diff --git a/ci-operator/step-registry/hypershift/kubevirt/install/create-external-infra-kubeconfig/hypershift-kubevirt-install-create-external-infra-kubeconfig-commands.sh b/ci-operator/step-registry/hypershift/kubevirt/install/create-external-infra-kubeconfig/hypershift-kubevirt-install-create-external-infra-kubeconfig-commands.sh index 7223a43317e54..e1448e5949d60 100644 --- a/ci-operator/step-registry/hypershift/kubevirt/install/create-external-infra-kubeconfig/hypershift-kubevirt-install-create-external-infra-kubeconfig-commands.sh +++ b/ci-operator/step-registry/hypershift/kubevirt/install/create-external-infra-kubeconfig/hypershift-kubevirt-install-create-external-infra-kubeconfig-commands.sh @@ -84,6 +84,12 @@ rules: - secrets verbs: - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' - apiGroups: - k8s.ovn.org resources: @@ -116,4 +122,34 @@ roleRef: name: kv-external-infra-role EOF +# ClusterRole to read cluster network config (needed for virt-launcher NetworkPolicy CIDR-based egress rules) +oc apply -f - <