--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-21T06:59:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"c7e644ec-1886-4330-b18e-ed6b153721ee"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-21T06:59:27Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: c7e644ec-1886-4330-b18e-ed6b153721ee resourceVersion: "2441" uid: 9c222321-518a-49d9-b676-44238f158962 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-21T06:59:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-04-21T06:59:27Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2436" uid: bfac6602-2582-495a-9988-3adac540d5f8 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-21T06:59:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"c7e644ec-1886-4330-b18e-ed6b153721ee"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-21T06:59:27Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: c7e644ec-1886-4330-b18e-ed6b153721ee resourceVersion: "2434" uid: 4ebef96a-798f-4d26-be4e-ca7d4fdb450e - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIev/W7tmXoKMwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQyMTA2NTY1M1oX DTM2MDQxODA2NTY1M1owJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfXI6Rx50qsO lLlovuvbYxZtZ23teAx4Pi8YRVXdRk8kXH27E09PhklDxLcRrXNej6LthDIs2vWb Dt/NDbEQywMqVpD4h1AbwYwybjr+f70tpA0nly1FmP8JIphmMb8vk8NSyBbtQX3L n45mVtp6ZZRho6nHndX2W+KNGLB/mGlhaQWzXJ7D+xmb97CNCzgvqPbRXYJKRa2h PV6hChQcBTdscoyy5sD9VIOpswoyoJG+dyWIQ9T4sSyO51Cpkh1ZeFEQD1Ho7LqZ XVivwifloJlkjlIH9JwFnSdibLKTPljrCnzP7WCloftUiyC95kDF1McyO7w1TOXy nqgbsRZ4+wIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAhS/h9lSfzCZn0GjEiUBG5tfqUVKbhHuOmU/iRYg2FRdUP6kG 90nUY+9YEZ3ETRVu3pT9ruzY5obICMg/a7469jANBgkqhkiG9w0BAQsFAAOCAQEA aVZXq8Awz/fLoJDv059EYlUZVOAV2GV4melH2tNFxpEziDxt6QEZZrUdik4t7w43 MajPE5Ufxj98Ob/K2vc0gR29sFZfd42JMZL+t/KPWabyiOcgEAggttvqNSVB0fpv JdT906T9O4u0yV1IWq6xF63dC9OpGSpyWt8D+LtWAc3FqbJNQGlxavKj1bzOOXLz gdbMra/T91bN4DuRsNOnNm/QMWPdSKebc4bCBUWz47188RnWYB7ha8G4Kjwy5Seg I3kYUS5tTW0A9n8Y69STDsP3tFPy4+2h6JbodPkOlfD/JXHoRxyNWpn+j6vnR8e+ +MC1ovxO6rIQyEeaL2s/+Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIITeFv2DE9grwwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDQyMTA2NTczM1oX DTI3MDQyMTA2NTczM1owMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AJw53cVpP+5L3G7UbuG8DJudSyJXq71d/gk8J7wCUH1LzX+eWgGMWVofkf8cQxOP quK1KhI0Tf8c4TorW6nf5gcs4dEU6P3zz9sYPr1/TES2jli2peZBRbTfq5sKFGnz Uk78AyPnJ7xwAsQS7iQ4E08Nvk0uouTpaMoonYX7opZ9D/tcpznqU4/kO+icFGZR 3tBrKqLrU8Hz5tO0dJI7aRnMIuDm1DT2c2fweFvYHmYxBRoe2sq6vap2TTIfrpMf zSGJbX1NCHCApmfXVjJJjsBxaAFj2AEoG35/9fgxyIewhPkgh1lyajodPJ904Hmp /1nwaQ34xTQyHWYwvHMHhU0CAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRA33mMB2MaQOSmUYzqi2SN5i5PpSYJWibOEuHc1QRC3Bh8w2hhX/sehjS8 hzM3AeLNwBKCZpDhpdUu9Lsv3hbHbDBLBgNVHSMERDBCgECFL+H2VJ/MJmfQaMSJ QEbm1+pRUpuEe46ZT+JFiDYVF1Q/qQb3SdRj71gRncRNFW7elP2u7NjmhsgIyD9r vjr2MEsGA1UdEQREMEKCQCouYXBwcy5lYzgzY2E2Mi1lZDczLTRkNmItOTc3Zi0y YjVhODYyOTAyOTIucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAFQx2odIpnF2wGJH+WN/9hf0RuYfZPGh7mDdENqNsXSLEfP7sj/MWgpuCudA tSLn/k4kbCgn6U1mE7lb5eUAfJsYWmw09uSoIb1XRjzqaU94LaVIIE13X/ctMMaS ptPNA1duCDzTYR5OYjKI8c6GM0AxZzFqYGyF+o0QBgRCPPFAQxvrfkqyPuPKjxXX r2GwCGORe7IEDFTMr+eCdc8QQJe4J5mFN5FRupNGGuxaCJPeLM5Wz8jpgDJgEvq8 iCIEo77+OiEpf31U6+Xtn8H7P2hWr/DZnTXXUOVl28umd/LLUupkQcNhhLGyrZ7O ibAC+Dpvb5dfJR5q/2VBX+eFhwk= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-04-21T06:59:24Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-04-21T07:00:15Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "4490" uid: 40599a27-f76a-4775-9530-5c83e21dbc66 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-04-21T06:59:28Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"c7e644ec-1886-4330-b18e-ed6b153721ee"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-21T06:59:28Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: c7e644ec-1886-4330-b18e-ed6b153721ee resourceVersion: "2458" uid: 9164cdf1-431a-425c-9f66-224f49328b50 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIC9PVMx0yeDgwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc3Njc1NTAyMDAe Fw0yNjA0MjEwNzAzMzlaFw0yODA2MTkwNzAzNDBaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NzY3NTUwMjAwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCss10t6kOLSVtT83HfJEcNevhVcKO1ZAYE wkcCjS/VWDltjUDPlqrkYo4bHShWUF8FZvcC1P50lH2fFhS/CjcCvA/qGJ2cEM9O PWK3xLlVmO4ui0EruBAWIwLg4bUR4PpUzGYjN27hGqTSpGHbXgnXb8iyQ3ogmpVF qLnor7MHemYDm30auufKDFiwWbnCMSCWUh20ZAvYZoCRtrSs7Sr+YpX+dBAaeNad JEtgYj7EuYIKTMYDkFvqFbRCfJIvZXO3VgewMiNqecc/2yRNjlvQONecGtoxmi4X qm0QwDU5NjDPhlwobTSUMJ+hngE3buu+cZzxwyGgBfEyeheO2I6/AgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSDexOM VseIqS+UrHjLMMbFGdJLwDAfBgNVHSMEGDAWgBSDexOMVseIqS+UrHjLMMbFGdJL wDANBgkqhkiG9w0BAQsFAAOCAQEARZM2r85t1YPu4bBW86+xddxAN4PsgsbXPPNS WWKrr1gCqdYiLhKwhaB0rSSfEFpzsXW9w/K67mDCNmBGdrnM88qXzrpGa/qPsDLW Vt2a44xJ0+cicotthonLz89lTBCEP1bevG+w4een9AvTaP4OLZLaKXthzJvJdm1U QgPlhdEwCt3RgetSS/H1MSOUQwzMBbA7Z3WWqoRVquCUtjpVDF3UJ2iaQskZxZl8 4lwIhE1W/Aa3eEIIdX5XZKpBsfi5OM9AC2CNHiIJQuQ6AboknbRvCYNeuO2mAU1E Q3UbG8oJsZdSBKvD1RaCEhPU1h5vFCt01+uTY2ehcGsGIoR4Qg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-04-21T06:59:24Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-04-21T06:59:24Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-04-21T07:03:54Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "7854" uid: b5e316d7-0566-4eee-a2e0-22ff3fc695e8 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-04-21T06:59:27Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"c7e644ec-1886-4330-b18e-ed6b153721ee"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-04-21T06:59:27Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: c7e644ec-1886-4330-b18e-ed6b153721ee resourceVersion: "2443" uid: 2bad742f-25e2-494f-9af5-446a6dd1ee8e kind: ConfigMapList metadata: resourceVersion: "16321"