--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-22T21:05:21Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"e9a10894-4774-446f-99bb-b5b7e85f8279"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-22T21:05:21Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: e9a10894-4774-446f-99bb-b5b7e85f8279 resourceVersion: "2296" uid: ff107792-612f-4dc1-9907-b6e84629217f - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-22T21:05:21Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-22T21:05:21Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2289" uid: 3c93f350-a299-467b-8fba-6879f7d5f85e - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-22T21:05:21Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"e9a10894-4774-446f-99bb-b5b7e85f8279"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-22T21:05:21Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: e9a10894-4774-446f-99bb-b5b7e85f8279 resourceVersion: "2288" uid: f7bc51e8-443b-43eb-b7ef-d03028968cfb - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIOBEwUZQ9MOEwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQyMjIxMDMxOFoX DTM2MDQxOTIxMDMxOFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHRFvkB/6cpk xYfCJ3NmMwiQCBIrMMy654DJTwW4jD9eygUt11uQeMtBz1geaMjbevv2O6nO3GUu OwHaS77S1NAdtXlOU87Vtju6cRhXoSEbqsi2A8O6aRJbt180fLHgOfZvLiNhnAnz RC9DzG6kwu4vpnU7iFoLXUJYqMECNhWC+p8HuFEbOP6KZ0mUrv2gG8UCc4SonKln SQgKNQgUQ2TEviKkYtBZhnkIpHoxY7bKRTMN8POAlcXGymXMHEt0JHtmYPyeDr+M qbIM3FVm6g7Pt/0DQky6G1yF1u0FYqACsx9tqREBuaXXb/tu4XZ+XEfM+JFKqAu8 F2em3AIRnQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRA2ATAWrXSNIiIZ3+ZSu1wkEXJoEbrAwbBMB1gZPo4OCS5q5YG HFtYf0v30sVRPsaF99W1BYOlggc1UYwCBc+BODANBgkqhkiG9w0BAQsFAAOCAQEA mY+GnBLHBaXbXQbGwD8dbfNT7txPWeezja79NSlo7Mw7uasF8C+JUzseeU5NLEkB 6+MHyKFOd0x+0HCBsQkEv157WZiC+gzBbVTYVwQH4mlMBjRDjUl0TpPciad+EBLX o7T8P2/wJbOXLcPW5QZat0FfIEAqCjagVZwvtSGZi/NFB/1hu25TJ+73kMCFjKnW vJEud6Kt+6sDq0DNaMA4P2+E2eakT/4YfTQNS+77sL7bAcXHOyHyo0j4yKs4CRLD OMVIa9sse8Un1HZ0Pig5mJjeIQ7IDuIBPmfDJhvqywHyrYope9UQew3cHcNJv97u +uGiqZF6LPQldgNPlrn5Qg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIZcpypk+gxa4wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQyMjIxMDM0NFoX DTI3MDQyMjIxMDM0NFowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALmaKXz+9ivgSP84HPCP+8I8pnB/t1hegsKe7f+2Wfl1H/im6d7Q7HJ+oMGMDS5o 2gAwh1h4ICc3tX2CorO8nYgExeqfLbjTQyMSHmZOuKO3aitnxtABwMRMUgdmHNPD ljL/XPqAtEaoeqIgHqEu8nK0MJhS/XPsVjgwNi9jiLvnXwKajUKY8b2LZclPlcjV DXby3IQe/Qfj86PQcWBDu5oGLmH6D1dutGarJr/TYTDJ5K40q8hYASFA/S4rJRJQ 8aTADJfvQS1LRZR9pVoohqJzgVNbP0nu6OeFLUbh/Xr6L5H2RV98tD2glaE3QFyU VWu5Pb2NxwmR/yJ/mjyqDuUCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRA/FibgEt5P4bjnbq+3Pt0mVAopsO1AFstKQcLfy3mQutCdemIGBQ+M5E2 kNosOOHUNGB10nl4UZbK4v9zGibBmTBLBgNVHSMERDBCgEDYBMBatdI0iIhnf5lK 7XCQRcmgRusDBsEwHWBk+jg4JLmrlgYcW1h/S/fSxVE+xoX31bUFg6WCBzVRjAIF z4E4MEsGA1UdEQREMEKCQCouYXBwcy44MDMxMzkzYy00YjgyLTQxZGUtODUyNi1i YTc3ZmM1ZWY4ODUucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAI5ahlJTWwokOOIgSx6XQReHWtgTnks+Fgu4IDe3OZg1Ud//GKKIVbRgog9k kA06NG20gdvfca/fal0Mz+2qT23glpvwJxkl6LIh24riiG4hgIWPpS/eDL5j7+Bq sLaMKsnl376eB1auJh2RDx5uPN8FqYJibZk8BMCln3EsNTanoz4qBQz8wS1bEiZg CkxgxL1q4fPSak1FlIYNKl8j0z9Pta/vIxtg7B4lHttiJZASC/jJHlAMvztV7/On YbQOUs1VPg7k+2b/wVWHPyAP1Rs+u+5vbtMV74tS849iq4cM1rpDwg06sTs+52FU N4C0w4gGfW3wsyihnOW057wj1pI= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-22T21:05:31Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-22T21:05:31Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "2635" uid: 875be106-6f55-4f3b-aaf7-b8cec18d4395 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-22T21:05:21Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"e9a10894-4774-446f-99bb-b5b7e85f8279"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-22T21:05:21Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: e9a10894-4774-446f-99bb-b5b7e85f8279 resourceVersion: "2301" uid: c280c802-c9b1-47c1-b69e-8cb869117e2d - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIYV48pO3K+GIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3Njg5MjI3NDAe Fw0yNjA0MjIyMTExMTRaFw0yODA2MjAyMTExMTVaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY4OTIyNzQwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg51NXNHnKDGVCSpjdBFO0Lo/QiJoFNIoX SspU+Lcb5TCTdb4ZWRmfzfL63mwJhnVrv1M1zC7VWbTHOWyI+O9JOX6JnctU5zUX 3eEWQd2H6DMMaamjMXmawotTwDpNlf0Z5ukTdpnAX2cuXP3FaaRrwvjw25HGEtB9 ouuH2FSCcLOzDuuCOjHeg1bnmb9x6CofHCJ2tayaguy0++izF2h/9WMn+9BQq9Wz +W5yLX/lulWjxhO+XAidvf+vjZnWmWoUSbk8CVknIhpgJYlfhE/UfOIrsytNQl8l j9/Apl9U5+z7ZxhhiT8AOd1ISxdLQRVtTUVrLY8iejol/IY9kaibAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRw09CI gL+RgjAw8xKHmuFYttrVtjAfBgNVHSMEGDAWgBRw09CIgL+RgjAw8xKHmuFYttrV tjANBgkqhkiG9w0BAQsFAAOCAQEABsa+rIFBPFU2kGB8zQsUGi/miGuwxJAnoeh/ JLALiW89u+fpUz7WvZ4u/B2L09zXnUpbkiia67N+Iv6UQHctn+p1e8QadRkLa3/a iS1+jvEDIUZdKEXWwHA2ivDRv0BfXBiuTfDgA+nV+z+4nzqr3HtsewuI0qyXo1X/ iYsc5nrVHWdoU2agzP4DVqJEwi0hTGGgNB0vkq3uEDlUxdm42bD6qFeYklxgDeKT E3gVfGrUx8nM9H/pGLM/lZKVTpfRIxxoReJbb0oSTTjY0bTwxCeu869UimrOW7V7 pu2ZnKRSzZ9e7GkmdxR0QfCHxjdqsMINOzTj+u1zzsBkLYz5Xw== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-04-22T21:16:54Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-04-22T21:16:54Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "15179" uid: 18796557-79f1-4606-99ce-2f6211827614 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIYV48pO3K+GIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3Njg5MjI3NDAe Fw0yNjA0MjIyMTExMTRaFw0yODA2MjAyMTExMTVaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY4OTIyNzQwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg51NXNHnKDGVCSpjdBFO0Lo/QiJoFNIoX SspU+Lcb5TCTdb4ZWRmfzfL63mwJhnVrv1M1zC7VWbTHOWyI+O9JOX6JnctU5zUX 3eEWQd2H6DMMaamjMXmawotTwDpNlf0Z5ukTdpnAX2cuXP3FaaRrwvjw25HGEtB9 ouuH2FSCcLOzDuuCOjHeg1bnmb9x6CofHCJ2tayaguy0++izF2h/9WMn+9BQq9Wz +W5yLX/lulWjxhO+XAidvf+vjZnWmWoUSbk8CVknIhpgJYlfhE/UfOIrsytNQl8l j9/Apl9U5+z7ZxhhiT8AOd1ISxdLQRVtTUVrLY8iejol/IY9kaibAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRw09CI gL+RgjAw8xKHmuFYttrVtjAfBgNVHSMEGDAWgBRw09CIgL+RgjAw8xKHmuFYttrV tjANBgkqhkiG9w0BAQsFAAOCAQEABsa+rIFBPFU2kGB8zQsUGi/miGuwxJAnoeh/ JLALiW89u+fpUz7WvZ4u/B2L09zXnUpbkiia67N+Iv6UQHctn+p1e8QadRkLa3/a iS1+jvEDIUZdKEXWwHA2ivDRv0BfXBiuTfDgA+nV+z+4nzqr3HtsewuI0qyXo1X/ iYsc5nrVHWdoU2agzP4DVqJEwi0hTGGgNB0vkq3uEDlUxdm42bD6qFeYklxgDeKT E3gVfGrUx8nM9H/pGLM/lZKVTpfRIxxoReJbb0oSTTjY0bTwxCeu869UimrOW7V7 pu2ZnKRSzZ9e7GkmdxR0QfCHxjdqsMINOzTj+u1zzsBkLYz5Xw== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-22T21:05:31Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-22T21:05:31Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-22T21:11:26Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8149" uid: 0ee5e8e9-3b1a-41b5-8722-58357315d3dc - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-22T21:05:21Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"e9a10894-4774-446f-99bb-b5b7e85f8279"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-22T21:05:21Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: e9a10894-4774-446f-99bb-b5b7e85f8279 resourceVersion: "2299" uid: 44800402-b210-4103-9ad7-f53c5fc5819c kind: ConfigMapList metadata: resourceVersion: "46572"