--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-05T11:33:48Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"417395c7-4a1d-446a-bd6e-ed256e959b64"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-05T11:33:48Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 417395c7-4a1d-446a-bd6e-ed256e959b64 resourceVersion: "2502" uid: 5019eb32-1061-4d65-82fa-5ee61cba76c5 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-05T11:33:48Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-05T11:33:48Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2497" uid: a7f4677d-6e1f-444c-8bd7-2ed878330786 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-05T11:33:48Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"417395c7-4a1d-446a-bd6e-ed256e959b64"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-05T11:33:48Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 417395c7-4a1d-446a-bd6e-ed256e959b64 resourceVersion: "2496" uid: 1b3ef991-0234-43a0-9ac5-560b41ffe9d8 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIH2C/4Vvjp+owDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwNTExMzAyMFoX DTM2MDYwMjExMzAyMFowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtr3grRcIp4Ni M8aM1QfM96LIjmfLoFCPLKE4i4EWYGOoQziQ4wepshBuypImGtq9OkN6uOJxBaqC tT5Ow8gz/SgKglDyd2AAvV9PxlMRTQ0kh9faRgPJuFIwDRWCTcy44fZgOHv9IB8S neLcK1Q+bqlAUKqzMV3+SpzlpkXhT2gcYypoOS2kIF7C58KGmCk+gCoN+f4qmiMj vJt5FucTYv7v1+oa62cT4+604+kzw8gYW+yudzwg4qvqLbj/ArSAIAngWVM4Y2hW 09vbXtK5Y4eoa3nJmAzPEOF4yyrjy78oU13Y7Y095imAJwwzYMmr+qli6qjD64Q3 vHH+SDqbTwIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAJgtxGmAxUSVqGulk1L+sZw+b1NJVHZ6k3s6NTT/doSISzzcd 4DsYr3etgR4SZZPndkGa9MWp6e3ciGUJJk0iwTANBgkqhkiG9w0BAQsFAAOCAQEA Glp6SUWy+WYqvnkaNTL8DTzSA0jD8WVaFeSyR9/wXDqAfmw7GZoy//H3Z7rc3+hP HSLl7sw4pO2bebuSppo4Jj4zrk/CZtJHdn6I840Epb6YdovMg0RONm1gt02/na3U Ic7+h3Hq8SnyXy2EnYzCuLIFalDhKT/UT2d4DNuWsdtw6ZQXOnnj0WGcsAZPkwSJ D1EPzomIJ+RyA2yicKTr2t0oBphvoIgVBcwV8W9yG7FdY2JXe+jsubiW2t2hP/rg VZJm9UndY9YbMcSr6H4nUWA9pR6yxVTd3kAG44BWXizuRvelRv3Boo7PL9Y4WqBQ 9YXLSqz1KITLGKENCV6BxA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIcFcAoP/Uni8wDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwNTExMzExNVoX DTI3MDYwNTExMzExNVowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AKOuDYd3Eu2/Nz00tgHnjM/bZfOiEeoNxXaN81GdZ68CCKTAmaC6yNFYCS6wJXSm ZojQmtSQKwyUj2TevJl2t1qSnPo3eh8HvfsmoatQ+ySa1YtVI4LuP7G5Q43/h2Lc 3ZhDSNSbRA9eICqAnPEHWuZtr1+cfq/0h2gHRZbqpwIwb7OYegv0XV7fVehf2uCj QwyleJf1bwiLN8cTSpIuxYMc6w4OkkeKwPfftTCgSOcJSycuRQ3kHVTTUEq86/OX 2lnJccYbpSajgYuQZaA1qs0sV+cG24voCQkzd4OeyiJ1xn100+GX5Mhm9uGHOSH+ mJ4/h3kJUsTVoIN0euWcUX0CAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRAkVtT9RB3wdcmKSqProBHWdeeFThCnb2osZi38sZbfoKrQbvYzXUAchMm 6v6AfOonC7EPLxUWtlc3tyBBc1w57TBLBgNVHSMERDBCgEAmC3EaYDFRJWoa6WTU v6xnD5vU0lUdnqTezo1NP92hIhLPNx3gOxivd62BHhJlk+d2QZr0xanp7dyIZQkm TSLBMEsGA1UdEQREMEKCQCouYXBwcy4yNWVhN2YxZi1jM2YyLTQyMTMtODhmNy1j NDcyM2M4NjQ1ZjAucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBAB15TPnKJafX+FloLMq9NBdu1IkKjf044KHFBI1YgRd6SfAc/zHt0nYugEXv 34cV7stSQ7ZLQiBG239nfaT6zZV3TuBOWXrmIfiWKvfHvWPEi3ohj/OusuKWHekg id9ggBaLWm/A2wr2UL8iIbjsCFnDx3VspkJi8E2+Bb19fGjJZE2nT4PN9hl12y90 XeQfsZWJFEBBEDQWjMoWDUruTQV5+FWy8+noDkOxMX51BlyI+lLBLZtKTOySMQOs t8iW6suC/eKrUU8n+FcK7ptnU/qPbmkEwfYkPKjkyy9NlUYnJOznTj+jZ8neRuBz +lG8mYgNBSNeVlrUcyUPR4D5RRo= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-05T11:34:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:34:10Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "3625" uid: aa89b3d1-8f51-407c-8037-10be60b13622 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-05T11:33:49Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"417395c7-4a1d-446a-bd6e-ed256e959b64"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-05T11:33:49Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 417395c7-4a1d-446a-bd6e-ed256e959b64 resourceVersion: "2514" uid: 83337417-458f-4a1b-8386-beb4d4dfbc2c - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIFB5XVJkqTGswDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MDY1OTYxMTAe Fw0yNjA2MDUxMTQwMTFaFw0yODA4MDMxMTQwMTJaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODA2NTk2MTEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZeNDuWo85Dh8HlV1X9Wl14yvc4Uvv2Jms c6G1RWI/HH+RXgnU7Whh+UC57QC6W/J0rJYhXLd4nc+wczBz9ki0V4vOl1i5GDGg QMapaNvqeooDHars9DXGpcNnpdNbezEq3GWXjAYnGxqoVlfPeWgXuZRfh6fHl6t5 VfE3g6WkLTF8BMAPYOTM+ufpg9jQedNAFJQQ0OuqZm7+ViF2YaCWw0030pkxJhjV vNDwBCQxJ8dZ4e6ul8pFg7GsYSfDKJ0ywKHeoYUqk4N76RBa19OxQP8cXY36dnWg bSIr4o9cUM/+zlQyJtl3WraLiJXPOBSUXCh66a+CucBF/yxVSC3zAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS4OLt5 ru/5Fz37mXJLK8IZjA8UBzAfBgNVHSMEGDAWgBS4OLt5ru/5Fz37mXJLK8IZjA8U BzANBgkqhkiG9w0BAQsFAAOCAQEAETsXIm2ZtvBt3EUhLGUq3GWF0N5GAZxpxOVj DA2xk2arYh4ECW7Avauy01xQVUzfeK25PCubKPn8ERXs60VFFCbuZl7yO+wHFFFj tserHPyp1pmH1X6IqsOI8DORRw+hG6gO/A5i94XuT1kwM5oQ/Z2J5XT3yDu6PGSB rOwQdLz5ipUg03I5cv6bV4G/KQs/OYLnk05U0BK7UxVQIai+JGNZH/TBd0R0FgWx GvvTiGLNO7li6FdnpWHmeEu+XKo6JYAb+QXvyQUffIQK3Bu0LT8Kg4cIcbmN2oU7 QdppUvtpOAa0M44MLUecpa3DpPy3Y3209Gzamjxr25IixyejGA== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-05T11:34:10Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-05T11:34:10Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-05T11:40:23Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "8084" uid: 8d8839f7-c0d9-4bb1-8b13-a3860caa18b0 - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-05T11:33:49Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"417395c7-4a1d-446a-bd6e-ed256e959b64"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-05T11:33:49Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 417395c7-4a1d-446a-bd6e-ed256e959b64 resourceVersion: "2508" uid: f8936d32-823b-4c42-96da-9c61d376403d kind: ConfigMapList metadata: resourceVersion: "16950"