d4-431e-b8d8-d27e0f90c563"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-14T14:48:39Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 088ff015-17d4-431e-b8d8-d27e0f90c563 resourceVersion: "2225" uid: 3e8bfb33-de05-435f-8404-dc71f4ed76d0 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-14T14:48:39Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-14T14:48:39Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2222" uid: 57710297-90cb-42d9-97ff-a76fd196cec1 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-14T14:48:39Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"088ff015-17d4-431e-b8d8-d27e0f90c563"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-14T14:48:39Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 088ff015-17d4-431e-b8d8-d27e0f90c563 resourceVersion: "2221" uid: cfac919c-e65c-4ec2-b929-d530d60e8080 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIVb6aM4IvABYwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxNDE0NDYyNloX DTM2MDYxMTE0NDYyNlowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmBQyPq5Yyzr ePGh+Eno8rdtgYR6M3dRZI6bYp7oBKrxbA8KRJNLtbenRF9TEryUuNTgTSvLHbmo epXQHPXA/KxXJc0W6bHtUo4FEmRNxAJzHVxAFvnxggFse89M9EKn4uIkkA5aI+c2 QOm4kb/kxKOZ2mFz6JZTnv7o1XHtkMzg7BYPvRc9UOu5kdpfnZ2eJ/ENEcKwdw++ sRuFV7tuZceh8BlRbw75y5zSP76WAsLvWdrnuo00yHzKqt+Ru7bX2yCw9BY5hXf8 0VRxpRUEYhDbkKBsvoQhTlt/84uHIgjyR5aC+t0ZpDWIFRjg/Q8aNFGZMNGlR2bn 3snBWkx9cwIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAOSLQvysa6/FuoA/7LXER64DsJeaUqrDl4dGalz4fbJcwvWOr HhSUQDSO3OwerZuxcuEJ9qv3V2+L9qm8fHK+jTANBgkqhkiG9w0BAQsFAAOCAQEA f1w5aQZHxuJQjOusqUae3yXTKd5MqqabW0EN4X/YNLf3glu7Wym9Q9aaVd/dtxO7 7wGgBkoxKY0VtnFZMV3Bxtk5mV5JAGItdHSrZJT/TkN563MrVJMXoBJlJ+CfFCWy YcrRpJir49VIeeR0s46RpiBGrHaJrQeuJIVkadD3mZvLZDpKYBorqJ7JlpgOXgmH JUs+fG5eGJQ4SNPffpKeTnH9+i86I3fZ1fecRs/1UFUWG11efvhntBcnqkKoYYRe R1372Av8PY50Jb2ZbDjVRLDSZko9ukMZw9bFMWKfFy0XJTN1xcSuzoexC5IHBN22 IwN5LmuFN73uBVgxyKRFnw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIdeTtWdXJBmgwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxNDE0NDY1OFoX DTI3MDYxNDE0NDY1OFowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALFUYkmQmU808tqG1VUZ3aqOnoKM1mOjS4/RraPUzxpgh3QIL7rSHuWgmKAh3Owh tdtAoWOjjutz/+bPFBYPiocna4lxnyAEV27PEmnPOe16c76TwO+a/1DN4kXAQnVd +dyUFTgGSAy2rjHIicM6EbIKNgGBrnWrZbuIm07Pr+zTA79lInEZCpoGVJm2ueRZ evZGnM6tyx8fpFEW5sJ4nS48iJW5PBC17/+uZcxwC56hCd8y+ztb7c4Z3dT/y5QM TOUipNTxgswj/dV+ax3N8+ttyzO6qtkS4H+Oe+Psg4lnzQ6i6W6wbL6rzsvhz3MM I2CxAu2AoEd30+ACxbX5p7kCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAwsGqSDFpyrttnUCZdZq1A857IOQe39K0PcU5hJbirCBt9CNnPHQ0hNiB yRP+l9FT/iTde2G5EYcbIWKt7zH5UTBLBgNVHSMERDBCgEA5ItC/Kxrr8W6gD/st cRHrgOwl5pSqsOXh0ZqXPh9slzC9Y6seFJRANI7c7B6tm7Fy4Qn2q/dXb4v2qbx8 cr6NMEsGA1UdEQREMEKCQCouYXBwcy5hOTgyYmEyMS1jYjBkLTRlZjktYTIwYS0y ZGI2OWQ5YjEzZTEucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAAgb6neumPYSMjpLvIXdyFzDhB8BirTPJSq1XK80pAUsCO/Es3dHjF4kog5T +7/4mKbVbAaRPwnXtMGsm64cc+lNG7huo0smUvX8fRrN+oGvDqwN7/kV8L5QO6MH +IIR4sATLq4oc4x9UbVixPJ/yo/nDop0d/q04pvFdfpARAG9MzPs57xXXk3Ym3oQ 9zTu+kOWx7H3FyZorcLRkDMbCHp05ovqNAKDsYXoDmFPgYoHARZHpEuUIlI4Ew6K 081hJtz0KAB65F1iQwJPFoP2sYSOyWhN7PiiAECukxgVhq1ZnPkXjN/dN6skJtOi o5TAPJG4FnoYdtLjNE+1ELmuHM4= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-14T14:48:54Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-14T14:48:54Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "2731" uid: dc5c90a1-a6f8-42de-a534-1ae0eb919b81 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-14T14:48:40Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"088ff015-17d4-431e-b8d8-d27e0f90c563"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-14T14:48:40Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 088ff015-17d4-431e-b8d8-d27e0f90c563 resourceVersion: "2230" uid: e4275768-004b-47b9-9d87-2b03148ff76e - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIK07Pgf+L6I0wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTQ0OTE0MDAe Fw0yNjA2MTQxNDU4NTlaFw0yODA4MTIxNDU5MDBaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODE0NDkxNDAwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4AMUSiGG7S2G3ZU5a71P+3/x0ZKg6TEZP Hyu7POlgdJ/kvG7iG9IyoRIUQMVRdu7cK4f7CSBzRgr7qfsi1dp27l5NgBAHFF+J /OWa3FjizOYOGjPN1ulMHQee6yqdU5jyHPRlEa4iLCpPKkM2xAKnxetEMju3pUkh fm7atL8LSOAC84VkDmOiOpey+oF0mtORjkYJK29snSxRQhfeycbLIgonTwiY/xVQ EVhK7fMMOzwB2CCdneQm6zF+ua+5RNODVF53h/tr2j2W9SBBgCUSqgKzE+8Xo/jF hEifplnPsxQRwVT+XuUdbwHpeu3gPPLka1gik0qvrqDh07flLSx3AgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT5HqVh WiX9ASoZzsQYYZ4arDav+DAfBgNVHSMEGDAWgBT5HqVhWiX9ASoZzsQYYZ4arDav +DANBgkqhkiG9w0BAQsFAAOCAQEAqyiaViDZKXX4B1HcalSnQF1bO1phyTxelRJW QgkY/mVPosQcadGoikcll3HYesUXqAPxknejM9RTqtxO0m5clpmt4IPtcu2yrZhn S5sHO62UndiBjJ9HIHUynzUJbow6cdKqJ2cIamSwLUtiTjlQ82syP6DJq/MZAIHC t2ySCh+cj7luioDONqptVIHTyoBv8uRttqETi4AhrWqPiCZJhUmXvwcMENkwMeiG QdeSABmHNKZORawC3ydykq9I832IlFsWKOmwip94jAPcCUDZoOHzjL9VqdxOUEyK CB7RE9ZnyTMbAwmsuW908HUtnhl7wIpGRvD+NkSkjayMReKXJg== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-06-14T15:04:43Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-06-14T15:04:43Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "16188" uid: 1b7a1866-3284-4526-a12c-e81a3261fa11 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIK07Pgf+L6I0wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTQ0OTE0MDAe Fw0yNjA2MTQxNDU4NTlaFw0yODA4MTIxNDU5MDBaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODE0NDkxNDAwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4AMUSiGG7S2G3ZU5a71P+3/x0ZKg6TEZP Hyu7POlgdJ/kvG7iG9IyoRIUQMVRdu7cK4f7CSBzRgr7qfsi1dp27l5NgBAHFF+J /OWa3FjizOYOGjPN1ulMHQee6yqdU5jyHPRlEa4iLCpPKkM2xAKnxetEMju3pUkh fm7atL8LSOAC84VkDmOiOpey+oF0mtORjkYJK29snSxRQhfeycbLIgonTwiY/xVQ EVhK7fMMOzwB2CCdneQm6zF+ua+5RNODVF53h/tr2j2W9SBBgCUSqgKzE+8Xo/jF hEifplnPsxQRwVT+XuUdbwHpeu3gPPLka1gik0qvrqDh07flLSx3AgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT5HqVh WiX9ASoZzsQYYZ4arDav+DAfBgNVHSMEGDAWgBT5HqVhWiX9ASoZzsQYYZ4arDav +DANBgkqhkiG9w0BAQsFAAOCAQEAqyiaViDZKXX4B1HcalSnQF1bO1phyTxelRJW QgkY/mVPosQcadGoikcll3HYesUXqAPxknejM9RTqtxO0m5clpmt4IPtcu2yrZhn S5sHO62UndiBjJ9HIHUynzUJbow6cdKqJ2cIamSwLUtiTjlQ82syP6DJq/MZAIHC t2ySCh+cj7luioDONqptVIHTyoBv8uRttqETi4AhrWqPiCZJhUmXvwcMENkwMeiG QdeSABmHNKZORawC3ydykq9I832IlFsWKOmwip94jAPcCUDZoOHzjL9VqdxOUEyK CB7RE9ZnyTMbAwmsuW908HUtnhl7wIpGRvD+NkSkjayMReKXJg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-14T14:48:54Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-14T14:48:54Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-14T14:59:13Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9235" uid: 7e1604c7-ad4c-492f-92aa-71d920ed8ab7 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-14T14:48:39Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"088ff015-17d4-431e-b8d8-d27e0f90c563"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-14T14:48:39Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 088ff015-17d4-431e-b8d8-d27e0f90c563 resourceVersion: "2228" uid: d580dfde-71f0-4782-97bb-0be42a85923b kind: ConfigMapList metadata: resourceVersion: "51691"