OCPBUGS-83863: Remove version-specific CNI binary copy logic

[sdodson]

Summary

• Remove all OS detection (/host/etc/os-release sourcing, RHEL version case statements) from both cnibincopy scripts
• Consolidate RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, and DEFAULT_SOURCE_DIRECTORY env vars into a single SOURCE_DIRECTORY in multus.yaml
• Copy ovn-k8s-cni-overlay directly from /usr/libexec/cni/ instead of probing version-specific subdirectories
• Remove the os-release host volume mount from all cnibincopy init containers and the multus DaemonSet

By the time version-specific paths would be needed again (RHEL 11+), all in-cluster components will use native FIPS, making this logic permanently unnecessary.

This unblocks removing rhel8 build stages from upstream images (openshift/ovn-kubernetes#3149, openshift/multus-cni#285).

Test plan

• Verify OVN CNI shim binary is correctly copied on RHEL 9 CoreOS nodes
• Verify multus and ancillary CNI plugin binaries are correctly copied on RHEL 9 nodes
• Verify no regression on clusters with current images

Summary by CodeRabbit

• Chores
  • Simplified network plugin configuration by removing OS-specific detection logic from multus and OVN-Kubernetes setup scripts, streamlining the deployment process.

[openshift-ci-robot]

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

• Replace hardcoded rhel8/rhel9 case statements in both cnibincopy scripts with dynamic OS version detection that tries the version-specific directory first and falls back to the default path when it doesn't exist
• Remove all RHEL8_SOURCE_DIRECTORY env vars from multus init containers
• Update Fedora CoreOS hardcoded rhelmajor from 8 to 9

This unblocks removing rhel8 build stages from upstream images (openshift/ovn-kubernetes#3149, openshift/multus-cni#285) and is forwards-compatible with future RHEL versions — adding RHEL 10 support only requires adding RHEL10_SOURCE_DIRECTORY env vars to the init containers.

Files changed

• bindata/network/ovn-kubernetes/common/008-script-lib.yaml — cni-bin-copy() now tries /usr/libexec/cni/rhel${rhelmajor}, falls back to /usr/libexec/cni/
• bindata/network/multus/multus.yaml — cnibincopy.sh dynamically looks up RHEL${rhelmajor}_SOURCE_DIRECTORY via bash indirect reference, falls back to DEFAULT_SOURCE_DIRECTORY

Test plan

• Verify OVN CNI shim binary is correctly copied on RHEL 9 CoreOS nodes
• Verify multus and ancillary CNI plugin binaries are correctly copied on RHEL 9 nodes
• Verify graceful fallback to default directory when version-specific directory is absent
• Verify no regression on clusters with current images (rhel9 directories still present)

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Removed OS/version-based CNI source selection and replaced it with a single required SOURCE_DIRECTORY environment variable; scripts now read SOURCE_DIRECTORY, log the chosen source, and copy directly from it. Corresponding DaemonSet/ConfigMap YAML removed os-release mounts and RHEL8/RHEL9/DEFAULT env vars and set SOURCE_DIRECTORY per container/initContainer.

Changes

Multus manifests

Layer / File(s)	Summary
DaemonSet env and mounts bindata/network/multus/multus.yaml	Removed RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, and DEFAULT_SOURCE_DIRECTORY env vars; added SOURCE_DIRECTORY env var for kube-multus container and all CNI/binary copy initContainers.
Remove os-release mounts/volumes bindata/network/multus/multus.yaml	Removed /host/etc/os-release volumeMounts from containers and deleted the os-release volume entries used for host OS detection.
Per-plugin SOURCE_DIRECTORY values bindata/network/multus/multus.yaml	Set explicit SOURCE_DIRECTORY values for each copy initContainer (e.g., multus CNI path, /bondcni/ for bond plugin, plugin-specific /usr/src/.../bin/).

OVN Kubernetes script lib & cni copy

Layer / File(s)	Summary
cni-bin-copy implementation change bindata/network/ovn-kubernetes/common/008-script-lib.yaml	Simplified cni-bin-copy() to use a fixed source path for the overlay (/usr/libexec/cni/ovn-k8s-cni-overlay), log the source directory, and perform a direct cp into /cni-bin-dir/. Removed host OS detection and rhel-major branching.
Script contract: SOURCE_DIRECTORY usage bindata/network/ovn-kubernetes/common/008-script-lib.yaml, bindata/network/multus/multus.yaml	Script now expects SOURCE_DIRECTORY (set in YAML) instead of per-version env vars; callers updated in manifests to provide the concrete source paths.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: removing version-specific CNI binary copy logic from the codebase, which is reflected in both modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only YAML ConfigMap files containing shell scripts, not Ginkgo test code. Repository uses standard Go testing, not Ginkgo patterns. Check not applicable.
Test Structure And Quality	✅ Passed	PR modifies only YAML configuration files containing shell scripts, not Ginkgo test code. The custom check is not applicable.
Microshift Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests. The changes are limited to YAML configuration files containing shell scripts for CNI binary copying. The custom check is not applicable to this PR.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR modifies only YAML configuration files with embedded shell scripts for CNI setup. No Ginkgo e2e tests are added, so this check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR removes OS detection without introducing topology-breaking constraints. Uses only generic OS nodeSelector, universal tolerations, no anti-affinity or topology spread constraints.
Ote Binary Stdout Contract	✅ Passed	PR modifies only YAML config files with embedded shell scripts. No Go code changes to binaries. OTE stdout contract check is not applicable to shell script modifications.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. Changes are limited to YAML configuration files for CNI binary copying logic. Check not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

bindata/network/multus/multus.yaml (1)

24-26: Also validate that DEFAULT_SOURCE_DIRECTORY is an existing directory.

Right now only variable presence is validated. Add a -d check so failures are explicit and happen before copy-time exits.

Suggested patch

 if [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then
   log "FATAL ERROR: You must set the DEFAULT_SOURCE_DIRECTORY env variable"
   exit 1
 fi
+if [ ! -d "$DEFAULT_SOURCE_DIRECTORY" ]; then
+  log "FATAL ERROR: DEFAULT_SOURCE_DIRECTORY ($DEFAULT_SOURCE_DIRECTORY) does not exist"
+  exit 1
+fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bindata/network/multus/multus.yaml` around lines 24 - 26, The script
currently checks only for presence of DEFAULT_SOURCE_DIRECTORY; modify the
validation around that variable (the if block referencing
DEFAULT_SOURCE_DIRECTORY and the log function) to also verify it is an existing
directory (use a -d style check), and if the check fails call log with a clear
fatal message including the variable name and then exit 1 so failures occur
immediately before any copy operations.

bindata/network/ovn-kubernetes/common/008-script-lib.yaml (1)

500-503: Prefer deriving FCOS major dynamically instead of hardcoding 9.

Line 502 hardcodes Fedora CoreOS to RHEL9, which means this path won’t pick rhel10+ directories without another code change. Consider deriving/probing dynamically to keep the new fallback logic future-proof.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bindata/network/ovn-kubernetes/common/008-script-lib.yaml` around lines 500 -
503, The fedora) branch currently hardcodes rhelmajor=9 for FCOS (VARIANT_ID ==
"coreos"); replace that hardcoded assignment with runtime detection: inside the
fedora) block (where VARIANT_ID and rhelmajor are used) probe the host image to
derive the RHEL major version (e.g., parse /etc/os-release fields like
VERSION_ID/ID_LIKE or run an rpm macro query such as rpm -E '%{rhel}' as a
fallback) and set rhelmajor to the detected major number, falling back to a
sensible default only if detection fails.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@bindata/network/multus/multus.yaml`:
- Around line 24-26: The script currently checks only for presence of
DEFAULT_SOURCE_DIRECTORY; modify the validation around that variable (the if
block referencing DEFAULT_SOURCE_DIRECTORY and the log function) to also verify
it is an existing directory (use a -d style check), and if the check fails call
log with a clear fatal message including the variable name and then exit 1 so
failures occur immediately before any copy operations.

In `@bindata/network/ovn-kubernetes/common/008-script-lib.yaml`:
- Around line 500-503: The fedora) branch currently hardcodes rhelmajor=9 for
FCOS (VARIANT_ID == "coreos"); replace that hardcoded assignment with runtime
detection: inside the fedora) block (where VARIANT_ID and rhelmajor are used)
probe the host image to derive the RHEL major version (e.g., parse
/etc/os-release fields like VERSION_ID/ID_LIKE or run an rpm macro query such as
rpm -E '%{rhel}' as a fallback) and set rhelmajor to the detected major number,
falling back to a sensible default only if detection fails.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 899d45c2-d48a-447b-a74a-f98028b409f0

📥 Commits

Reviewing files that changed from the base of the PR and between bdbba59 and 71efd9d.

📒 Files selected for processing (2)

• bindata/network/multus/multus.yaml
• bindata/network/ovn-kubernetes/common/008-script-lib.yaml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bindata/network/multus/multus.yaml`:
- Around line 415-416: The SOURCE_DIRECTORY environment for the bond-cni-plugin
is currently set to the EL9-specific path "/bondcni/rhel9/" which causes the
resolver to construct paths like "/bondcni/rhel${rhelmajor}/rhel9"; change
SOURCE_DIRECTORY to the unversioned base path "/bondcni/" (or alternatively keep
explicit per-RHEL wiring) so the resolver derives the correct per-release
subpaths instead of always falling back to rhel9; update the env var named
SOURCE_DIRECTORY in the bond-cni-plugin container spec accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 88d2ddfe-14cd-40c7-9bc4-3a3bd9a94435

📥 Commits

Reviewing files that changed from the base of the PR and between 71efd9d and a4f2c56.

📒 Files selected for processing (2)

• bindata/network/multus/multus.yaml
• bindata/network/ovn-kubernetes/common/008-script-lib.yaml

[sdodson]

/hold
Need to test all of these together

[sdodson]

/testwith e2e-gcp-ovn openshift/ovn-kubernetes#3149 openshift/multus-cni#285

[openshift-ci]

@sdodson, testwith: Error processing request. ERROR:

could not determine job runs: requested job is invalid. needs to be formatted like: <org>/<repo>/<branch>/<variant?>/<job>. instead it was: e2e-gcp-ovn

[sdodson]

/testwith openshift/cluster-network-operator/master/e2e-gcp-ovn openshift/ovn-kubernetes#3149 openshift/multus-cni#285

[sdodson]

/testwith openshift/cluster-network-operator/master/e2e-gcp-ovn openshift/ovn-kubernetes#3149 openshift/multus-cni#285 openshift/route-override-cni#66 openshift/bond-cni#113 openshift/egress-router-cni#100 openshift/containernetworking-pluigins#228 openshift/whereabouts-cni#405

[openshift-ci]

@sdodson, testwith: Error processing request. ERROR:

could not determine job runs: couldn't get PR from GitHub: openshift/containernetworking-pluigins#228: status code 404 not one of [200], body: {"message":"Not Found","documentation_url":"https://docs.github.com/rest/pulls/pulls#get-a-pull-request","status":"404"}

[sdodson]

/testwith openshift/cluster-network-operator/master/e2e-gcp-ovn openshift/ovn-kubernetes#3149 openshift/multus-cni#285 openshift/route-override-cni#66 openshift/bond-cni#113 openshift/egress-router-cni#100 openshift/containernetworking-plugins#228 openshift/whereabouts-cni#405

[coderabbitai]

🧹 Nitpick comments (1)

bindata/network/multus/multus.yaml (1)

71-73: Normalize the fallback path before reusing it.

This branch keeps SOURCE_DIRECTORY verbatim, so a future caller that passes /usr/src/plugins/bin instead of /usr/src/plugins/bin/ will make Line 82 copy the bin directory itself rather than its contents. Using the already-trimmed value here avoids making the trailing slash part of the script’s API.

♻️ Proposed fix

     if [ -z "$sourcedir" ]; then
       log "WARNING: No version-specific directory found for rhel${rhelmajor}, using ${SOURCE_DIRECTORY}"
-      sourcedir="${SOURCE_DIRECTORY}"
+      sourcedir="${default_trimmed}/"
     fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bindata/network/multus/multus.yaml` around lines 71 - 73, When falling back
to SOURCE_DIRECTORY for sourcedir, normalize the path by removing any trailing
slash before assigning it so callers passing either "/usr/src/plugins/bin" or
"/usr/src/plugins/bin/" behave the same; update the assignment of sourcedir in
the branch that checks if [ -z "$sourcedir" ] to use the already-trimmed value
(or compute a trimmed version of SOURCE_DIRECTORY) so subsequent uses of
sourcedir (e.g., the copy logic later) operate on the directory contents rather
than the directory name.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@bindata/network/multus/multus.yaml`:
- Around line 71-73: When falling back to SOURCE_DIRECTORY for sourcedir,
normalize the path by removing any trailing slash before assigning it so callers
passing either "/usr/src/plugins/bin" or "/usr/src/plugins/bin/" behave the
same; update the assignment of sourcedir in the branch that checks if [ -z
"$sourcedir" ] to use the already-trimmed value (or compute a trimmed version of
SOURCE_DIRECTORY) so subsequent uses of sourcedir (e.g., the copy logic later)
operate on the directory contents rather than the directory name.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8d7eed9b-550f-42ae-a699-05e7a2f2429b

📥 Commits

Reviewing files that changed from the base of the PR and between a4f2c56 and f5f6667.

📒 Files selected for processing (2)

• bindata/network/multus/multus.yaml
• bindata/network/ovn-kubernetes/common/008-script-lib.yaml

[coderabbitai]

🧹 Nitpick comments (2)

bindata/network/ovn-kubernetes/common/008-script-lib.yaml (1)

481-491: 💤 Low value

Outdated function docstring.

The docstring on lines 481-486 states the function "detects the host OS" and requires the /host volume mount, but the implementation now copies from a fixed path without any OS detection. Update the comment to reflect the simplified behavior.

📝 Suggested docstring update

-    # cni-bin-copy() detects the host OS and copies the correct shim binary to
-    # the CNI binary directory.
-    #
-    # Requires the following volume mounts:
-    #   /host
-    #   /cni-bin-dir
+    # cni-bin-copy() copies the CNI shim binary to the CNI binary directory.
+    #
+    # Requires the following volume mounts:
+    #   /cni-bin-dir
     cni-bin-copy()
     {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@bindata/network/ovn-kubernetes/common/008-script-lib.yaml` around lines 481 -
491, The comment above the cni-bin-copy() function is outdated: it claims the
function detects the host OS and requires a /host mount, but the implementation
simply copies a fixed shim from /usr/libexec/cni/ovn-k8s-cni-overlay to
/cni-bin-dir/. Update the docstring for cni-bin-copy() to remove any mention of
OS detection and the /host volume, and instead state that it copies the fixed
shim from /usr/libexec/cni/ovn-k8s-cni-overlay into /cni-bin-dir/ (and list only
the /cni-bin-dir/ mount as required).

bindata/network/multus/multus.yaml (1)

8-9: 💤 Low value

Outdated ConfigMap description.

The annotation states "copy CNI binaries based on host OS" but the script no longer performs OS detection—it copies directly from SOURCE_DIRECTORY.

📝 Suggested description update

   annotations:
     kubernetes.io/description: |
-      This is a script used to copy CNI binaries based on host OS
+      This is a script used to copy CNI binaries from a specified source directory

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@bindata/network/multus/multus.yaml` around lines 8 - 9, Update the
kubernetes.io/description annotation in multus.yaml to reflect current behavior:
the script no longer detects host OS but copies CNI binaries directly from
SOURCE_DIRECTORY; edit the description text (kubernetes.io/description) to
remove references to "based on host OS" and instead state it copies CNI binaries
from SOURCE_DIRECTORY without OS detection.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@bindata/network/multus/multus.yaml`:
- Around line 8-9: Update the kubernetes.io/description annotation in
multus.yaml to reflect current behavior: the script no longer detects host OS
but copies CNI binaries directly from SOURCE_DIRECTORY; edit the description
text (kubernetes.io/description) to remove references to "based on host OS" and
instead state it copies CNI binaries from SOURCE_DIRECTORY without OS detection.

In `@bindata/network/ovn-kubernetes/common/008-script-lib.yaml`:
- Around line 481-491: The comment above the cni-bin-copy() function is
outdated: it claims the function detects the host OS and requires a /host mount,
but the implementation simply copies a fixed shim from
/usr/libexec/cni/ovn-k8s-cni-overlay to /cni-bin-dir/. Update the docstring for
cni-bin-copy() to remove any mention of OS detection and the /host volume, and
instead state that it copies the fixed shim from
/usr/libexec/cni/ovn-k8s-cni-overlay into /cni-bin-dir/ (and list only the
/cni-bin-dir/ mount as required).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ad37a26c-b2a6-418c-8c87-3fd0b41857ec

📥 Commits

Reviewing files that changed from the base of the PR and between f5f6667 and a5c883c.

📒 Files selected for processing (2)

• bindata/network/multus/multus.yaml
• bindata/network/ovn-kubernetes/common/008-script-lib.yaml

[sdodson]

/retest-required

[sdodson]

All of the previous runs happened while Insights and metal clusters were broken.

[sdodson]

/retest-required

[sdodson]

/hold cancel

[danwinship]

This command is pretty non-obvious, and also very specific to right now, where we know that ${sourcedir} contains subdirectories that we don't care about. Once we update the other modules to stop building the versioned binaries, this fix will be unnecessary. Can we just leave it out?

[danwinship]

right, ok, although we weren't using it before, the bond-cni image does include a "default" build at the top level

[danwinship]

/lgtm
we can revert the find+cp fix after the other images are fixed

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, sdodson

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [danwinship]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sdodson]

/verified by CI

[openshift-ci-robot]

@sdodson: This PR has been marked as verified by CI.

Details

In response to this:

/verified by CI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[sdodson]

/retest-required

[sdodson]

/skip

[openshift-ci]

@sdodson: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/security	5294721	link	false	/test security

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[sdodson]

/retest-required

[openshift-ci-robot]

@sdodson: Jira Issue OCPBUGS-83863: Some pull requests linked via external trackers have merged:

The following pull request, linked via external tracker, has not merged:

• openshift/multus-cni#285 is open

All associated pull requests must be merged or unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-83863 has not been moved to the MODIFIED state.

This PR is marked as verified. If the remaining PRs listed above are marked as verified before merging, the issue will automatically be moved to VERIFIED after all of the changes from the PRs are available in an accepted nightly payload.

Details

In response to this:

Summary

• Remove all OS detection (/host/etc/os-release sourcing, RHEL version case statements) from both cnibincopy scripts
• Consolidate RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, and DEFAULT_SOURCE_DIRECTORY env vars into a single SOURCE_DIRECTORY in multus.yaml
• Copy ovn-k8s-cni-overlay directly from /usr/libexec/cni/ instead of probing version-specific subdirectories
• Remove the os-release host volume mount from all cnibincopy init containers and the multus DaemonSet

By the time version-specific paths would be needed again (RHEL 11+), all in-cluster components will use native FIPS, making this logic permanently unnecessary.

This unblocks removing rhel8 build stages from upstream images (openshift/ovn-kubernetes#3149, openshift/multus-cni#285).

Test plan

• Verify OVN CNI shim binary is correctly copied on RHEL 9 CoreOS nodes
• Verify multus and ancillary CNI plugin binaries are correctly copied on RHEL 9 nodes
• Verify no regression on clusters with current images

Summary by CodeRabbit

• Chores
• Simplified network plugin configuration by removing OS-specific detection logic from multus and OVN-Kubernetes setup scripts, streamlining the deployment process.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.