Skip to content

Add Proxy field in NSXServiceAccount CRD#1412

Open
Atish-iaf wants to merge 2 commits into
vmware-tanzu:mainfrom
Atish-iaf:add-proxy-property-in-nsxserviceaccount
Open

Add Proxy field in NSXServiceAccount CRD#1412
Atish-iaf wants to merge 2 commits into
vmware-tanzu:mainfrom
Atish-iaf:add-proxy-property-in-nsxserviceaccount

Conversation

@Atish-iaf
Copy link
Copy Markdown
Contributor

@Atish-iaf Atish-iaf commented Apr 17, 2026
edited
Loading

Test Summary

  1. Existing NSXServiceAccount before applying the patch
apiVersion: nsx.vmware.com/v1alpha1
kind: NSXServiceAccount
metadata:
  creationTimestamp: "2026-04-13T06:06:00Z"
  finalizers:
  - nsxserviceaccount.nsx.vmware.com/finalizer
  generation: 1
  name: cluster-default-antrea
  namespace: antrea-test
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta2
    kind: Cluster
    name: cluster-default
    uid: 0dfc2d6a-e03c-40e1-8870-c3ca066ef5e9
  resourceVersion: "2190994"
  uid: cbbf67cb-3d5d-427b-8101-afcf53188f96
spec: {}
status:
  clusterID: b353932d-0066-4f5d-ad3d-4f0f132ff11b
  clusterName: 86ab913f-fa9b-46d2-988a-8c7d96ca6457-antrea-test-cluster-default-antrea
  conditions:
  - lastTransitionTime: "2026-04-13T06:06:01Z"
    message: Success.
    observedGeneration: 1
    reason: RealizationSuccess
    status: "True"
    type: Realized
  nsxManagers:
  - xx.xx.xxx.xxx:xxx
  phase: realized
  proxyEndpoints: {}
  reason: Success
  secrets:
  - name: cluster-default-antrea-nsx-cert
    namespace: antrea-test
  vpcPath: /orgs/default/projects/86ab913f-fa9b-46d2-988a-8c7d96ca6457/vpcs/antrea-test-default-vpc
  1. Apply the new NSXServiceAccount CRD and replace nsx-operator image with image built using this patch.
  2. Existing NSXServiceAccount gets updated with default value spec.proxy: SupervisorManagementProxy
apiVersion: nsx.vmware.com/v1alpha1
kind: NSXServiceAccount
metadata:
  creationTimestamp: "2026-04-13T06:06:00Z"
  finalizers:
  - nsxserviceaccount.nsx.vmware.com/finalizer
  generation: 1
  name: cluster-default-antrea
  namespace: antrea-test
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta2
    kind: Cluster
    name: cluster-default
    uid: 0dfc2d6a-e03c-40e1-8870-c3ca066ef5e9
  resourceVersion: "8378491"
  uid: cbbf67cb-3d5d-427b-8101-afcf53188f96
spec:
  proxy: SupervisorManagementProxy
status:
  clusterID: b353932d-0066-4f5d-ad3d-4f0f132ff11b
  clusterName: 86ab913f-fa9b-46d2-988a-8c7d96ca6457-antrea-test-cluster-default-antrea
  conditions:
  - lastTransitionTime: "2026-04-13T06:06:01Z"
    message: Success.
    observedGeneration: 1
    reason: RealizationSuccess
    status: "True"
    type: Realized
  nsxManagers:
  - xx.xx.xxx.xxx:xxx
  phase: realized
  proxyEndpoints: {}
  reason: Success
  secrets:
  - name: cluster-default-antrea-nsx-cert
    namespace: antrea-test
  vpcPath: /orgs/default/projects/86ab913f-fa9b-46d2-988a-8c7d96ca6457/vpcs/antrea-test-default-vpc
  1. Register and Install Supervisor Management Proxy Supervisor Service, status.proxyEndpoints gets updated.
apiVersion: nsx.vmware.com/v1alpha1
kind: NSXServiceAccount
metadata:
  creationTimestamp: "2026-04-13T06:06:00Z"
  finalizers:
  - nsxserviceaccount.nsx.vmware.com/finalizer
  generation: 1
  name: cluster-default-antrea
  namespace: antrea-test
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta2
    kind: Cluster
    name: cluster-default
    uid: 0dfc2d6a-e03c-40e1-8870-c3ca066ef5e9
  resourceVersion: "8385548"
  uid: cbbf67cb-3d5d-427b-8101-afcf53188f96
spec:
  proxy: SupervisorManagementProxy
status:
  clusterID: b353932d-0066-4f5d-ad3d-4f0f132ff11b
  clusterName: 86ab913f-fa9b-46d2-988a-8c7d96ca6457-antrea-test-cluster-default-antrea
  conditions:
  - lastTransitionTime: "2026-04-13T06:06:01Z"
    message: Success.
    observedGeneration: 1
    reason: RealizationSuccess
    status: "True"
    type: Realized
  nsxManagers:
  - xx.xx.xxx.xxx:xxx
  phase: realized
  proxyEndpoints:
    addresses:
    - ip: 192.168.0.8
    ports:
    - name: rest-api
      port: 10091
      protocol: TCP
    - name: nsx-rpc-fwd-proxy
      port: 10092
      protocol: TCP
  reason: Success
  secrets:
  - name: cluster-default-antrea-nsx-cert
    namespace: antrea-test
  vpcPath: /orgs/default/projects/86ab913f-fa9b-46d2-988a-8c7d96ca6457/vpcs/antrea-test-default-vpc
  1. Edit NSXServiceAccount to set spec.proxy: VMCIProxy, status.proxyEndpoints gets updated.
apiVersion: nsx.vmware.com/v1alpha1
kind: NSXServiceAccount
metadata:
  creationTimestamp: "2026-04-13T06:06:00Z"
  finalizers:
  - nsxserviceaccount.nsx.vmware.com/finalizer
  generation: 2
  name: cluster-default-antrea
  namespace: antrea-test
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta2
    kind: Cluster
    name: cluster-default
    uid: 0dfc2d6a-e03c-40e1-8870-c3ca066ef5e9
  resourceVersion: "8387801"
  uid: cbbf67cb-3d5d-427b-8101-afcf53188f96
spec:
  proxy: VMCIProxy
status:
  clusterID: b353932d-0066-4f5d-ad3d-4f0f132ff11b
  clusterName: 86ab913f-fa9b-46d2-988a-8c7d96ca6457-antrea-test-cluster-default-antrea
  conditions:
  - lastTransitionTime: "2026-04-13T06:06:01Z"
    message: Success.
    observedGeneration: 1
    reason: RealizationSuccess
    status: "True"
    type: Realized
  nsxManagers:
  - xx.xx.xxx.xxx:xxx
  phase: realized
  proxyEndpoints:
    addresses:
    - ip: 127.0.0.1
    ports:
    - name: rest-api
      port: 10091
      protocol: TCP
    - name: nsx-rpc-fwd-proxy
      port: 10092
      protocol: TCP
  reason: Success
  secrets:
  - name: cluster-default-antrea-nsx-cert
    namespace: antrea-test
  vpcPath: /orgs/default/projects/86ab913f-fa9b-46d2-988a-8c7d96ca6457/vpcs/antrea-test-default-vpc

@zhengxiexie
Copy link
Copy Markdown
Contributor

zhengxiexie commented Apr 17, 2026

Can one of the admins verify this patch?

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 17, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 87.50000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.35%. Comparing base (a6d7207) to head (d87321a).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
.../nsxserviceaccount/nsxserviceaccount_controller.go 50.00% 1 Missing and 1 partial ⚠️
pkg/nsx/services/nsxserviceaccount/cluster.go 95.00% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1412      +/-   ##
==========================================
+ Coverage   75.34%   75.35%   +0.01%     
==========================================
  Files         152      152              
  Lines       25946    25965      +19     
==========================================
+ Hits        19548    19566      +18     
  Misses       5208     5208              
- Partials     1190     1191       +1
Flag Coverage Δ
unit-tests 75.35% <87.50%> (+0.01%) ⬆️
Files with missing lines Coverage Δ
pkg/nsx/services/nsxserviceaccount/cluster.go 78.86% <95.00%> (+0.64%) ⬆️
.../nsxserviceaccount/nsxserviceaccount_controller.go 65.20% <50.00%> (-0.36%) ⬇️

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Atish-iaf Atish-iaf marked this pull request as ready for review April 20, 2026 05:59
@Atish-iaf
Copy link
Copy Markdown
Contributor Author

Atish-iaf commented Apr 20, 2026

Hi @edwardbadboy @liu4480
Could you please help to review this patch ?
Thanks!

liu4480
liu4480 reviewed Apr 20, 2026
View reviewed changes
Comment thread pkg/nsx/services/nsxserviceaccount/cluster.go Outdated
liu4480
liu4480 reviewed Apr 20, 2026
View reviewed changes
Comment thread pkg/apis/legacy/v1alpha1/nsxserviceaccount_types.go
@Atish-iaf Atish-iaf force-pushed the add-proxy-property-in-nsxserviceaccount branch from 06a1c0b to 561ed53 Compare April 21, 2026 10:37
@Atish-iaf Atish-iaf requested a review from liu4480 April 21, 2026 10:48
@Atish-iaf
Add Proxy field in NSXServiceAccount CRD
24510a5 
Signed-off-by: Kumar Atish <kumar.atish@broadcom.com>
@Atish-iaf Atish-iaf force-pushed the add-proxy-property-in-nsxserviceaccount branch from 561ed53 to 11ee4c8 Compare April 22, 2026 06:43
@Atish-iaf
Use constants for port numbers
d87321a 
Signed-off-by: Kumar Atish <kumar.atish@broadcom.com>
@Atish-iaf Atish-iaf force-pushed the add-proxy-property-in-nsxserviceaccount branch from 11ee4c8 to d87321a Compare April 22, 2026 06:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@liu4480 liu4480 Awaiting requested review from liu4480

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Atish-iaf @zhengxiexie @codecov-commenter @liu4480