--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T09:07:22Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"57bf6868-2b08-4d6e-a31b-a58a031a0087"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T09:07:22Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 57bf6868-2b08-4d6e-a31b-a58a031a0087 resourceVersion: "2375" uid: 58641ca6-e35d-41e0-b7d1-aa13ffdbc8d4 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T09:07:21Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-17T09:07:21Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2371" uid: aa2b9235-c8aa-4a74-9396-257d7e69a2ab - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T09:07:21Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"57bf6868-2b08-4d6e-a31b-a58a031a0087"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T09:07:21Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 57bf6868-2b08-4d6e-a31b-a58a031a0087 resourceVersion: "2370" uid: 3ba5729d-e3bb-4b40-82e8-3936a155885e - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIa5PA8X0iP+YwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNzA5MDUxOFoX DTM2MDQxNDA5MDUxOFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMYzxRuq6ark 5m/MBME53TyRui9Rl9zCNB8deqz0CgBZXM/Pbcv6Ne9EZddJZzPyB6cuQQylsYDB JjrBu44AaVeS0TffRZj/nQUQfRXlxB4HB2B9+WzIbp8nxhVNRkPiGYBNmcmBB5X7 eThTbA3e0tlUi9cAR+HUDSdDU67rP/bKZffyT5EmKo9ff8ZRzw61ctP4SaXbeMQU pPsihDtLj17zVSVWXx9N324kVM7puwcPXma7TZdlaGpEuEwftezUgwJZTLCpwcqm ZAzki2EAf1iha71JW1yVwKommC35iBhH/1k2IDvvVpLpU0DNQmSZvR7MJ+0Z99dF cNg9KlcuKQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRA0oE8kuUw7jDs3kdCW4N06qHDNifueSFYQwRy3hf8tZjCEfEF pILjvp+OUWkHFVsc5FdbWtIv27fXiWUPLsZuXDANBgkqhkiG9w0BAQsFAAOCAQEA clMpIUb13XDbEct4Znt5fBhpfwezwje5vPTM3AfEL4GD7/d0qfGiai9ChQb9PCPM 9Y9AOH7BKZrwtDIX2Aake6SFdIXWrTZiFta3Da3Tc+r0y6Y7m3dPP1ijXOzuKBMB x7/E2b32eV5W+ryhIyVvlZSYe3B2zLUaZdqhZL7ojI/F8jR2Pps8kMt86DDLMTEb L0CBU1Pi7ulzrpXOSdeF5TuB/1yQUe0QCN01676GM5kmV6+lnnKcI4xjKpqrKh+X GhPVLKO9+qqq16q2TMkbjm8Te8MQQAralBx2Smiw0XtjMvXP/+0tQ9Llu3aTknrg onqktV3ruontJE0wI7wNaQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIAj3Dmpo2uWMwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQxNzA5MDU0MloX DTI3MDQxNzA5MDU0MlowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMp4Zpa8sVvcUPSFZT5B/ajJM5EMTH+dB2S5eKMNcNS4I8qmAzIZpr1/xRBBQQx3 0843UKYwl82C0/968jZ7wJ/f8CWb5MB8mBIvBemy7JU8qJqmQP2qGWW6Pw+7lFtu zPJrJhOuL3Oob59n5tP64PCIeOgxoHKZz6G8lFWD0/t+M4hIgkhC0gmmHl0s0gnO f0iao/oCZpRWjUA1WIIAiVP9qmvrSkblUrPOEnV1szfcUWX34tlyWIICCt3wFWRF 0haSPY3kAsGzuXomy52qDByJB8PBVNO7ij6twYdEnfzvMYX+b7I9c5Oq+0axKeca bD1jZBJl8Cq2pCh5sMPfZXECAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAw7c14z5/BYt04imTftwOtvjJwW+Uh1yNs/EtYbKoS/fj58Hm7pdE5Bll /yqUGcTIucu/eXoNTMHZzKpQi/bqaDBLBgNVHSMERDBCgEDSgTyS5TDuMOzeR0Jb g3TqocM2J+55IVhDBHLeF/y1mMIR8QWkguO+n45RaQcVWxzkV1ta0i/bt9eJZQ8u xm5cMEsGA1UdEQREMEKCQCouYXBwcy5hNTA2ZDIxOS1lNDk1LTRlYmQtODc3Mi1l YzMwYjFiZDNjOWIucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAHzOtgxSUK3Bfl5gHVps5qb2F7Qacu2sf/O7CAFEmSiFfYrNjShAnea8yD3O 2sFLDJgCC0enhfN6BjZYCiBjVX23ph2p/EiiY/Zci92ki2mOxJpD643lvllLPXpg 8yvpH5XxoJm6w5JrnchIX7XjqVpbDFPL+d4k43c3mQt4tx4+TrsIhMcl+Th7YmHk dYf47xVzm9OWQC/6T6fcfcdvO2hAmsIXLJjoiulCj1uzHGLURMzu5P1xJEWzwRLb /Nw6g0VmdDDBtz5R4Hts5Lh0wgY/gJQaiIr1LyhBRmQZa/uqx0dWjP8yjYabkW/E jIaEs1DoYP1NPXjzN66NgeBOoQY= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-17T09:07:19Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-17T09:07:45Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "2915" uid: 38b2b6b8-e796-4a24-9e74-a94e6bef5710 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-17T09:07:22Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"57bf6868-2b08-4d6e-a31b-a58a031a0087"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T09:07:22Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 57bf6868-2b08-4d6e-a31b-a58a031a0087 resourceVersion: "2379" uid: c262cbf4-eecf-40a6-a599-12e97b15bb99 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIVPhIcUNYttIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjQxNzIwNTAe Fw0yNjA0MTcwOTEzMjRaFw0yODA2MTUwOTEzMjVaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY0MTcyMDUwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw6XoDDrY9Y3Ke3T6VUdaU4zN2RQIOel1A lrd0/lCFZ75J1K0hYa1usOprodGQOr/LF4HViYaGQA351yjWzUjnVsYdWkv3HzSz cIgJzYW/rPAgxF5TK7ixK/95KCoP15G45RXjkgL6gshqFOQ6jCG9aye2E5cBPjfe v0CJXNCflkg7y5PrZ6iL0NEl1EnQ2Uma3xEFy4W5zHfx3FiCHRHgM4ipx9XUm96A KNz7yTUF5qzuz7X7iABYJ3cMoHG0OSnCMvhg7O+QDDn07LqfXQC2vQkVOe+OXxGp Bwk6wWm9DLsa10NvoQx6gI+Dv6y/3rfV6fN2aFOtxdv4gB1vnhe/AgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQq/0kP NLL+z6CP1JK7xIBLvawhzDAfBgNVHSMEGDAWgBQq/0kPNLL+z6CP1JK7xIBLvawh zDANBgkqhkiG9w0BAQsFAAOCAQEAQIKitzOj8UWGADN7nkflkX1k1J3tDgWyFdKp I1C2vNpPz4p6LWSHkCT9ZpJHXrjZlggOYIs/y88SHRC1UbEGtlsoka4V/DPe/2NN FlFNXmsITfMnmGws4UMyOMI1hXLuFAaUFEzYViHUrv72YDaXYpNlptiVVAEiSBcW 7Wmv3yVKtKcwkaeM56pDgvigc3gOSHjQ+Z2XLxNur5HHG1DUeCQyMui5xM5y1i6I r8xsLrkb9OX8JKoUjQnDlge/jKWC8bYSrRbLg9+zI4EEsJLWmD8I8+0sCjbZmaPZ gU0pRt1JmL9/LqP6WMbbYuunZ+0GudR/jxFktnP4cTuQXIoSNA== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-17T09:07:19Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-17T09:07:19Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-17T09:13:37Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8138" uid: 98291442-cc7c-415d-bccc-edbbbb4e557b - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-17T09:07:22Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"57bf6868-2b08-4d6e-a31b-a58a031a0087"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-17T09:07:22Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 57bf6868-2b08-4d6e-a31b-a58a031a0087 resourceVersion: "2377" uid: 2625a91a-8363-4569-bd22-957da3598734 kind: ConfigMapList metadata: resourceVersion: "13918"