--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-05T15:07:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"687e0bfa-8d7e-4a4a-926b-f5f4aef5d69b"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-05T15:07:46Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 687e0bfa-8d7e-4a4a-926b-f5f4aef5d69b resourceVersion: "3009" uid: 8ae9d41b-d784-4f22-9eb2-b2c98bee577a - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-05T15:07:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-05T15:07:46Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2998" uid: 41ba3783-b7fd-448a-b439-052756837c16 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-05T15:07:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"687e0bfa-8d7e-4a4a-926b-f5f4aef5d69b"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-05T15:07:46Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 687e0bfa-8d7e-4a4a-926b-f5f4aef5d69b resourceVersion: "2997" uid: f2555f46-77ba-46ae-8fd3-9bb193c82023 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIYBl6UG112NYwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwNTE1MDUyOVoX DTM2MDYwMjE1MDUyOVowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxci+Ln5yZMDg r8mV+EVl1dSScMam61+ST9PTnmEUc/hWNUA9d10/luuomEFg6ZunW63HYdg2viLt BqLYpjlR54GMQGJppGPgxWDzraE2QsX5pwP2LH7R9BNo4EArwux4GBsZXnsD8nEt IxddepBV9yB+f87WWqpJawP6pHq5+7rWtEfF6bo/xfblkmlU+tZ4fEzy/SWBCpgO VxsyXapY1ydOW9rFw1bHk+4g5F7U4xHQMieBT4UvCmCh0U8shLL1cExAUVF3yBH/ lCYoO/4sEIRpxsN/C8m3l4zPz7/rJCato3BVI2xeoSJfHYCsO9fCElcPD5S3SWPG n12zXN51xQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAKWqO3D2/P1LuAPAlSMj9WkwfKOHLxzbfsl4VmcVkla1Bhigu Ql32QRPFcgeYCVoImzagPR66PTfK6GS8UMb6pDANBgkqhkiG9w0BAQsFAAOCAQEA GYwurXJN2z+J+Tpi33pHVzOm3unBZ5xP+LNzTMAJdlIIVXYk2zzGoNT7lZsWsThK yZGnatnotDwd2KP4g8f+SdsmR+NayAo7n5/JCBF6acofTang8uRd9xxENqpbWEf1 UuvlL2LCWMxMNqkHYnFzlr6IQUROfsXhJzVvZ3qzMLHsyE/aeKATdShVy6AUcsHr pWJ43F5o5yOO0K+NTEkiPtGoCfKxEykn0j6tf9N3a3ziSC1F6WNaq2d/PlJnS6kI 1bl1eFwmtKvLpfnfLi13h13dLJyrxWdJUOLydeAwOEDGAfD1tLc6+38U22Vz5c/3 hpr8PtQAQXB7LkJjEoVl+Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIITLbh+TXWb2MwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwNTE1MDYwMloX DTI3MDYwNTE1MDYwMlowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALzFowOuz1LLAgCGyVn801P9aavBCFMPtMAt6Jh39d9ldY52jxj/dkA2Y4COP9Vs 1tuNQrqKdSQE+vZBarnNfdn7gM18Qm9phopdCMAr6dAahtITLrX8WbVlaSe1g3Uq mvzOFy/0y43yDE15beWtWsi4MYsA/oBuJHHCHpYd3rmoEDpKiFc8+uEqX8TJ53Um dDsxrkehlp60Fmu7qDN5mopfSKzce92HZLjK+GHCQVwy0h1rqh6bjHhRjEJk1raZ iYKiI6UxWReh+Fi93Kk17u7JH7TGz7OjbWu85++VbLUlj6KLE3q8qSgjwZSs8DZw C99/q2Zm6RCiWOgWbjf+qEECAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAIul/Kd2bNkfgyT2qCkWp4AAyl4zV5fm8r6L7zOcj2CeJonpjR60ZA8al BNG0t6HocKs5Tb/cWOhDYPYyDtghlzBLBgNVHSMERDBCgEApao7cPb8/Uu4A8CVI yP1aTB8o4cvHNt+yXhWZxWSVrUGGKC5CXfZBE8VyB5gJWgibNqA9Hro9N8roZLxQ xvqkMEsGA1UdEQREMEKCQCouYXBwcy5iYjZjZTZkOC1lNDVlLTQ5ODQtYmJkYi0w YmIyM2YyNjUxMjEucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAEFdBSHbzuzsNkE9+Eg2lw1vgpHnZl8MMAhWl2+nIC5WG4/WdU7xVXt8wPg8 AyBKSKf5mV27aCttfK66NbZmsB3/5NO/zEBew97WM0OQXGfNqQvEQTh9Yn21Qk5q DnxgBeDc6iaB36vpcsXjiicfIX+bxdwCHlfNadIouS8v0kPsz+sDxJJ2/DJlG6iU BYswtXbM91FLgDg2pwtUg1R8LSaXKWMEFpuWUzKd0WtFv/jbtlsnQKR4/DNikTjg ZN8xRVW0p/PdmZ1TbWtVK4GHgZyX6rCEKo+N8Af2SuNalUGmqD9NTLRFMkobmKwW k5NZcPURKLQuDOKE1SIFCrvs7zw= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-05T15:08:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:08:10Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3975" uid: b2067316-08bd-4cd8-af7d-fc37209b09d6 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-05T15:07:47Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"687e0bfa-8d7e-4a4a-926b-f5f4aef5d69b"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-05T15:07:47Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 687e0bfa-8d7e-4a4a-926b-f5f4aef5d69b resourceVersion: "3034" uid: f52a00dc-8c3d-4e18-a469-a41c21373180 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIQdPcvxrEDVgwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDY3MjY5NzAe Fw0yNjA2MDUxNTE4MTZaFw0yODA4MDMxNTE4MTdaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODA2NzI2OTcwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcjfc5C2iMXuBSxEQpKZN3z3nVn4kveC4F rX9Rm+NIP2aArNg77bITDsCeHziFPhbxfsXnt29xg7TJyUpnBnl+9D1VgRiT2jrK YAuHNPjMbAAPdouzug/tB5odzuHxkiyPbv4El/ziTf8iSmbt9eUUAWXPfyY5H4Dh BgSOmbjWRJ5LfpaluLIqMVF7GAkD1yvzVKT1D8LdfwHrJPQXPPauJqvah7wRyqaU f7Ri0YF7ROOGtMlgOANtGfcPogNTNc0wkODBR1lHWOdZr35gs0JOmzdlNJoIBxsR VibreOH9CWtYFRYmOwIIm3kTAS33tprYIx1VA6NGvSKGWt2BpB/BAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRFmujZ H3njtvCzPwz16zqdKUc/6zAfBgNVHSMEGDAWgBRFmujZH3njtvCzPwz16zqdKUc/ 6zANBgkqhkiG9w0BAQsFAAOCAQEAm3nfdtaQu852Su/3CNW/0xqJvqLDMutUcqp8 80qwWeLjYOzRVP92oM02LFR/s6yKHwjBCDC9m6Wf60XYefUmVyDrBzTsh6CK8u8P /d0sZ1BN3BItShcIOMZzHa+yXIip5cDhhdirbm2C4z4Twi8SUBrK4kQo+sn6OmLh 8KWIn3CIayF34QRP8NanfBtGgi/TgL9PBCFh/9wM80iXuOti6BfpvYL8my+XTcss FSfTAZdJ8xa85GRkZD7nOok6lTXfPSIpg0/1uBMqZKGf7Y6tC0qVKqsOOREsCBKp ItLePZzuOptugjvmFE6BV49k1QhS1Vr6tJJt4fBD/kdy3yuO5w== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-05T15:08:09Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-05T15:08:09Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-05T15:18:30Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9081" uid: 61257341-cbdb-4024-af14-7bb6a8a47c34 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-05T15:07:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"687e0bfa-8d7e-4a4a-926b-f5f4aef5d69b"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-05T15:07:46Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 687e0bfa-8d7e-4a4a-926b-f5f4aef5d69b resourceVersion: "3019" uid: 16137f2a-5f87-4e44-ab1d-542f1fd04345 kind: ConfigMapList metadata: resourceVersion: "17041"