feat(hypershift/gcp): add e2e-v2 GKE workflow and presubmit job by cristianoveiga · Pull Request #77007 · openshift/release

cristianoveiga · 2026-03-27T21:33:16Z

Summary

CNTRLPLANE-2904: Add a v2 e2e CI workflow for HyperShift GCP on GKE.

hypershift-gcp-create chain — creates a GCP HostedCluster using the hypershift create cluster gcp CLI and waits for version rollout
hypershift-gcp-destroy chain — destroys the HostedCluster CR with a grace period for ExternalDNS cleanup
hypershift-gcp-gke-e2e-v2 workflow — reuses all v1 pre steps (GKE provisioning, prerequisites, operator install, WIF/network setup) and adds the new create/destroy chains with the shared hypershift-e2e-v2 test chain
e2e-v2-gke presubmit — optional job triggered on GCP-related file changes

Also includes the DNS zone name fix and error surfacing from #76993.

v1 vs v2 differences

	v1 (`e2e-gke`)	v2 (`e2e-v2-gke`)
Cluster lifecycle	Managed internally by test framework	Explicit create/destroy chains
Test binary	`hack/ci-test-e2e.sh` (v1)	`bin/test-e2e-v2` (Ginkgo v2)
Cleanup	ExternalDNS killed with GKE cluster	HostedCluster CR deleted first, ExternalDNS cleans up DNS

Dependencies

fix(hypershift/gcp): correct DNS zone name and surface cleanup errors #76993 — DNS zone name fix (included in this branch)
openshift-online/gcp-hcp-infra#429 — DNS permissions for hypershift-ci SA

Test plan

make update succeeds
Step registry validation passes
Rehearsal: /pj-rehearse pull-ci-openshift-hypershift-main-e2e-v2-gke

🤖 Generated with Claude Code

cristianoveiga · 2026-03-27T21:37:00Z

/pj-rehearse pull-ci-openshift-hypershift-main-e2e-v2-gke

cristianoveiga · 2026-03-27T21:52:07Z

/pj-rehearse pull-ci-openshift-hypershift-main-e2e-v2-gke

cristianoveiga · 2026-03-27T22:02:06Z

/pj-rehearse pull-ci-openshift-hypershift-main-e2e-v2-gke

cristianoveiga · 2026-03-27T22:12:59Z

/retest-required

cristianoveiga · 2026-03-28T11:55:28Z

/pj-rehearse pull-ci-openshift-hypershift-main-e2e-v2-gke

openshift-ci-robot · 2026-03-28T11:55:32Z

@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

cristianoveiga · 2026-03-28T15:13:50Z

/pj-rehearse pull-ci-openshift-hypershift-main-e2e-v2-gke

openshift-ci-robot · 2026-03-28T15:13:53Z

@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

CNTRLPLANE-2904: Add a v2 e2e CI workflow for HyperShift GCP on GKE. - hypershift-gcp-create chain: creates a GCP HostedCluster using the hypershift CLI and waits for version rollout - hypershift-gcp-destroy chain: destroys the HostedCluster CR with grace period for ExternalDNS cleanup - hypershift-gcp-gke-e2e-v2 workflow: reuses v1 pre steps with new create/destroy chains and shared hypershift-e2e-v2 test chain - e2e-v2-gke presubmit: optional job triggered on GCP file changes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

cristianoveiga · 2026-04-03T17:31:32Z

/pj-rehearse pull-ci-openshift-hypershift-main-e2e-v2-gke

openshift-ci-robot · 2026-04-03T17:31:36Z

@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

cristianoveiga · 2026-04-06T20:48:38Z

/pj-rehearse pull-ci-openshift-hypershift-main-e2e-v2-gke

openshift-ci-robot · 2026-04-06T20:48:41Z

@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

devguyio · 2026-04-08T10:51:16Z

/cc @devguyio

cblecker

A few nits on documentation accuracy, a missing file guard in the destroy chain, and some shellcheck findings. Nothing blocking — nice work on the v2 workflow structure.

cblecker · 2026-04-09T01:33:41Z

+    commands: |-
+      set -exuo pipefail
+
+      CLUSTER_NAME="$(cat ${SHARED_DIR}/cluster-name)"


nit: If hypershift create cluster gcp fails before writing ${SHARED_DIR}/cluster-name, this cat will error under set -euo pipefail and the destroy step aborts without attempting cleanup.

Since the step has best_effort: true, it won't fail the job, but it will produce a noisy error. The existing hypershift-gcp-gke-deprovision-commands.sh demonstrates a guard pattern:

if [[ ! -f "${SHARED_DIR}/cluster-name" ]]; then echo "WARNING: cluster-name not found — create step may not have completed. Skipping destroy." exit 0 fi

Also, shellcheck flags ${SHARED_DIR}/cluster-name as unquoted here (SC2086) — should be "${SHARED_DIR}/cluster-name".

cblecker · 2026-04-09T01:33:43Z

+    2. hypershift-gcp-gke-provision: Create GCP projects, VPC, and GKE cluster
+    3. hypershift-gcp-gke-prerequisites: Install CRDs and cert-manager on GKE
+    4. hypershift-install: Install the HyperShift operator
+    5. hypershift-gcp-control-plane-setup: Configure WIF and webhook TLS


nit: The hypershift-gcp-control-plane-setup step configures Workload Identity for PSC operator and ExternalDNS — there's no webhook TLS configuration in that step.

Suggestion:

5. hypershift-gcp-control-plane-setup: Configure GCP Workload Identity for PSC and ExternalDNS

Good catch - this was outdated, indeed. Fixed.

cblecker · 2026-04-09T01:33:44Z

+      documentation: "Number of nodes for the hosted cluster NodePool."
+    - name: HYPERSHIFT_GCP_BOOT_IMAGE
+      default: ""
+      documentation: "GCP boot image for hosted cluster nodes (RHCOS image path). If empty, uses the default from the release image."


nit: The doc says "If empty, uses the default from the release image" but the code on line 49 falls back to a hardcoded RHCOS image path (projects/rhcos-cloud/global/images/rhcos-9-6-20250925-0-gcp-x86-64), not a dynamic default from the release image.

Suggestion to match reality:

documentation: "GCP boot image for hosted cluster nodes (RHCOS image path). If empty, falls back to a pinned default (see TODO GCP-440)."

cblecker · 2026-04-09T01:33:45Z

+      '
+
+      if [[ $? -ne 0 ]]; then
+        cat << EOF > ${ARTIFACT_DIR}/junit_hosted_cluster.xml


nit (shellcheck SC2086): ${ARTIFACT_DIR} is unquoted in the heredoc redirect here and on line 119. Same for hostedcluster/${HC_NAME} on lines 110-111.

Low risk in CI (these paths won't contain spaces), but quoting would be more correct:

cat << EOF > "${ARTIFACT_DIR}/junit_hosted_cluster.xml"

cblecker · 2026-04-09T01:33:47Z

+
+    Reads infrastructure configuration from SHARED_DIR files created by
+    hypershift-gcp-gke-provision, hypershift-gcp-hosted-cluster-setup,
+    and hypershift-gcp-control-plane-setup.


nit: hypershift-gcp-control-plane-setup doesn't write any SHARED_DIR files consumed by this chain — it only annotates ServiceAccounts and restarts deployments. All the files read here (wif-*, *-sa, hc-vpc-name, hc-subnet-name, etc.) come from hypershift-gcp-hosted-cluster-setup, while gcp-region and hosted-cluster-project-id come from hypershift-gcp-gke-provision.

Suggestion:

Reads infrastructure configuration from SHARED_DIR files created by hypershift-gcp-gke-provision and hypershift-gcp-hosted-cluster-setup.

- Add guard for missing cluster-name file in destroy chain - Fix quoting for SHARED_DIR and ARTIFACT_DIR paths (SC2086) - Fix control-plane-setup description (WIF for PSC/ExternalDNS, not webhook TLS) - Fix HYPERSHIFT_GCP_BOOT_IMAGE docs to reference pinned default and TODO GCP-440 - Remove incorrect hypershift-gcp-control-plane-setup SHARED_DIR attribution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

cristianoveiga · 2026-04-09T11:26:39Z

/pj-rehearse pull-ci-openshift-hypershift-main-e2e-v2-gke

openshift-merge-bot · 2026-04-09T11:26:42Z

@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

openshift-merge-bot · 2026-04-09T11:30:15Z

[REHEARSALNOTIFIER]
@cristianoveiga: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-hypershift-main-e2e-kubevirt-aws-ovn	openshift/hypershift	presubmit	Presubmit changed
pull-ci-openshift-hypershift-main-e2e-v2-gke	openshift/hypershift	presubmit	Presubmit changed
pull-ci-openshift-hypershift-main-okd-scos-e2e-aws-ovn	openshift/hypershift	presubmit	Presubmit changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

cristianoveiga · 2026-04-09T13:44:28Z

/pj-rehearse ack

openshift-merge-bot · 2026-04-09T13:44:31Z

@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

cblecker · 2026-04-09T18:40:07Z

/lgtm
/approve

openshift-ci · 2026-04-09T18:40:41Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cblecker, cristianoveiga

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~ci-operator/config/openshift/hypershift/OWNERS~~ [cblecker]
~~ci-operator/jobs/openshift/hypershift/OWNERS~~ [cblecker]
~~ci-operator/step-registry/hypershift/gcp/OWNERS~~ [cblecker,cristianoveiga]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci · 2026-04-09T18:54:02Z

@cristianoveiga: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

…shift#77007) * feat(hypershift/gcp): add e2e-v2 GKE workflow and presubmit job CNTRLPLANE-2904: Add a v2 e2e CI workflow for HyperShift GCP on GKE. - hypershift-gcp-create chain: creates a GCP HostedCluster using the hypershift CLI and waits for version rollout - hypershift-gcp-destroy chain: destroys the HostedCluster CR with grace period for ExternalDNS cleanup - hypershift-gcp-gke-e2e-v2 workflow: reuses v1 pre steps with new create/destroy chains and shared hypershift-e2e-v2 test chain - e2e-v2-gke presubmit: optional job triggered on GCP file changes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(hypershift/gcp): address review feedback on e2e-v2 GKE workflow - Add guard for missing cluster-name file in destroy chain - Fix quoting for SHARED_DIR and ARTIFACT_DIR paths (SC2086) - Fix control-plane-setup description (WIF for PSC/ExternalDNS, not webhook TLS) - Fix HYPERSHIFT_GCP_BOOT_IMAGE docs to reference pinned default and TODO GCP-440 - Remove incorrect hypershift-gcp-control-plane-setup SHARED_DIR attribution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

cristianoveiga force-pushed the cntrlplane-2904 branch from 46fc27f to 3456bb6 Compare March 27, 2026 21:48

cristianoveiga marked this pull request as ready for review March 27, 2026 22:00

cristianoveiga force-pushed the cntrlplane-2904 branch 2 times, most recently from b8004ec to 0387ab2 Compare March 28, 2026 15:12

cristianoveiga force-pushed the cntrlplane-2904 branch from 0387ab2 to 639f29b Compare March 30, 2026 18:38

openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 30, 2026

openshift-ci-robot added the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label Mar 30, 2026

cristianoveiga force-pushed the cntrlplane-2904 branch from 639f29b to c9dfeec Compare April 1, 2026 13:00

openshift-ci Bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 1, 2026

openshift-ci-robot removed the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label Apr 1, 2026

cristianoveiga force-pushed the cntrlplane-2904 branch from c9dfeec to 6ad023d Compare April 3, 2026 17:28

openshift-ci Bot requested a review from devguyio April 8, 2026 10:51

cblecker reviewed Apr 9, 2026

View reviewed changes

openshift-merge-bot Bot deleted a comment from openshift-ci-robot Apr 9, 2026

openshift-merge-bot Bot added the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label Apr 9, 2026

openshift-ci Bot assigned cblecker Apr 9, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Apr 9, 2026

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 9, 2026

openshift-merge-bot Bot merged commit f625a66 into openshift:main Apr 9, 2026
18 checks passed

Conversation

cristianoveiga commented Mar 27, 2026 • edited by atlassian Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

v1 vs v2 differences

Dependencies

Test plan

Uh oh!

cristianoveiga commented Mar 27, 2026

Uh oh!

cristianoveiga commented Mar 27, 2026

Uh oh!

cristianoveiga commented Mar 27, 2026

Uh oh!

cristianoveiga commented Mar 27, 2026

Uh oh!

cristianoveiga commented Mar 28, 2026

Uh oh!

openshift-ci-robot commented Mar 28, 2026

Uh oh!

cristianoveiga commented Mar 28, 2026

Uh oh!

openshift-ci-robot commented Mar 28, 2026

Uh oh!

cristianoveiga commented Apr 3, 2026

Uh oh!

openshift-ci-robot commented Apr 3, 2026

Uh oh!

cristianoveiga commented Apr 6, 2026

Uh oh!

openshift-ci-robot commented Apr 6, 2026

Uh oh!

devguyio commented Apr 8, 2026

Uh oh!

cblecker left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

cristianoveiga commented Apr 9, 2026

Uh oh!

openshift-merge-bot Bot commented Apr 9, 2026

Uh oh!

openshift-merge-bot Bot commented Apr 9, 2026

Uh oh!

cristianoveiga commented Apr 9, 2026

Uh oh!

openshift-merge-bot Bot commented Apr 9, 2026

Uh oh!

cblecker commented Apr 9, 2026

Uh oh!

openshift-ci Bot commented Apr 9, 2026

Uh oh!

openshift-ci Bot commented Apr 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

cristianoveiga commented Mar 27, 2026 •

edited by atlassian Bot

Loading