Add IPv6 and dual-stack support for SubnetIPReservation

wenqiq · wenqiq · commit 4ef05d7f54b5 · 2026-05-19T10:32:01.000+08:00
Signed-off-by: Wenqi Qiu &lt;wenqi.qiu@broadcom.com&gt;
diff --git a/build/yaml/crd/vpc/crd.nsx.vmware.com_subnetipreservations.yaml b/build/yaml/crd/vpc/crd.nsx.vmware.com_subnetipreservations.yaml
@@ -145,8 +145,9 @@ spec:
                 type: array
               ips:
                 description: |-
-                  List of reserved IPs.
-                  Supported formats include: ["192.168.1.1", "192.168.1.3-192.168.1.100", "192.168.2.0/28"]
+                  List of reserved IPs for both IPv4 and IPv6.
+                  Supported formats include: ["192.168.1.1", "192.168.1.3-192.168.1.100", "192.168.2.0/28",
+                  "2001:db8::1", "2001:db8::1-2001:db8::ff", "2001:db8::/64"]
                 items:
                   type: string
                 type: array
diff --git a/build/yaml/samples/nsx_v1alpha1_subnetipreservation.yaml b/build/yaml/samples/nsx_v1alpha1_subnetipreservation.yaml
@@ -1,7 +1,53 @@
+---
+# Example 1: Dynamic IPv4 reservation (numberOfIPs mode, default)
 apiVersion: crd.nsx.vmware.com/v1alpha1
 kind: SubnetIPReservation
 metadata:
-  name: subnet-ipa-1
+  name: subnet-ipr-ipv4
 spec:
   subnet: subnet-1
   numberOfIPs: 10
+---
+# Example 2: Dynamic IPv6 reservation (numberOfIPs mode)
+apiVersion: crd.nsx.vmware.com/v1alpha1
+kind: SubnetIPReservation
+metadata:
+  name: subnet-ipr-ipv6
+spec:
+  subnet: subnet-1-ipv6
+  numberOfIPs: 10
+  ipAddressType: IPV6
+---
+# Example 3: Dynamic dual-stack reservation — reserves 5 IPv4 IPs and 5 IPv6 IPs
+apiVersion: crd.nsx.vmware.com/v1alpha1
+kind: SubnetIPReservation
+metadata:
+  name: subnet-ipr-dualstack
+spec:
+  subnet: subnet-1-dualstack
+  numberOfIPs: 5
+  ipAddressType: IPV4IPV6
+---
+# Example 4: Static IPv4 reservation (reservedIPs mode)
+apiVersion: crd.nsx.vmware.com/v1alpha1
+kind: SubnetIPReservation
+metadata:
+  name: subnet-sipr-ipv4
+spec:
+  subnet: subnet-1
+  reservedIPs:
+    - "192.168.1.1"
+    - "192.168.1.3-192.168.1.100"
+    - "192.168.2.0/28"
+---
+# Example 5: Static IPv6 reservation (reservedIPs mode)
+apiVersion: crd.nsx.vmware.com/v1alpha1
+kind: SubnetIPReservation
+metadata:
+  name: subnet-sipr-ipv6
+spec:
+  subnet: subnet-1-ipv6
+  reservedIPs:
+    - "2001:db8::1"
+    - "2001:db8::10-2001:db8::ff"
+    - "2001:db8:1::/64"
diff --git a/pkg/apis/vpc/v1alpha1/subnetipreservation_types.go b/pkg/apis/vpc/v1alpha1/subnetipreservation_types.go
@@ -45,8 +45,9 @@ type SubnetIPReservationStatus struct {
 	// Conditions described if the SubnetIPReservation is configured on NSX or not.
 	// Condition type ""
 	Conditions []Condition `json:"conditions,omitempty"`
-	// List of reserved IPs.
-	// Supported formats include: ["192.168.1.1", "192.168.1.3-192.168.1.100", "192.168.2.0/28"]
+	// List of reserved IPs for both IPv4 and IPv6.
+	// Supported formats include: ["192.168.1.1", "192.168.1.3-192.168.1.100", "192.168.2.0/28",
+	// "2001:db8::1", "2001:db8::1-2001:db8::ff", "2001:db8::/64"]
 	IPs []string `json:"ips,omitempty"`
 }
 
diff --git a/pkg/controllers/subnetipreservation/subnetipreservation_controller.go b/pkg/controllers/subnetipreservation/subnetipreservation_controller.go
@@ -239,6 +239,15 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		return common.ResultNormal, nil
 	}
 
+	// For dynamic reservations (numberOfIPs), validate that the requested IP address family is
+	// supported by the parent Subnet.
+	if ipReservationCR.Spec.NumberOfIPs > 0 {
+		if err := validateIPAddressTypeCompatibility(subnetCR.Spec.IPAddressType, ipReservationCR.Spec.IPAddressType); err != nil {
+			r.StatusUpdater.UpdateFail(ctx, ipReservationCR, err, err.Error(), setReadyStatusFalse)
+			return common.ResultNormal, nil
+		}
+	}
+
 	nsxSubnet, err := r.SubnetService.GetSubnetByCR(subnetCR)
 	if err != nil {
 		log.Error(err, "failed to get NSX Subnet", "Namespace", subnetCR.Namespace, "Subnet", subnetCR.Name)
@@ -301,6 +310,27 @@ func (r *Reconciler) validateSubnet(ctx context.Context, ns, name string) (*v1al
 	return subnetCR, nil
 }
 
+// validateIPAddressTypeCompatibility checks that the SubnetIPReservation's IPAddressType is
+// compatible with the parent Subnet's IPAddressType. This validation only applies to dynamic
+// reservations (numberOfIPs mode); static reservations (reservedIPs mode) specify IPs directly.
+func validateIPAddressTypeCompatibility(subnetIPAddressType, reservationIPAddressType v1alpha1.IPAddressType) error {
+	// Normalize empty/unset values to IPv4 defaults.
+	if subnetIPAddressType == "" {
+		subnetIPAddressType = v1alpha1.IPAddressTypeIPv4
+	}
+	if reservationIPAddressType == "" {
+		reservationIPAddressType = v1alpha1.IPAddressTypeIPv4
+	}
+	// A dual-stack Subnet supports all reservation IP families.
+	if subnetIPAddressType == v1alpha1.IPAddressTypeIPv4IPv6 {
+		return nil
+	}
+	if subnetIPAddressType != reservationIPAddressType {
+		return fmt.Errorf("SubnetIPReservation IPAddressType %q is incompatible with Subnet IPAddressType %q", reservationIPAddressType, subnetIPAddressType)
+	}
+	return nil
+}
+
 func setReadyStatusTrue(client client.Client, ctx context.Context, obj client.Object, transitionTime metav1.Time, _ ...interface{}) {
 	ipReservationCR := obj.(*v1alpha1.SubnetIPReservation)
 	newConditions := []v1alpha1.Condition{
diff --git a/pkg/controllers/subnetipreservation/subnetipreservation_controller_test.go b/pkg/controllers/subnetipreservation/subnetipreservation_controller_test.go
@@ -398,6 +398,29 @@ func TestReconciler_Reconcile(t *testing.T) {
 			},
 			expectedResult: common.ResultNormal,
 		},
+		{
+			name: "IPAddressType incompatible with Subnet",
+			objects: []client.Object{&v1alpha1.SubnetIPReservation{
+				ObjectMeta: metav1.ObjectMeta{Name: "ipr-1", Namespace: "ns-1"},
+				Spec: v1alpha1.SubnetIPReservationSpec{
+					Subnet:        "subnet-1",
+					NumberOfIPs:   5,
+					IPAddressType: v1alpha1.IPAddressTypeIPv6,
+				},
+			}},
+			preparedFunc: func(r *Reconciler) *gomonkey.Patches {
+				patches := gomonkey.ApplyPrivateMethod(reflect.TypeOf(r), "validateSubnet", func(_ *Reconciler, ctx context.Context, ns string, name string) (*v1alpha1.Subnet, *errorWithRetry) {
+					return &v1alpha1.Subnet{
+						Spec: v1alpha1.SubnetSpec{IPAddressType: v1alpha1.IPAddressTypeIPv4},
+					}, nil
+				})
+				patches.ApplyMethod(reflect.TypeOf(r.IPReservationService.NSXClient), "NSXCheckVersion", func(_ *nsx.Client, feature int) bool {
+					return true
+				})
+				return patches
+			},
+			expectedResult: common.ResultNormal,
+		},
 	}
 	for _, tc := range tests {
 		r := createFakeReconciler(tc.objects...)
@@ -508,6 +531,87 @@ func TestReconcile_validateSubnet(t *testing.T) {
 	}
 }
 
+func TestValidateIPAddressTypeCompatibility(t *testing.T) {
+	tests := []struct {
+		name              string
+		subnetType        v1alpha1.IPAddressType
+		reservationType   v1alpha1.IPAddressType
+		expectedErrSubstr string
+	}{
+		{
+			name:            "IPv4 subnet with IPv4 reservation",
+			subnetType:      v1alpha1.IPAddressTypeIPv4,
+			reservationType: v1alpha1.IPAddressTypeIPv4,
+		},
+		{
+			name:            "IPv4 subnet with empty reservation defaults to IPv4",
+			subnetType:      v1alpha1.IPAddressTypeIPv4,
+			reservationType: "",
+		},
+		{
+			name:              "IPv4 subnet with IPv6 reservation - incompatible",
+			subnetType:        v1alpha1.IPAddressTypeIPv4,
+			reservationType:   v1alpha1.IPAddressTypeIPv6,
+			expectedErrSubstr: "incompatible",
+		},
+		{
+			name:              "IPv4 subnet with dual-stack reservation - incompatible",
+			subnetType:        v1alpha1.IPAddressTypeIPv4,
+			reservationType:   v1alpha1.IPAddressTypeIPv4IPv6,
+			expectedErrSubstr: "incompatible",
+		},
+		{
+			name:            "IPv6 subnet with IPv6 reservation",
+			subnetType:      v1alpha1.IPAddressTypeIPv6,
+			reservationType: v1alpha1.IPAddressTypeIPv6,
+		},
+		{
+			name:              "IPv6 subnet with IPv4 reservation - incompatible",
+			subnetType:        v1alpha1.IPAddressTypeIPv6,
+			reservationType:   v1alpha1.IPAddressTypeIPv4,
+			expectedErrSubstr: "incompatible",
+		},
+		{
+			name:            "Dual-stack subnet with IPv4 reservation",
+			subnetType:      v1alpha1.IPAddressTypeIPv4IPv6,
+			reservationType: v1alpha1.IPAddressTypeIPv4,
+		},
+		{
+			name:            "Dual-stack subnet with IPv6 reservation",
+			subnetType:      v1alpha1.IPAddressTypeIPv4IPv6,
+			reservationType: v1alpha1.IPAddressTypeIPv6,
+		},
+		{
+			name:            "Dual-stack subnet with dual-stack reservation",
+			subnetType:      v1alpha1.IPAddressTypeIPv4IPv6,
+			reservationType: v1alpha1.IPAddressTypeIPv4IPv6,
+		},
+		{
+			name:            "Empty subnet type defaults to IPv4, IPv4 reservation",
+			subnetType:      "",
+			reservationType: v1alpha1.IPAddressTypeIPv4,
+		},
+		{
+			name:              "Empty subnet type defaults to IPv4, IPv6 reservation - incompatible",
+			subnetType:        "",
+			reservationType:   v1alpha1.IPAddressTypeIPv6,
+			expectedErrSubstr: "incompatible",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			err := validateIPAddressTypeCompatibility(tc.subnetType, tc.reservationType)
+			if tc.expectedErrSubstr != "" {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), tc.expectedErrSubstr)
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}
+
 func TestReconcile_CollectGarbage(t *testing.T) {
 	ipr1 := &v1alpha1.SubnetIPReservation{
 		ObjectMeta: metav1.ObjectMeta{
diff --git a/pkg/nsx/services/subnetipreservation/builder.go b/pkg/nsx/services/subnetipreservation/builder.go
@@ -10,13 +10,35 @@ import (
 	"github.com/vmware-tanzu/nsx-operator/pkg/util"
 )
 
+// NSX DynamicIpAddressReservation IP address type values.
+// The CRD uses "IPV4IPV6" (no underscore) while NSX uses "IPV4_IPV6" (with underscore).
+const (
+	nsxIPAddressTypeIPv4     = "IPV4"
+	nsxIPAddressTypeIPv6     = "IPV6"
+	nsxIPAddressTypeIPv4IPv6 = "IPV4_IPV6"
+)
+
+// ipAddressTypeToNSX maps the CRD IPAddressType to the NSX DynamicIpAddressReservation IpAddressType.
+func ipAddressTypeToNSX(ipAddressType v1alpha1.IPAddressType) string {
+	switch ipAddressType {
+	case v1alpha1.IPAddressTypeIPv6:
+		return nsxIPAddressTypeIPv6
+	case v1alpha1.IPAddressTypeIPv4IPv6:
+		return nsxIPAddressTypeIPv4IPv6
+	default:
+		return nsxIPAddressTypeIPv4
+	}
+}
+
 func (s *IPReservationService) buildDynamicIPReservation(ipReservation *v1alpha1.SubnetIPReservation, subnetPath string) *model.DynamicIpAddressReservation {
 	tags := util.BuildBasicTags(getCluster(s), ipReservation, "")
+	ipAddressType := ipAddressTypeToNSX(ipReservation.Spec.IPAddressType)
 	nsxIPReservation := &model.DynamicIpAddressReservation{
-		NumberOfIps: common.Int64(int64(ipReservation.Spec.NumberOfIPs)),
-		Tags:        tags,
-		Id:          common.String(s.buildIPReservationID(ipReservation, subnetPath)),
-		DisplayName: common.String(ipReservation.Name),
+		NumberOfIps:   common.Int64(int64(ipReservation.Spec.NumberOfIPs)),
+		Tags:          tags,
+		Id:            common.String(s.buildIPReservationID(ipReservation, subnetPath)),
+		DisplayName:   common.String(ipReservation.Name),
+		IpAddressType: &ipAddressType,
 	}
 	return nsxIPReservation
 }
diff --git a/pkg/nsx/services/subnetipreservation/builder_test.go b/pkg/nsx/services/subnetipreservation/builder_test.go
