Add IPv6 support for IPBlocksInfo CRD by wenqiq · Pull Request #1422 · vmware-tanzu/nsx-operator

wenqiq · 2026-05-02T16:51:17Z

Support VpcConnectivityProfile.Ipv6Blocks in IPBlocksInfo sync

Include paths from VpcConnectivityProfile.Ipv6Blocks into the same
externalIPBlockPaths set as ExternalIpBlocks during IPBlocksInfo
reconciliation. This ensures that external IPv6 IP blocks assigned
to a VPC connectivity profile have their CIDRs and IP ranges
surfaced in the IPBlocksInfo CR (ExternalIPCIDRs / ExternalIPRanges)
without requiring any CRD schema change.

TestDone：

1.Enable VpcIpv6 FSS, Restart proton service.Replace manager, Restart the Operator

service proton restart

2.Create an IPv6 IPBlock (at the global /infra level)

curl -sk -u "${NSX_USER}:${NSX_PASS}" \
  -X PUT \
  -H "Content-Type: application/json" \
  "${NSX_MANAGER}/policy/api/v1/infra/ip-blocks/test-ipv6-block-1" \
  -d '{
    "display_name": "test-ipv6-block-1",
    "cidrs": ["2001:db8::/32"],
    "ip_address_type": "IPV6",
    "visibility": "EXTERNAL"
  }'

3.Create a VPC Connectivity Profile

TGW_PATH="<transit_gateway_path from Step 2>"
EXT_BLOCKS='["<existing external ip block path>"]'  

curl -k -u "${NSX_USER}:${NSX_PASS}" \
  -X PUT \
  -H "Content-Type: application/json" \
  "${NSX_MANAGER}/policy/api/v1/orgs/${ORG}/projects/${PROJECT}/vpc-connectivity-profiles/test-profile-ipv6" \
  -d "{
    \"display_name\": \"test-profile-ipv6\",
    \"transit_gateway_path\": \"${TGW_PATH}\",
    \"external_ip_blocks\": ${EXT_BLOCKS},
    \"ipv6_blocks\": [\"/infra/ip-blocks/test-ipv6-block-1\"]
  }"

Retrieve the default VPC Connectivity Profile details

Create VPC and Attachment

curl -k -u "${NSX_USER}:${NSX_PASS}" \
  -X PUT \
  -H "Content-Type: application/json" \
  "${NSX_MANAGER}/policy/api/v1/orgs/${ORG}/projects/${PROJECT}/vpcs/test-vpc-ipv6" \
  -d '{"display_name": "test-vpc-ipv6"}'

curl -k -u "${NSX_USER}:${NSX_PASS}" \
  -X PUT \
  -H "Content-Type: application/json" \
  "${NSX_MANAGER}/policy/api/v1/orgs/${ORG}/projects/${PROJECT}/vpcs/test-vpc-ipv6/attachments/default" \
  -d "{
    \"display_name\": \"default\",
    \"vpc_connectivity_profile\": \"/orgs/${ORG}/projects/${PROJECT}/vpc-connectivity-profiles/test-profile-ipv6\"
  }"

5.Create VPCNetworkConfiguration

kubectl apply -f - <<EOF
apiVersion: crd.nsx.vmware.com/v1alpha1
kind: VPCNetworkConfiguration
metadata:
  name: test-vpc-config-ipv6
spec:
  nsxProject: "/orgs/${ORG}/projects/${PROJECT}"
  vpc: "test-vpc-ipv6"
EOF

Verify IPBlocksInfo update

codecov-commenter · 2026-05-07T03:41:59Z

Codecov Report

❌ Patch coverage is 80.95238% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.94%. Comparing base (ff79596) to head (2a4b2db).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/nsx/services/ipblocksinfo/ipblocksinfo.go	80.00%	0 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1422      +/-   ##
==========================================
- Coverage   77.02%   76.94%   -0.09%     
==========================================
  Files         156      156              
  Lines       22048    22061      +13     
==========================================
- Hits        16983    16974       -9     
+ Misses       3859     3858       -1     
- Partials     1206     1229      +23

Flag	Coverage Δ
unit-tests	`76.94% <80.95%> (-0.09%)`	⬇️

Files with missing lines	Coverage Δ
pkg/nsx/services/nsxserviceaccount/cluster.go	`80.61% <100.00%> (ø)`
pkg/nsx/services/ipblocksinfo/ipblocksinfo.go	`77.19% <80.00%> (-7.74%)`	⬇️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

dantingl

Can you also add test done in commit message?

yanjunz97 · 2026-05-15T02:37:04Z

I notice one more change will need for this PR

nsx-operator/pkg/nsx/services/ipblocksinfo/ipblocksinfo.go

Lines 261 to 270 in 6ae0434

    
           switch *subnet.AccessMode { 
        
           case model.VpcSubnet_ACCESS_MODE_PUBLIC: 
        
           	externalIPCIDRs = append(externalIPCIDRs, subnet.IpAddresses...) 
        
           case model.VpcSubnet_ACCESS_MODE_PRIVATE_TGW: 
        
           	project := fmt.Sprintf("/orgs/%s/projects/%s", vpcInfo.OrgID, vpcInfo.ProjectID) 
        
           	if project == s.defaultProject { 
        
           		privateTGWIPCIDRs = append(privateTGWIPCIDRs, subnet.IpAddresses...) 
        
           	} 
        
           }

Here we add Subnet cidr with privatetgw/public access mode to ipblocksinfo.
IPv6 cidrs are all public and has no access mode. So the logic here shall be updated to
loop the Subnet cidrs,

for ipv4, we keep this check for access mode
for ipv6 cidr, we shall append it to externalIPCIDRs

Support VpcConnectivityProfile.Ipv6Blocks in IPBlocksInfo sync Include paths from VpcConnectivityProfile.Ipv6Blocks into the same externalIPBlockPaths set as ExternalIpBlocks during IPBlocksInfo reconciliation. This ensures that external IPv6 IP blocks assigned to a VPC connectivity profile have their CIDRs and IP ranges surfaced in the IPBlocksInfo CR (ExternalIPCIDRs / ExternalIPRanges) without requiring any CRD schema change. Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

yanjunz97

LGTM, just a nit

Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

poojav25 · 2026-05-21T07:08:11Z

LGTM

Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

yanjunz97

LGTM

Upstream landed two commits since the branch point (ff79596): - 214f2a5 Sync defaultIPv6PrefixLength from VPCNetworkConfiguration to Subnet(Set) (vmware-tanzu#1417) - 33a3e95 Add IPv6 support for IPBlocksInfo CRD (vmware-tanzu#1422) Both upstream commits bumped nsxt and nsxt-mp to v0.0.0-20260506074423. Our branch had already bumped nsxt to v0.12.1-0.20260517061842-508c01aec2fc (May 17, newer) to get IpAddressType/Ipv6AllocationPrefixLength model fields required for this PR. Resolution: - nsxt: keep our v0.12.1-0.20260517061842-508c01aec2fc (newer, required for IPv6) - nsxt-mp: take upstream's v0.0.0-20260506074423-13747423203f (we had old March version) Co-authored-by: Cursor <cursoragent@cursor.com>

wenqiq marked this pull request as ready for review May 7, 2026 02:57

wenqiq changed the title ~~[WIP]Add IPv6 support for IPBlocksInfo CRD~~ Add IPv6 support for IPBlocksInfo CRD May 10, 2026

wenqiq requested review from TaoZou1 and yanjunz97 May 10, 2026 18:13

wenqiq force-pushed the topic/wenqi/IPBlocksInfo-IPv6 branch from b90dc50 to 3409afc Compare May 10, 2026 18:45

dantingl reviewed May 11, 2026

View reviewed changes

Comment thread pkg/nsx/services/ipblocksinfo/ipblocksinfo.go

Comment thread pkg/nsx/services/ipblocksinfo/ipblocksinfo.go Outdated

wenqiq force-pushed the topic/wenqi/IPBlocksInfo-IPv6 branch 4 times, most recently from 00eb219 to 4dcde75 Compare May 14, 2026 19:05

wenqiq added 2 commits May 17, 2026 01:27

update

a590014

Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

wenqiq force-pushed the topic/wenqi/IPBlocksInfo-IPv6 branch from 4dcde75 to a590014 Compare May 16, 2026 17:31

yanjunz97 previously approved these changes May 19, 2026

View reviewed changes

Comment thread .gitignore Outdated

update

a732e1d

Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

wenqiq dismissed yanjunz97’s stale review via a732e1d May 20, 2026 07:17

poojav25 reviewed May 21, 2026

View reviewed changes

Comment thread pkg/nsx/services/ipblocksinfo/ipblocksinfo.go

update

2a4b2db

Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>

yanjunz97 approved these changes May 21, 2026

View reviewed changes

poojav25 approved these changes May 21, 2026

View reviewed changes

wenqiq merged commit 33a3e95 into vmware-tanzu:main May 21, 2026
2 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add IPv6 support for IPBlocksInfo CRD#1422

Add IPv6 support for IPBlocksInfo CRD#1422
wenqiq merged 4 commits into
vmware-tanzu:mainfrom
wenqiq:topic/wenqi/IPBlocksInfo-IPv6

wenqiq commented May 2, 2026 •

edited

Loading

Uh oh!

codecov-commenter commented May 7, 2026 •

edited

Loading

Uh oh!

dantingl left a comment

Uh oh!

Uh oh!

Uh oh!

yanjunz97 commented May 15, 2026

Uh oh!

yanjunz97 left a comment

Uh oh!

Uh oh!

Uh oh!

poojav25 commented May 21, 2026

Uh oh!

yanjunz97 left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

wenqiq commented May 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov-commenter commented May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

dantingl left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

yanjunz97 commented May 15, 2026

Uh oh!

yanjunz97 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

poojav25 commented May 21, 2026

Uh oh!

yanjunz97 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

wenqiq commented May 2, 2026 •

edited

Loading

codecov-commenter commented May 7, 2026 •

edited

Loading