Add IPv6 support for IPBlocksInfo CRD by wenqiq · Pull Request #1422 · vmware-tanzu/nsx-operator

wenqiq · 2026-05-02T16:51:17Z

Support VpcConnectivityProfile.Ipv6Blocks in IPBlocksInfo sync

Include paths from VpcConnectivityProfile.Ipv6Blocks into the same
externalIPBlockPaths set as ExternalIpBlocks during IPBlocksInfo
reconciliation. This ensures that external IPv6 IP blocks assigned
to a VPC connectivity profile have their CIDRs and IP ranges
surfaced in the IPBlocksInfo CR (ExternalIPCIDRs / ExternalIPRanges)
without requiring any CRD schema change.

TestDone：

1.Enable VpcIpv6 FSS, Restart proton service.Replace manager, Restart the Operator

service proton restart

2.Create an IPv6 IPBlock (at the global /infra level)

curl -sk -u "${NSX_USER}:${NSX_PASS}" \
  -X PUT \
  -H "Content-Type: application/json" \
  "${NSX_MANAGER}/policy/api/v1/infra/ip-blocks/test-ipv6-block-1" \
  -d '{
    "display_name": "test-ipv6-block-1",
    "cidrs": ["2001:db8::/32"],
    "ip_address_type": "IPV6",
    "visibility": "EXTERNAL"
  }'

3.Create a VPC Connectivity Profile

TGW_PATH="<transit_gateway_path from Step 2>"
EXT_BLOCKS='["<existing external ip block path>"]'  

curl -k -u "${NSX_USER}:${NSX_PASS}" \
  -X PUT \
  -H "Content-Type: application/json" \
  "${NSX_MANAGER}/policy/api/v1/orgs/${ORG}/projects/${PROJECT}/vpc-connectivity-profiles/test-profile-ipv6" \
  -d "{
    \"display_name\": \"test-profile-ipv6\",
    \"transit_gateway_path\": \"${TGW_PATH}\",
    \"external_ip_blocks\": ${EXT_BLOCKS},
    \"ipv6_blocks\": [\"/infra/ip-blocks/test-ipv6-block-1\"]
  }"

Retrieve the default VPC Connectivity Profile details

Create VPC and Attachment

curl -k -u "${NSX_USER}:${NSX_PASS}" \
  -X PUT \
  -H "Content-Type: application/json" \
  "${NSX_MANAGER}/policy/api/v1/orgs/${ORG}/projects/${PROJECT}/vpcs/test-vpc-ipv6" \
  -d '{"display_name": "test-vpc-ipv6"}'

curl -k -u "${NSX_USER}:${NSX_PASS}" \
  -X PUT \
  -H "Content-Type: application/json" \
  "${NSX_MANAGER}/policy/api/v1/orgs/${ORG}/projects/${PROJECT}/vpcs/test-vpc-ipv6/attachments/default" \
  -d "{
    \"display_name\": \"default\",
    \"vpc_connectivity_profile\": \"/orgs/${ORG}/projects/${PROJECT}/vpc-connectivity-profiles/test-profile-ipv6\"
  }"

5.Create VPCNetworkConfiguration

kubectl apply -f - <<EOF
apiVersion: crd.nsx.vmware.com/v1alpha1
kind: VPCNetworkConfiguration
metadata:
  name: test-vpc-config-ipv6
spec:
  nsxProject: "/orgs/${ORG}/projects/${PROJECT}"
  vpc: "test-vpc-ipv6"
EOF

Verify IPBlocksInfo update

codecov-commenter · 2026-05-07T03:41:59Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.03%. Comparing base (ff79596) to head (a590014).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1422      +/-   ##
==========================================
+ Coverage   77.02%   77.03%   +0.01%     
==========================================
  Files         156      156              
  Lines       22048    22058      +10     
==========================================
+ Hits        16983    16993      +10     
  Misses       3859     3859              
  Partials     1206     1206

Flag	Coverage Δ
unit-tests	`77.03% <100.00%> (+0.01%)`	⬆️

Files with missing lines	Coverage Δ
pkg/nsx/services/ipblocksinfo/ipblocksinfo.go	`85.46% <100.00%> (+0.53%)`	⬆️
pkg/nsx/services/nsxserviceaccount/cluster.go	`80.61% <100.00%> (ø)`

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

dantingl

Can you also add test done in commit message?

yanjunz97 · 2026-05-15T02:37:04Z

I notice one more change will need for this PR

nsx-operator/pkg/nsx/services/ipblocksinfo/ipblocksinfo.go

Lines 261 to 270 in 6ae0434

    
           switch *subnet.AccessMode { 
        
           case model.VpcSubnet_ACCESS_MODE_PUBLIC: 
        
           	externalIPCIDRs = append(externalIPCIDRs, subnet.IpAddresses...) 
        
           case model.VpcSubnet_ACCESS_MODE_PRIVATE_TGW: 
        
           	project := fmt.Sprintf("/orgs/%s/projects/%s", vpcInfo.OrgID, vpcInfo.ProjectID) 
        
           	if project == s.defaultProject { 
        
           		privateTGWIPCIDRs = append(privateTGWIPCIDRs, subnet.IpAddresses...) 
        
           	} 
        
           }

Here we add Subnet cidr with privatetgw/public access mode to ipblocksinfo.
IPv6 cidrs are all public and has no access mode. So the logic here shall be updated to
loop the Subnet cidrs,

for ipv4, we keep this check for access mode
for ipv6 cidr, we shall append it to externalIPCIDRs

Support VpcConnectivityProfile.Ipv6Blocks in IPBlocksInfo sync Include paths from VpcConnectivityProfile.Ipv6Blocks into the same externalIPBlockPaths set as ExternalIpBlocks during IPBlocksInfo reconciliation. This ensures that external IPv6 IP blocks assigned to a VPC connectivity profile have their CIDRs and IP ranges surfaced in the IPBlocksInfo CR (ExternalIPCIDRs / ExternalIPRanges) without requiring any CRD schema change. Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

yanjunz97

LGTM, just a nit

yanjunz97 · 2026-05-19T06:52:33Z

 .scannerwork/
 .coverage/
 .golangci-bin/
+vendor


Is this required?

wenqiq marked this pull request as ready for review May 7, 2026 02:57

wenqiq changed the title ~~[WIP]Add IPv6 support for IPBlocksInfo CRD~~ Add IPv6 support for IPBlocksInfo CRD May 10, 2026

wenqiq requested review from TaoZou1 and yanjunz97 May 10, 2026 18:13

wenqiq force-pushed the topic/wenqi/IPBlocksInfo-IPv6 branch from b90dc50 to 3409afc Compare May 10, 2026 18:45

dantingl reviewed May 11, 2026

View reviewed changes

Comment thread pkg/nsx/services/ipblocksinfo/ipblocksinfo.go

Comment thread pkg/nsx/services/ipblocksinfo/ipblocksinfo.go Outdated

wenqiq force-pushed the topic/wenqi/IPBlocksInfo-IPv6 branch 4 times, most recently from 00eb219 to 4dcde75 Compare May 14, 2026 19:05

wenqiq added 2 commits May 17, 2026 01:27

update

a590014

Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

wenqiq force-pushed the topic/wenqi/IPBlocksInfo-IPv6 branch from 4dcde75 to a590014 Compare May 16, 2026 17:31

yanjunz97 approved these changes May 19, 2026

View reviewed changes

Comment thread .gitignore

.scannerwork/

.coverage/

.golangci-bin/

vendor

Copy link
Copy Markdown

Contributor

yanjunz97 May 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this required?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add IPv6 support for IPBlocksInfo CRD#1422

Add IPv6 support for IPBlocksInfo CRD#1422
wenqiq wants to merge 2 commits into
vmware-tanzu:mainfrom
wenqiq:topic/wenqi/IPBlocksInfo-IPv6

wenqiq commented May 2, 2026 •

edited

Loading

Uh oh!

codecov-commenter commented May 7, 2026 •

edited

Loading

Uh oh!

dantingl left a comment

Uh oh!

Uh oh!

Uh oh!

yanjunz97 commented May 15, 2026

Uh oh!

yanjunz97 left a comment

Uh oh!

yanjunz97 May 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

wenqiq commented May 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov-commenter commented May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

dantingl left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

yanjunz97 commented May 15, 2026

Uh oh!

yanjunz97 left a comment

Choose a reason for hiding this comment

Uh oh!

yanjunz97 May 19, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

wenqiq commented May 2, 2026 •

edited

Loading

codecov-commenter commented May 7, 2026 •

edited

Loading