Support SubnetIPReservations with reservedIPs

[yanjunz97]

This PR

• adds a new field reservedIPs to SubnetIPReservation CRD, and supported with NSX Subnet StaticIPReservation
• supports backup/restore for SubnetIPReservation

Testing done:

• Created a SubnetIPReservation CR with single IP, IP ranges and IP CIDRs in reservedIPs, observed the NSX Subnet StaticIPReservation is realized and CR status is updated

kubectl get subnetipreservation -n ns-1 subnet-ipr-2 -o yaml
apiVersion: crd.nsx.vmware.com/v1alpha1
kind: SubnetIPReservation
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"crd.nsx.vmware.com/v1alpha1","kind":"SubnetIPReservation","metadata":{"annotations":{},"name":"subnet-ipr-2","namespace":"ns-1"},"spec":{"reservedIPs":["192.168.0.38","192.168.0.39-192.168.0.41","192.168.0.42/31"],"subnet":"subnet-1"}}
  creationTimestamp: "2026-03-17T04:24:46Z"
  generation: 2
  name: subnet-ipr-2
  namespace: ns-1
  resourceVersion: "3272641"
  uid: 3da62e70-e10c-4990-a09d-a9934c1d99d7
spec:
  reservedIPs:
  - 192.168.0.38
  - 192.168.0.39-192.168.0.41
  - 192.168.0.42/31
  subnet: subnet-1
status:
  conditions:
  - lastTransitionTime: "2026-03-17T04:24:47Z"
    message: NSX SubnetIPReservation has been successfully created/updated
    reason: SubnetIPReservationReady
    status: "True"
    type: Ready
  ips:
  - 192.168.0.38
  - 192.168.0.39-192.168.0.41
  - 192.168.0.42/31

• Updated the SubnetIPReservation by changing reservedIPs also works

apiVersion: crd.nsx.vmware.com/v1alpha1
kind: SubnetIPReservation
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"crd.nsx.vmware.com/v1alpha1","kind":"SubnetIPReservation","metadata":{"annotations":{},"name":"subnet-ipr-2","namespace":"ns-1"},"spec":{"reservedIPs":["192.168.0.38","192.168.0.39","192.168.0.42/31"],"subnet":"subnet-1"}}
  creationTimestamp: "2026-03-17T04:24:46Z"
  generation: 3
  name: subnet-ipr-2
  namespace: ns-1
  resourceVersion: "3273091"
  uid: 3da62e70-e10c-4990-a09d-a9934c1d99d7
spec:
  reservedIPs:
  - 192.168.0.38
  - 192.168.0.39
  - 192.168.0.42/31
  subnet: subnet-1
status:
  conditions:
  - lastTransitionTime: "2026-03-17T04:24:47Z"
    message: NSX SubnetIPReservation has been successfully created/updated
    reason: SubnetIPReservationReady
    status: "True"
    type: Ready
  ips:
  - 192.168.0.38
  - 192.168.0.39
  - 192.168.0.42/31

• Changed reservedIPs to numberOfIPs will be block

apiVersion: crd.nsx.vmware.com/v1alpha1
kind: SubnetIPReservation
metadata:
  name: subnet-ipr-2
spec:
  numberOfIPs: 3
  subnet: subnet-1

kubectl apply -f ipreservation.yaml -n ns-1
The SubnetIPReservation "subnet-ipr-2" is invalid: spec: Invalid value: "object": reservedIPs cannot be unset once set

• Created a SubnetIPReservation CR with both numberOfIP and reservedIPs will be blocked

The SubnetIPReservation "subnet-ipr-2" is invalid: spec: Invalid value: "object": Only one of numberOfIPs or reservedIPs can be specified

• Created a SubnetIPReservation CR without numberOfIP and reservedIPs will be blocked

The SubnetIPReservation "subnet-ipr-3" is invalid: spec: Invalid value: "object": One of numberOfIPs or reservedIPs must be specified

• Backup/Restore case: created a SubnetIPReservation with numberOfIPs and another with reservedIPs

kubectl get subnetipreservation -n ns-1                     
NAME           SUBNET     NUMBEROFIPS   IPS
subnet-ipr-1   subnet-1   3             192.168.0.35-192.168.0.37
subnet-ipr-2   subnet-1                 192.168.0.38

Stopped ncp, deleted the Subnet Dynamic/Static IPReservation from NSX side, forced ncp to restore mode, observed both SubnetIPReservations are restored with NSX Subnet Static IPReservation.

• cleanup case: created 2 SubnetIPReservations with reservedIPs, ran cleanup command and observed the StaticIpAddressReservation is deleted on NSX and cleanup is successfully.

2026-03-31 06:19:37.000 INFO policy_tree.go:557 Successfully deleted resource resourceID=subnet-ipr-2_fzgr9 resourceName=subnet-ipr-2 resourceType=StaticIpAddressReservation
2026-03-31 06:19:37.000 INFO policy_tree.go:557 Successfully deleted resource resourceID=subnet-ipr-3_fzgr9 resourceName=subnet-ipr-3 resourceType=StaticIpAddressReservation
2026-03-31 06:19:37.000 INFO policy_tree.go:668 Batch deletion succeeded batch=1/1 batchResourceCount=2 cumulativeSuccess=2 resourceType=StaticIpAddressReservation
2026-03-31 06:19:37.000 INFO policy_tree.go:680 Batch deletion completed failedCount=0 resourceType=StaticIpAddressReservation successCount=2 totalResources=2
2026-03-31 06:19:37.000 INFO cleanup.go:66 Successfully cleaned up Subnet StaticIPReservation count=2 status=success
...
2026-03-31 06:19:59.000 INFO main.go:86 Cleanup NSX resources successfully

[codecov-commenter]

Codecov Report

❌ Patch coverage is 71.76080% with 85 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.64%. Comparing base (6f7ddad) to head (1334238).

Files with missing lines	Patch %	Lines
...ervices/subnetipreservation/subnetipreservation.go	54.71%	19 Missing and 29 partials ⚠️
pkg/nsx/services/common/wrap.go	0.00%	11 Missing ⚠️
pkg/nsx/services/subnetipreservation/cleanup.go	68.75%	7 Missing and 3 partials ⚠️
pkg/nsx/services/subnetipreservation/store.go	89.04%	6 Missing and 2 partials ⚠️
...netipreservation/subnetipreservation_controller.go	91.66%	1 Missing and 2 partials ⚠️
pkg/nsx/cluster.go	0.00%	3 Missing ⚠️
pkg/nsx/services/common/policy_tree.go	75.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1395      +/-   ##
==========================================
- Coverage   76.77%   76.64%   -0.13%     
==========================================
  Files         151      152       +1     
  Lines       21315    21560     +245     
==========================================
+ Hits        16364    16525     +161     
- Misses       3782     3824      +42     
- Partials     1169     1211      +42     

Flag	Coverage Δ
unit-tests	76.64% <71.76%> (-0.13%)	⬇️

Files with missing lines	Coverage Δ
pkg/nsx/client.go	94.09% <100.00%> (+0.05%)	⬆️
pkg/nsx/services/common/types.go	100.00% <ø> (ø)
pkg/nsx/services/subnetipreservation/builder.go	100.00% <100.00%> (ø)
pkg/nsx/services/subnetipreservation/compare.go	100.00% <100.00%> (ø)
pkg/nsx/services/common/policy_tree.go	86.23% <75.00%> (-0.22%)	⬇️
...netipreservation/subnetipreservation_controller.go	76.09% <91.66%> (+3.28%)	⬆️
pkg/nsx/cluster.go	58.52% <0.00%> (-0.51%)	⬇️
pkg/nsx/services/subnetipreservation/store.go	85.29% <89.04%> (+3.96%)	⬆️
pkg/nsx/services/subnetipreservation/cleanup.go	68.18% <68.75%> (-1.82%)	⬇️
pkg/nsx/services/common/wrap.go	75.51% <0.00%> (-3.55%)	⬇️
... and 1 more

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[TaoZou1]

Hi，
Did you run the cleanup? if yes, could you add it to the test done?
One question,
There is value checking for NumberOfIPs, should operator check the ReservedIPs limit or by checked by NSX?
what if both ReservedIPs and NumberOfIPs are empty?

[yanjunz97]

Hi， Did you run the cleanup? if yes, could you add it to the test done? One question, There is value checking for NumberOfIPs, should operator check the ReservedIPs limit or by checked by NSX? what if both ReservedIPs and NumberOfIPs are empty?

Cleanup case added, thanks!
NSX only mentions ReservedIPs min length is 1 in API. Add this restriction on our crd definition accordingly.
If both ReservedIPs and NumberOfIPs are empty, it should be rejected, added the case in testing done.