From 85695afdb87ddfbccf1ca1d3a44f39612261fe6e Mon Sep 17 00:00:00 2001 From: Christoph Blecker Date: Thu, 30 Apr 2026 11:21:10 -0700 Subject: [PATCH] feat(GCP-431): pass network service account to v2 GKE create chain The v2 GKE e2e workflow (hypershift-gcp-gke-e2e-v2) creates a hosted cluster directly via the hypershift CLI in the hypershift-gcp-create chain. Since openshift/hypershift#7824 made --network-service-account a required flag, the chain must read the network SA saved to SHARED_DIR by hypershift-gcp-hosted-cluster-setup and forward it to the CLI. This is a follow-up to openshift/release#77415, which fixed the same issue for the v1 (hypershift-gcp-run-e2e) flow. Assisted-by: Claude:claude-opus-4-6[1m] --- .../hypershift/gcp/create/hypershift-gcp-create-chain.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ci-operator/step-registry/hypershift/gcp/create/hypershift-gcp-create-chain.yaml b/ci-operator/step-registry/hypershift/gcp/create/hypershift-gcp-create-chain.yaml index f9c0e2786970c..8e1d7b832563d 100644 --- a/ci-operator/step-registry/hypershift/gcp/create/hypershift-gcp-create-chain.yaml +++ b/ci-operator/step-registry/hypershift/gcp/create/hypershift-gcp-create-chain.yaml @@ -34,6 +34,7 @@ chain: CLOUDCONTROLLER_SA="$(<"${SHARED_DIR}/cloudcontroller-sa")" STORAGE_SA="$(<"${SHARED_DIR}/storage-sa")" IMAGEREGISTRY_SA="$(<"${SHARED_DIR}/imageregistry-sa")" + NETWORK_SA="$(<"${SHARED_DIR}/network-sa")" SA_SIGNING_KEY_PATH="$(<"${SHARED_DIR}/sa-signing-key-path")" # Construct base domain and OIDC issuer URL @@ -72,6 +73,7 @@ chain: --cloud-controller-service-account "${CLOUDCONTROLLER_SA}" \ --storage-service-account "${STORAGE_SA}" \ --image-registry-service-account "${IMAGEREGISTRY_SA}" \ + --network-service-account "${NETWORK_SA}" \ --service-account-signing-key-path "${SA_SIGNING_KEY_PATH}" \ --oidc-issuer-url "${OIDC_ISSUER_URL}" \ --boot-image "${GCP_BOOT_IMAGE}" \