--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-11T13:04:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"29a9b4d2-6df9-4a34-9fe9-79f5645c85dd"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T13:04:10Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 29a9b4d2-6df9-4a34-9fe9-79f5645c85dd resourceVersion: "2318" uid: 7e0819c2-b29e-42c5-b349-c90787cd8e60 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-11T13:04:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-11T13:04:10Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2308" uid: 59e91085-50a1-4865-8d4e-a19bd8f33ee6 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-11T13:04:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"29a9b4d2-6df9-4a34-9fe9-79f5645c85dd"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T13:04:10Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 29a9b4d2-6df9-4a34-9fe9-79f5645c85dd resourceVersion: "2307" uid: 97896ba5-c36d-4553-9790-0c10fe3e38cd - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIINuMgjvYLOeUwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMTEzMDEzOFoX DTM2MDYwODEzMDEzOFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoOCyrI+HcO0 fJs3Xj4MqGxvRPR3V+ttP8tJG85yFkWrBP05crsyubbJPXwf9OjVeSKtAQZbO7wE 3AuGYaL0KRJTaTwjjpGH6hvtuqYLdkH92L7RxsNjLh6+nmU5yO34OzYALGY2k8rU Jhf3mFi8YP++ZSTBox8O73fhgWVTiDwiUUIpQ9plkF6MdZeHlqUbRpD9EV1tnfze WGD++UFpcovNmytnohnp7TWfiu84OM1ROPD/A3eaXOYcJ8HnQDPZNwQJK05wHT96 u5q1MR4GwAadSSTli/b9DZEBRQRBcoLQA/hoExyAMBIcOppm4rtqlICsy03IlRV6 MnmJo0iv6wIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRA7/ixW1ijiiRwrxxdOrJhYE29tJjiVpvf/5MweLmWAbI/naXf L4VLyo3T2pPQFJHdDL6OrorYk4bp1b73V7d4TDANBgkqhkiG9w0BAQsFAAOCAQEA Blqd1/uJ9QwAkmbhUy9RA44eLZjhV5mz0U/psWNkHIlq5F7Mah6MtsmfqfXYFK5x JecMvteaoJuCUKZD1cn0oc1vZZc40OIKCODJqY9U54sJVhBd7DSWmAuhugtLahL7 MCkw20PlpAiVMx6XDhCKOtAgqjVep7IYQdZ91y1OJ4UjLVdNXZPhYvQ6MmCEDyus UbWxrjz0bqyu4G+b957otB25Pb30OkaWdzqMXr7kfA3PihMBSynoI/zsuNJ0dia3 EchpXeE44iogPvGAp2inib9Eo3w/34Z3PfiZrLtq/meY0kzG+iKEPf7h20B3Fp9g LVXONhiEGSdf+RuUeYogXQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIf/+yiSoLANcwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYxMTEzMDIxOVoX DTI3MDYxMTEzMDIxOVowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AOZNitVbFaD1iNwMUFhdCTM5inq5h9p2xhesa4wfXnnzcEpO+9mvUrIbRin1gOq1 6AEj4JmiGW3OdBHH+21cXAxG8HzmzOVy1Etid00ZJyfoA4YJI2mXJiPg6ylvO9Zn LwDENtIpv8MIzGbPSUFN/lvq5Uj9ApRG/zJYNWgZyUyAskpt5YFuuOwL081dOmmX AxF8XEdWMuBBFS26C6k+4Y7369p2/hOexWYYCsrug741dDlojBDBsqd/DQDft/gK 7ZOf4AuZWic8d773EbQ0iYBgDUkSQbnwqOAPha8X7Yj2plppYyrwYEKJZCKIf4Sd Yzdxu4/S1tociZLW/NjkicsCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAwNzsbTRs3R2z4ykJ7eThsNYjzp0ElI22e7qUGYbTM7TdeahhenVNP8Jt X9HgmHTu4dplb8LQEI39VB2kuXVqwDBLBgNVHSMERDBCgEDv+LFbWKOKJHCvHF06 smFgTb20mOJWm9//kzB4uZYBsj+dpd8vhUvKjdPak9AUkd0Mvo6uitiThunVvvdX t3hMMEsGA1UdEQREMEKCQCouYXBwcy5hZjY2MGUyYy02ZDIyLTQ1ZjgtYWQ1NS0z M2M0MWM5MDAxMTQucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAFTNNchf5+Okse8sr8iXTnWsRm6bVZ2dUlOL2cpmjq9eloNBayVEkaD/y0SF dKvYZYHBPl+K6/jvvCAZ/usq5egoHAq3heS6AgWj0PGUtqMsppg9c6k5OARjJ6Fy lp5VguumvTo6Q3C9HY26ePC9VflyIDJslXaEDIyJxM080KW4UjzUg+q5z2wMvhRF 7bz0kn5wbWJ+9VDecMTNqpSaITVCb3GjmSUT5L2HTs6if4T+/D0UwLauD+oaRfdB PXHZ0ivkNnFcMxg8nhQRKynOrPg++WnHKpex8kJ+JiRwBmxBgCT1cAipLOPBlE+/ Di918VrlAHzKr3bm2a+HOT1yfg8= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-11T13:04:07Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-11T13:05:06Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4480" uid: 9d8d221d-a5a3-4369-b818-c2fa95063463 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-11T13:04:11Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"29a9b4d2-6df9-4a34-9fe9-79f5645c85dd"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T13:04:11Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 29a9b4d2-6df9-4a34-9fe9-79f5645c85dd resourceVersion: "2343" uid: ea44908f-8809-43b2-8cf6-7bc4883198e2 - apiVersion: v1 data: cabundle.crt: |- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIHwhqVglGe1IwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTE4MzQ4MDAe Fw0yNjA2MTExMzExMTlaFw0yODA4MDkxMzExMjBaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODExODM0ODAwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQzIEODP6Uy1cVOJU6h+QkTek4XRe+8KgO ocj/ukUTsCTb3JbNywt/pIECHXysGSxS/eFkfH3mu4YJ7fjKrLgRIDQjS38Vrpqi fTXtw3A73ZWOId2fb737somCsHNBoIMzyag0IrCzJfzg08jR7h1HCb3kWK8fwo+F D7PzY1dGhooHtGfxprLEtSwfe1qRZqiiY/lj3i+Q9VUfaBuAKAZ/yl38VAE6L0bI ar4evPzG9LdGME0P7ityEDykaXbgesGRGEhuiVXnW9n/sVp81e0wjPlNwnmc+ysr V0WB5O564OC5qA6mTa9/nXKxhYh/JykT+iLxyCrahM3dDho4WStbAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTlolmL 0dLhVxEWqni+wc+p8jSyCjAfBgNVHSMEGDAWgBTlolmL0dLhVxEWqni+wc+p8jSy CjANBgkqhkiG9w0BAQsFAAOCAQEAaus9kevEnv8Ep5/08OFGm1GtTAKfNfGyK+5j 7Yato9t7nTMXrsSkN6NM4V3x7VO/BmfwtE5xcufdG4O6piKUyIfj5yueXRGre26Q AZdjxWiXmQVFpe3LafTeqPAKi+yyy5kIZY/EjX197VXjCiZjf628W6WR5TMlqfWg 4PBdRLSpOdmuB4hnOCBawsMSob30J/BlDtSnFv3SICRWqgoyy3j3XN5/EP/1W03j JBQi129DQj8+EuozYtgWXg7gXyd9rbrdygCrkXSTOZnEa3mdGMOVm1MRXpSaoB77 ttnG0Nye8KfZQW96pq6aRorsf6YTzWcYZberTfzkxavGcbwQlw== -----END CERTIFICATE----- kind: ConfigMap metadata: creationTimestamp: "2026-06-11T13:16:42Z" labels: opendatahub.io/managed: "true" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cabundle.crt: {} f:metadata: f:labels: .: {} f:opendatahub.io/managed: {} manager: manager operation: Update time: "2026-06-11T13:16:42Z" name: odh-kserve-custom-ca-bundle namespace: openshift-multus resourceVersion: "14842" uid: 949fe6e1-7381-4962-9135-f78a24024bd7 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIHwhqVglGe1IwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTE4MzQ4MDAe Fw0yNjA2MTExMzExMTlaFw0yODA4MDkxMzExMjBaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODExODM0ODAwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQzIEODP6Uy1cVOJU6h+QkTek4XRe+8KgO ocj/ukUTsCTb3JbNywt/pIECHXysGSxS/eFkfH3mu4YJ7fjKrLgRIDQjS38Vrpqi fTXtw3A73ZWOId2fb737somCsHNBoIMzyag0IrCzJfzg08jR7h1HCb3kWK8fwo+F D7PzY1dGhooHtGfxprLEtSwfe1qRZqiiY/lj3i+Q9VUfaBuAKAZ/yl38VAE6L0bI ar4evPzG9LdGME0P7ityEDykaXbgesGRGEhuiVXnW9n/sVp81e0wjPlNwnmc+ysr V0WB5O564OC5qA6mTa9/nXKxhYh/JykT+iLxyCrahM3dDho4WStbAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTlolmL 0dLhVxEWqni+wc+p8jSyCjAfBgNVHSMEGDAWgBTlolmL0dLhVxEWqni+wc+p8jSy CjANBgkqhkiG9w0BAQsFAAOCAQEAaus9kevEnv8Ep5/08OFGm1GtTAKfNfGyK+5j 7Yato9t7nTMXrsSkN6NM4V3x7VO/BmfwtE5xcufdG4O6piKUyIfj5yueXRGre26Q AZdjxWiXmQVFpe3LafTeqPAKi+yyy5kIZY/EjX197VXjCiZjf628W6WR5TMlqfWg 4PBdRLSpOdmuB4hnOCBawsMSob30J/BlDtSnFv3SICRWqgoyy3j3XN5/EP/1W03j JBQi129DQj8+EuozYtgWXg7gXyd9rbrdygCrkXSTOZnEa3mdGMOVm1MRXpSaoB77 ttnG0Nye8KfZQW96pq6aRorsf6YTzWcYZberTfzkxavGcbwQlw== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-11T13:04:07Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-11T13:04:07Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-11T13:11:34Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8011" uid: 4b99b6fc-0734-48d0-8ea7-88de3f09a5a0 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-11T13:04:11Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"29a9b4d2-6df9-4a34-9fe9-79f5645c85dd"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-11T13:04:11Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 29a9b4d2-6df9-4a34-9fe9-79f5645c85dd resourceVersion: "2324" uid: 330c4c65-3bbd-4974-8c22-058305a08a4f kind: ConfigMapList metadata: resourceVersion: "51111"