Skip to content

Use real VPC path in NSXServiceAccount#1392

Open
Atish-iaf wants to merge 1 commit intovmware-tanzu:mainfrom
Atish-iaf:use-actual-vpcPath-in-nsxsa
Open

Use real VPC path in NSXServiceAccount#1392
Atish-iaf wants to merge 1 commit intovmware-tanzu:mainfrom
Atish-iaf:use-actual-vpcPath-in-nsxsa

Conversation

@Atish-iaf
Copy link
Contributor

@Atish-iaf Atish-iaf commented Mar 17, 2026

Test Summary

New NSXSA gets created with real VPC path.

root@4219039d75da14ad64a1285c70432a24 [ ~ ]# kubectl get nsxserviceaccount -n antrea-test-2 cluster-default-3-antrea -oyaml
apiVersion: nsx.vmware.com/v1alpha1
kind: NSXServiceAccount
metadata:
  creationTimestamp: "2026-03-16T10:27:10Z"
  finalizers:
  - nsxserviceaccount.nsx.vmware.com/finalizer
  generation: 1
  name: cluster-default-3-antrea
  namespace: antrea-test-2
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta2
    kind: Cluster
    name: cluster-default-3
    uid: cef4d5b0-926f-47d7-b8aa-0ec98e06032e
  resourceVersion: "2664921"
  uid: 8f52449e-ea19-4bac-9169-8996f5f08568
spec: {}
status:
  clusterID: cc980a49-366b-4fe0-9b22-4c0f8533f0f7
  clusterName: 65106a70-649c-49c7-a891-32fad66b9e84-antrea-test-2-cluster-default-3-antrea
  conditions:
  - lastTransitionTime: "2026-03-16T10:27:12Z"
    message: Success.
    observedGeneration: 1
    reason: RealizationSuccess
    status: "True"
    type: Realized
  nsxManagers:
  - 10.162.160.211:443
  phase: realized
  proxyEndpoints:
    addresses:
    - ip: 192.168.0.10
    ports:
    - name: rest-api
      port: 10091
      protocol: TCP
    - name: nsx-rpc-fwd-proxy
      port: 10092
      protocol: TCP
  reason: Success
  secrets:
  - name: cluster-default-3-antrea-nsx-cert
    namespace: antrea-test-2
  vpcPath: /orgs/default/projects/project-quality/vpcs/antrea-test-2_sxv3k

Existing NSXSA's vpcPath doesn't get updated to real VPC path

root@4219039d75da14ad64a1285c70432a24 [ ~ ]# kubectl get nsxserviceaccount -n antrea-test cluster-default-antrea -oyaml
apiVersion: nsx.vmware.com/v1alpha1
kind: NSXServiceAccount
metadata:
  creationTimestamp: "2026-03-15T08:24:33Z"
  finalizers:
  - nsxserviceaccount.nsx.vmware.com/finalizer
  generation: 1
  name: cluster-default-antrea
  namespace: antrea-test
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta2
    kind: Cluster
    name: cluster-default
    uid: bf21c59d-6da3-4517-8681-784658ccfc5f
  resourceVersion: "2662346"
  uid: 5e5f77f6-c271-4ec4-9cca-19303b2c4ce9
spec: {}
status:
  clusterID: b5adb497-1a46-4642-ad93-ddd8ad329430
  clusterName: 65106a70-649c-49c7-a891-32fad66b9e84-antrea-test-cluster-default-antrea
  conditions:
  - lastTransitionTime: "2026-03-15T08:24:38Z"
    message: Success.
    observedGeneration: 1
    reason: RealizationSuccess
    status: "True"
    type: Realized
  nsxManagers:
  - 10.162.160.211:443
  phase: realized
  proxyEndpoints:
    addresses:
    - ip: 192.168.0.10
    ports:
    - name: rest-api
      port: 10091
      protocol: TCP
    - name: nsx-rpc-fwd-proxy
      port: 10092
      protocol: TCP
  reason: Success
  secrets:
  - name: cluster-default-antrea-nsx-cert
    namespace: antrea-test
  vpcPath: /orgs/default/projects/65106a70-649c-49c7-a891-32fad66b9e84/vpcs/antrea-test-default-vpc

Also verified in NSX UI System->Setting->User Management->User Role Assignment that Roles have 1 VPC associated for new VKS cluster(created after applying this patch) and 0 VPC associated with old existing VKS cluster.

@zhengxiexie
Copy link
Contributor

zhengxiexie commented Mar 17, 2026

Can one of the admins verify this patch?

@codecov-commenter
Copy link

codecov-commenter commented Mar 17, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 94.11765% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 76.75%. Comparing base (c3a71ec) to head (f166db4).

Files with missing lines Patch % Lines
cmd/main.go 0.00% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1392      +/-   ##
==========================================
- Coverage   76.75%   76.75%   -0.01%     
==========================================
  Files         151      151              
  Lines       21308    21316       +8     
==========================================
+ Hits        16356    16362       +6     
- Misses       3783     3784       +1     
- Partials     1169     1170       +1
Flag Coverage Δ
unit-tests 76.75% <94.11%> (-0.01%) ⬇️
Files with missing lines Coverage Δ
pkg/clean/clean.go 87.82% <100.00%> (ø)
.../nsxserviceaccount/nsxserviceaccount_controller.go 66.51% <100.00%> (ø)
pkg/nsx/services/nsxserviceaccount/cluster.go 80.95% <100.00%> (+0.33%) ⬆️
cmd/main.go 0.00% <0.00%> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Atish-iaf
Use real VPC path in NSXServiceAccount
f166db4 
Signed-off-by: Kumar Atish <kumar.atish@broadcom.com>
@Atish-iaf Atish-iaf force-pushed the use-actual-vpcPath-in-nsxsa branch from f234d65 to f166db4 Compare March 18, 2026 06:00
@Atish-iaf Atish-iaf marked this pull request as ready for review March 18, 2026 06:01
@Atish-iaf
Copy link
Contributor Author

Atish-iaf commented Mar 18, 2026

Hi @edwardbadboy @liu4480
Could you please help to review this patch ?
Thanks!

liu4480
liu4480 reviewed Mar 18, 2026
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@liu4480 liu4480 liu4480 approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Atish-iaf @zhengxiexie @codecov-commenter @liu4480