--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.23 creationTimestamp: "2026-05-28T20:48:15Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"aeab2d27-f754-40ac-a7b9-286436785054"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-28T20:48:15Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: aeab2d27-f754-40ac-a7b9-286436785054 resourceVersion: "2397" uid: 255e476f-80f6-4121-93e6-6d351eb8c299 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.23 creationTimestamp: "2026-05-28T20:48:15Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-05-28T20:48:15Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2391" uid: cad42983-ca6e-446a-b99f-172a161a57da - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.23 creationTimestamp: "2026-05-28T20:48:15Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"aeab2d27-f754-40ac-a7b9-286436785054"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-28T20:48:15Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: aeab2d27-f754-40ac-a7b9-286436785054 resourceVersion: "2390" uid: f8faf32f-5280-46c6-afb7-3c458427aca0 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIc+GMLb6Q2jgwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDUyODIwNDYxNFoX DTM2MDUyNTIwNDYxNFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG+zQt/torL3 2sQ6T5kavRjIboP10hi1Nj9cVgjgVSL0ToMvTxlOYe5m9OsSznpIOk2BfDvnY23U 5rfBkv6AD4CFogCgh6k2CZq/E3jG71YHwN36mCl7vz2aBVbSd1IFStbIhSnCLSb3 DxjrZj0Szz3XEVXLmvyawWjAQf/vcxttko381EB1XH8DRJldW97CvNLDGodAjupi D+DHW3M97+bc1lBbVnDAATBfeDrZ8ohsODKgdcw4KdkvwzSWhHyh2ej+hasRfHMP OO20JXRCCwg/KgpQNCs854OdFS/dAyxiN/a5reggc54u67s3GDNvKm6zUZKMYIMK +4ePcZfGCwIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAvx1HiG3w7yGFmLDnPn5f5lefL9htaSIzRQW/zx5Q1RFAZrQ9 G7APzS2cLv8+SW0QGMNoYjGDr5fv96eoyT0TpzANBgkqhkiG9w0BAQsFAAOCAQEA OwHsxOUEbsB8Q2welSFHe3cQC2iX9yCX3l45t5W2zN4aKEl5ZhCXfkV3RW7puOdB rOZse19FZ0oLQH9k8iYwke4kfn7gvB9VHyXSrhtShvKDAYQqVwKqZtyrantfu7C3 qwkfV9f1jxQO1BErBMF14kTS4+VWc7lO7EQ7IC0osTLqMrp92egZehOqeTZO81s3 FxThcR3pRNdVtgXvESHnapyjLYKqGl5qFXWb9J1G+7F3e2f6gaQo8vakbDjF5rIl FvnSJbTI1QzBmC88LyBnRKB9NxMna7Jow0s/j3Uy63rIivdQBUOZ2VU9cZevlfjW Yz9Rg6G6pYkRPoL2eBb7Rw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIOI4L5ug874gwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDUyODIwNDYzNFoX DTI3MDUyODIwNDYzNFowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALKKw1JnbmFNYVWcmuBsZwrqRW2PoFe+d/1zlWIKvoxCxoK03N4d8AXr9yWlHLU4 ljPduIHuw/2AxZXOq7M31MwvtEYmWcIwpl/cmnkTVmKR3PeFRX9GdPaQWFH7x5UG qA1IQW46HIyJVURJA1H0iwXkfwdF9vOluJb5gcixRQLy7J8fGPmh4nChDWga8Pym t8H52J7qd8qxPqTC7EGQSSRwd2ArOLqmJ6wQBy9INBH4Ac64aRe4FuEDLL9LC3p+ hcM5T/v4prdDkHe6FEMpfpLDbb8aauwZE0bkX/ptom223CwVYz/DN6wWztseNuwP VS9onYKX4H/wFj0iHkERNGUCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAAsGaKWLDySeETqrSbplbTbYBYkqKtxvGBFdb2map+ULO3PswB22kG14Y an8Ae6M6M1tlg6eWaA52DhGsPby5uDBLBgNVHSMERDBCgEC/HUeIbfDvIYWYsOc+ fl/mV58v2G1pIjNFBb/PHlDVEUBmtD0bsA/NLZwu/z5JbRAYw2hiMYOvl+/3p6jJ PROnMEsGA1UdEQREMEKCQCouYXBwcy4xMmY5NzdhYi0zNjFmLTQxYWMtOGFiOC05 NWQzZjg5MzE0MDcucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAK5/WDPJj4XnmWpcHuJlL+ovlFoccHNLAIZ4nF3icOnz91Mv/0Z0MK8qy6fr 2hxw3pXlEdQh4ON3XntrtBdFoIJLnb9zcsEc+yPvexCanEGW3tzNNT433MGVfwpb K1lwPcHzIK1xBU0YuSqusGnE+El8OIJ/H/Q3z9akuwXl4XAsyyhr0X1Qua6NQjk/ YEWhYsrPgIU7X1E91tfGa8fZEAhZetoUciG+JxwSdB9R84W1xXxfZ2OiwyTYTqWQ rnQLimgWzD3EMwimGc7jq0U8AJWvLaiZPiBVYvhl5EYAZhIocZBatXef8SWmvMyA +6K7IfHAQ7bN25ZKavoKnGqeQ5E= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-05-28T20:48:31Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-05-28T20:48:31Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3688" uid: f013fbcd-c221-44c3-b42d-46671f167e29 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-05-28T20:48:16Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"aeab2d27-f754-40ac-a7b9-286436785054"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-28T20:48:16Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: aeab2d27-f754-40ac-a7b9-286436785054 resourceVersion: "2406" uid: 296e40bd-330f-48ce-a3a2-d24d56f91b32 - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIICy2WxIePY8IwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDAwMTY0NDAe Fw0yNjA1MjgyMDU0MDNaFw0yODA3MjYyMDU0MDRaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODAwMDE2NDQwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9/QmDNIeaDA7A5/5u0gxoJ7/shQLwIIlX CCVYWk+IRy0N7J7uQvhIBjft6WeeZwInEeIFAqGQqH+Ac70K3ifBEiU4UBHaGQHj etTDU1fKRmoXoIW2rRjUTnZnIrS9njzuknMS5M0eGJhR/Wxz1et0E1s7TQWJDCaX OIVsVQ6vH34DJFJLv2d66yvffsrLGWiEYu+V8f41G6tvo0+6HInspELdYiwLqito ru+y1vdfoL0hU8Hq3yQTivUwijmRWaOzEyE2DxgeKBYG+mRjs7Ah48SqUXUspezK +A25Hu554ZSMtKr21s6vdxlfof7Zuys9aj2JvzogLvOH2wZ8Izj7AgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQVXLpS BCup9hzm2ysBr4ANTWMOyTAfBgNVHSMEGDAWgBQVXLpSBCup9hzm2ysBr4ANTWMO yTANBgkqhkiG9w0BAQsFAAOCAQEAd3N1v5AtwyiHJ376IkLxFWx59RpIbbTowGFe a7j3LlOMXnsQBFrx7pNSNPv5RhUx4oB58AuiUZUJtBEFR46MHEsQ+o6/0kwV4H7w sMUjledRPvL26Mig1OvyxccHh+9HSAtARtoZt1fahr6lvvCXZzjws7daJOID1Hw/ SMWCYg7mdkRj0jtCNPq9SqQte9tliAkdRiXICujlzeE9wJ2RqLxvdhDH2lM8yviY 9vtjXQaCFqHzsZxJYihOz7sqLTlklZ5MpnfI8mhxwbzZCp3Xhk9uewjluvf1URXW FFi1RWxfLhRmVhYzoHXvyR+E/+xnzKds4EPsTgEpxbp4K5WAcw== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-05-28T21:00:28Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-05-28T21:00:28Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "15365" uid: 93ce8177-0b73-4198-b312-e4795244c15f - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIICy2WxIePY8IwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDAwMTY0NDAe Fw0yNjA1MjgyMDU0MDNaFw0yODA3MjYyMDU0MDRaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODAwMDE2NDQwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9/QmDNIeaDA7A5/5u0gxoJ7/shQLwIIlX CCVYWk+IRy0N7J7uQvhIBjft6WeeZwInEeIFAqGQqH+Ac70K3ifBEiU4UBHaGQHj etTDU1fKRmoXoIW2rRjUTnZnIrS9njzuknMS5M0eGJhR/Wxz1et0E1s7TQWJDCaX OIVsVQ6vH34DJFJLv2d66yvffsrLGWiEYu+V8f41G6tvo0+6HInspELdYiwLqito ru+y1vdfoL0hU8Hq3yQTivUwijmRWaOzEyE2DxgeKBYG+mRjs7Ah48SqUXUspezK +A25Hu554ZSMtKr21s6vdxlfof7Zuys9aj2JvzogLvOH2wZ8Izj7AgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQVXLpS BCup9hzm2ysBr4ANTWMOyTAfBgNVHSMEGDAWgBQVXLpSBCup9hzm2ysBr4ANTWMO yTANBgkqhkiG9w0BAQsFAAOCAQEAd3N1v5AtwyiHJ376IkLxFWx59RpIbbTowGFe a7j3LlOMXnsQBFrx7pNSNPv5RhUx4oB58AuiUZUJtBEFR46MHEsQ+o6/0kwV4H7w sMUjledRPvL26Mig1OvyxccHh+9HSAtARtoZt1fahr6lvvCXZzjws7daJOID1Hw/ SMWCYg7mdkRj0jtCNPq9SqQte9tliAkdRiXICujlzeE9wJ2RqLxvdhDH2lM8yviY 9vtjXQaCFqHzsZxJYihOz7sqLTlklZ5MpnfI8mhxwbzZCp3Xhk9uewjluvf1URXW FFi1RWxfLhRmVhYzoHXvyR+E/+xnzKds4EPsTgEpxbp4K5WAcw== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-05-28T20:48:31Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-05-28T20:48:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-05-28T20:54:17Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8035" uid: 00d895bf-f8d0-407b-88f3-97845cfec357 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-05-28T20:48:15Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"aeab2d27-f754-40ac-a7b9-286436785054"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-05-28T20:48:15Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: aeab2d27-f754-40ac-a7b9-286436785054 resourceVersion: "2402" uid: d7a24505-9506-468f-a879-aabff7b1ccb0 kind: ConfigMapList metadata: resourceVersion: "48904"