--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-23T08:44:07Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"aa2e2f65-303c-412b-b9fc-96c06a47e450"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-23T08:44:07Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: aa2e2f65-303c-412b-b9fc-96c06a47e450 resourceVersion: "2666" uid: 8652fb73-0569-47ae-9239-08a56401f3e2 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-23T08:44:07Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-23T08:44:07Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2658" uid: cd1b6a2e-eb61-4d48-a4fc-bd728fbdf27c - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-23T08:44:07Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"aa2e2f65-303c-412b-b9fc-96c06a47e450"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-23T08:44:07Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: aa2e2f65-303c-412b-b9fc-96c06a47e450 resourceVersion: "2657" uid: 26e022b0-569e-492f-b08f-7d24aaac6c2e - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIHTg6U30zSa8wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQyMzA4NDE1N1oX DTM2MDQyMDA4NDE1N1owJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AjEP7xf5Cgt HEYu8H2GQMcCC8pRVSu4SxVU+fCyAGWrTygMrpPNXxwQh5lw9EgVmNTo7tiY4deD eO8W0xyREWE56qKLmU8SANEz/GCv/6H17MqIrrRs9NqtqPsM4g/atyh26Ny0owWL Bn4WfkPhXHGdhIUd/FWCVCNXBkY3Yd0fTLspQrPCTYQlYpr7XfvO4gBKZryZGosJ KhF4HKq+6e0feWcdhQzprlNWhRNsQjEaw/wcbHq4tP+LjWyUs0bLBYqgmkR4N1kK eJcDsnGfKziPY5zFo12HUk6Wp2H+I0SkWOhfz4/ltqHDEcDwq/Eq30seLbYWcHpb LxGryQY/+wIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAuGKc/Gar4SWCtL/XaBdFSuXab4lbNmNSYSe3XZuDPgmmhTWM flSxgY+AEhGasR2+XRbC5wsXASPNjL/z/UWX5zANBgkqhkiG9w0BAQsFAAOCAQEA DUJ12emcG0BKuA/vdeSbz8FULp9BdOOmrK1w0UE7rAHtGLrWmPagVjDGQbZ0vlkV AmP5Ypi9q4NZ/p8S/UUxclxB7krbjpEOHoioJT9SqDl/925y2QjnHMyK6tmRj5ve 2Q6roPMmfpXAZXoSWRprHFTfmC+Acgszg/6tYKDs3ABSMm4+su57vjwk9+eYzIrA Ugqqr/Cq/WONgrmOiIDzyrTDAYL085kdsEb3K8um/Kna8wUQJSD8u5gGSuFPXP37 y36Jz3UkvBjKZv5stb7ehKEdGg1jfQvCFupyaGYFj70ES/l+T90QxcxhHQSMabJ/ 5XAFakQo1GZeAT/pYZ/x8w== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIDA3k2goQ6BwwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQyMzA4NDIyN1oX DTI3MDQyMzA4NDIyN1owMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN47HJxld8gH4gS3gBgpaI1+bSDDv3qLmzs+LjrhzcV/HOnrETEjZPhWjDYBMtS/ CU6PpWA+ZmbSbJnfh4SFA2JNf6gm0EqxFSpkkNf6JN7kAupytwwREd51NLSRYmh9 ahxbd0n0vI4W/EK1BywVT2bkb2FxVbhL2Qaq16tpeUbMPsCpmJeO4rMrdNpNNW3w VPU97xNNrFOeGM18hkJQGZhbybWls/f7C3HNKrwLPOqK7ezFPqU3GoPGdS3UOcTf oy19v0spVr9Zy5aE3moIYWfekIxRNUQTuICVTb9LMO/sKQBpFdslKbU6XNoYGHVh xG/l9gzvS0E1NEI7fFlXeMcCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAPTDhbrL7TvYm8VLEaGKpG/Q5GxdFb3WpKtA8rrhvX8TYaneqcp3k3Tqt HgxGUUASl0gTer5Q/Mx+vMAJMOlVBDBLBgNVHSMERDBCgEC4Ypz8ZqvhJYK0v9do F0VK5dpviVs2Y1JhJ7ddm4M+CaaFNYx+VLGBj4ASEZqxHb5dFsLnCxcBI82Mv/P9 RZfnMEsGA1UdEQREMEKCQCouYXBwcy4zZWQ4MDkyZC01YWE5LTQyNjItYWZmMS1h OGM2ODU0YTY0OGQucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAG6TYEQ1IhawJWfhgdZGIGZP7W4CbBbM+8NyyFc2MGMSK+2Mo1FvlBhFeavE rkE+8mzYbx96UQ+qfj/Tip+dRCzNa1KFOhR+xRa9x6L+J+X3RNaRUWeEvAOHM4ft HfI42XaFvkqFFWPysiJWLjnWtp/0kMpIg4GVIxu/RiTyJFs75KwKNZC9uRSVVjrH RJTyYipLxufw7xShfTP0iDhSCTyZH4hyv/yr3HOpeWqG7aYaGPgMK7BhVRr6lW+2 iOVpyHZPbK70izWwUTVDlvR7zUfMbKCD8nPulV4UzexvXw2s9Zb6BLS2+BV11O5+ uYkapLJHXaQZDYAdEweG9RyRTOA= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-23T08:44:04Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-23T08:44:35Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4324" uid: 517257ff-11f3-4939-9b4b-0de691d05ae9 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-23T08:44:07Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"aa2e2f65-303c-412b-b9fc-96c06a47e450"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-23T08:44:07Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: aa2e2f65-303c-412b-b9fc-96c06a47e450 resourceVersion: "2679" uid: 1f01fd74-cc66-49e5-92d3-f8270320666a - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIUbWuCk0GXsIwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3NjkzNDIwOTAe Fw0yNjA0MjMwODUwMDhaFw0yODA2MjEwODUwMDlaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY5MzQyMDkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNo5oiVVT2N9iqMzFLyh6WrFBUe/MpZNGi uzT/qf3ZZAD57IFm9c1jMufgEIWDRVB24MW/0GvDXBEjJw369AbsXMJgDbb7qF53 b6JzTVUMhIDTcIsWwJ3gZ+hOMwklEshuxjlPmRGwTh9+Tv6q8sLHS/YPFtig9V67 Nojdup2BzdruQpbdohF4hwAo32eOnYd3/Wg0hVrmRYmyQWDYBVJi0sapH11N3D80 EUWjaLu1nlTptYdpBrQjXZMD/RkAGK8+75RKuB3Jbu1brsG+49xEjmRUya30L54J JK5Duldlx9dxd1KdnyL3RxcQ6Z/QxzLWzcIsxPw034hI19ZhzNYhAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQiwA7V EL9CaoYfEgT9wvEfG+uRczAfBgNVHSMEGDAWgBQiwA7VEL9CaoYfEgT9wvEfG+uR czANBgkqhkiG9w0BAQsFAAOCAQEAXMTyLpTus1FI21iH0+WQijQjAhdOByAQ4OeO GUkCOia9/S6ThgNtAGXcJbPehqSJjNDeFVa+Hq0OyzWNmRVXKYpC+nP0UhUgqeQs KcxegkW9atsF6FGs0nw6AD31kW80a06hxnTwmSuWsb88JU8eiMUChVs4Wu8Wn2YI A9IViBGN79rZglNWYccQ3e6RwleXVDBlQW+EYNh0i7WehBsZbdDcMZ4Y4e7/895M 3J5Zy6nHx9f4+JyDyqwJ09bOif29IqayV8EcUozYpHioSAj7D1X1dI9RsZk3w8n5 BsFouV+Hq0zMW4WLHbnmBRoqyjAYTiv6xpVyn2aTWWC0mbhWhw== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-23T08:44:04Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-23T08:44:04Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-23T08:50:21Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8348" uid: 860f0e01-ebc7-4b0c-9b87-f7c18197a883 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-23T08:44:07Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"aa2e2f65-303c-412b-b9fc-96c06a47e450"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-23T08:44:07Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: aa2e2f65-303c-412b-b9fc-96c06a47e450 resourceVersion: "2674" uid: 06ec4d0b-f773-40fb-bad7-aff59dd83dc6 kind: ConfigMapList metadata: resourceVersion: "25051"