--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.24 creationTimestamp: "2026-06-02T07:57:15Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"174afa1f-be3a-446f-803d-9202952a9001"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-02T07:57:15Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 174afa1f-be3a-446f-803d-9202952a9001 resourceVersion: "2901" uid: 7d898058-e13d-48bf-ba77-e7a5c3de2333 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.24 creationTimestamp: "2026-06-02T07:57:15Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-02T07:57:15Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2875" uid: 2f5dd18b-429f-4111-b254-c705879f9994 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.24 creationTimestamp: "2026-06-02T07:57:15Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"174afa1f-be3a-446f-803d-9202952a9001"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-02T07:57:15Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 174afa1f-be3a-446f-803d-9202952a9001 resourceVersion: "2873" uid: 25806299-adc7-43c1-866b-b8405481d4d4 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIITaMGFoc/APkwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwMjA3NTQ1NFoX DTM2MDUzMDA3NTQ1NFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw33sT4/Wqpaz qlSG74IfztI+cb3TCZ9aJSwynijOt7saAdphEKZefpRh/zm9N9sO58fOjJ6J4ccS ckQOyf+sSHSCO4fZ8LYfjeN/7lr02XP+C2b+d9POBH9HEbdHNfLEgrcgM01NUxut oBl93mUEO3difyTVU4xhebp/St2zebSFM23mgoiIgzYthBY6gd51fsNHbqcB4fdc GpMwsDlVzDvxwOZmAhDUboYXrfzjmLSxtPgSl/KToXj7jvfNuRSsBDQCt1XLT98F fZTq2mnlIyoRwblcsmtyma1vRlN0XIP1Owa1b3IRGKXOID4kKroSY6XVJeOoN9RE L3T5W1YEBwIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAoaYBL+kIoNtyEdRjhX5jGg5eJ0twKZJyjtpFNX8UoC7lGMXI GK6toW4atBWwi29SUxYUBGdxctjJ2HPRjaoO6jANBgkqhkiG9w0BAQsFAAOCAQEA D+lSxXCFGwCe51rsyBX9MvxCRdh2Om9yyYsbjdZDmB0FE9iuTC7xtzK2ksOhK7wc dVhBd1/ne+wJKxzIa0brtCc0JrA6bsBAMJUkGeoFK3UpxseiUg0ovSLYlWONuB0T nzu/S2Svc2H538wdU9Szbk2Abcgykr+LTQLhRdKBUl9jlPpYk+Z3Or/Ikxs+Km0Z CRUCWeMzkwpDQXLTbBVNeM4sKt+0DrFeDykqqzN6oM+gflJOK8sRLY2L/JMZI6J4 u5NlIStT8APGjmES0gFn2256vfLkqvdoYCC30rgi+/anunDp6E+aMaTusXZ3ijog AE3LOp7I9f6Aw95j8ZuvWA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIIyPn4ERNSwAwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwMjA3NTUyNloX DTI3MDYwMjA3NTUyNlowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALe5gVl7afvp4tp2Kfm/nQ5Bz5Ni0DJ7Z2BEXzyk2rZbmqoSyxNLaAzO3WyTwWeV 3v/ViooEHhyVA/BANgxb8nadZa9NTi1egLFgPcus9VIfqS6d3rK1FuvOfuG44jIZ vrp09XjGXwmjfJ4Dk+7JY7QCY8W6E/alYmNmlGv0Sna6UfVFs+oFTI46eR6qLTrr p16jv3CJ0TcztKII4vbTR3my3zKhr7enenJ+mRhZKe66rBHLs9VBV6gbYSaL8Joi t17WLLA4QWEO4NpR7QnqssAqWgHQVWyOUJRaseMaR2GWK9NxV0M1bdYirhYQHDJm tNSdxDTiwB1cxhufFWrNlJECAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAAEha9hb9XNW5IJQCMLsk6LVKkem2/EJq4kzEohVp0/thNJTl1EdQl6rT loOXSRtf/2BCpgEi7F+XrguNyKbi/DBLBgNVHSMERDBCgEChpgEv6Qig23IR1GOF fmMaDl4nS3ApknKO2kU1fxSgLuUYxcgYrq2hbhq0FbCLb1JTFhQEZ3Fy2MnYc9GN qg7qMEsGA1UdEQREMEKCQCouYXBwcy5jZjgyMmM1Ny00NmRmLTQ0OTYtYTdkMy0y ZWM4YTA2MjljODkucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAI3CpZSb78P8+2ITql/bSaKeSG9vdf4hVhibqvD2E9Jo4Ex7ZQA1esyeEozA 8acgGPSZ1x33PJTaJ0xksQyJZe0jV2SEp+43nXu6yeCmG7U9CJKuu61Pck7KTcOF a2qscaba7avDVi2ptPb131wCyqORMUyAdLyuS6o/EgdFKolZvUSw2s/MYvmFmjCQ KlmjHs1BY4/Ha+zzFb7LpZFsjBuE8Kts8efKpMGA/WM+z4zzt3VKufr5CDmZ2k2v 2VwWUmv97VwlJfMCmHfMc+t1moMTlOp2sCTaWSciTyLBRNJarupwwOdg4aogM8tw uChwb6tPOZlySagwScuXJwGunAU= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-02T07:57:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-02T07:57:27Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4043" uid: 6fca6bc6-3415-4231-8576-00fe7e2355ee - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-02T07:57:16Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"174afa1f-be3a-446f-803d-9202952a9001"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-02T07:57:16Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 174afa1f-be3a-446f-803d-9202952a9001 resourceVersion: "2950" uid: 77f1ca0e-cd1e-4924-a98e-bf179ba2fd42 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIYMZXQQbVlNQwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDM4NzM4MTAe Fw0yNjA2MDIwODAzMDBaFw0yODA3MzEwODAzMDFaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODAzODczODEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa8arQ75H0I/Yl7MCNnBv/cb3qD4616l2k Joom0fE5yNKlwhkg5hl8CuI+fGwg4guqJFwMoMIjrQLYRVQiRYcsZM+bKVzoZPNe x5mAMedjwLIRYViJhraDJqUPCBucObvG/IX9BQULptLQNk8tuBJ1IVm282ImJfH3 xQEbR4ziGnm1AIpulp06rYjk6dCvwfbwqo6zKRRBqtNsqRKCy9pBkUJlZVpEuZlJ OmNv5C4oMAaucaQh+tDSOWZfLoQ9O21SRvWX61n6ehF/+RXFJ4ju8KKyyPfFpD1t 153xoXWpk+pE+w+5S+Bnmqq4kXAtZ4gZ72cZG0RJpUzMeYmL0fUrAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRNvXkR RqT2nMrf9icfC13h93OLTTAfBgNVHSMEGDAWgBRNvXkRRqT2nMrf9icfC13h93OL TTANBgkqhkiG9w0BAQsFAAOCAQEA2TI5qsCEZH8KPmEhUM3NswODeTiNsPQNySlu 2MTeTKi+4fVvsaCVO1Sbm2BNSzoRURPhvyoIAMo+YGhSAO7dO/9oUBgZtTWxGaIS +ZC18jpuSSsLx2STXn9MFfTyjTVO4dirmXsfJSSlizEUkJwo8gOeyj+tjzsYOQhM n+H0G1MEswxaXHestkbVb2+bRj49VLtDISTB0SzuIWrNLqWUu2U7Q1le587jTrLB ZBqwIVdp6wV1EYKebCE4fpqogpcBMB6L6ZXbyTLrjlZDuz0AHhpLCB4CKPBkZODt rpAtpJ0y8FI8HlK4Vyvep7AU7iMbF9GgLf25dpVMqqIrK+bn8Q== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-02T07:57:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-02T07:57:27Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-02T08:03:15Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8074" uid: 57e8aa1a-ffdb-40fa-8323-888dc45410dc - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-02T07:57:16Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"174afa1f-be3a-446f-803d-9202952a9001"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-02T07:57:16Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 174afa1f-be3a-446f-803d-9202952a9001 resourceVersion: "2925" uid: c96cb5d8-735d-437f-be61-3c5c783dcd8e kind: ConfigMapList metadata: resourceVersion: "16216"