Set DSCP for host endpoints#10825
Merged
mazdakn merged 34 commits intoprojectcalico:masterfrom Aug 21, 2025
Merged
Conversation
mazdakn
added
release-note-required
3 tasks
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR implements DSCP (Differentiated Services Code Point) support for host endpoints, building upon the previous work for workload endpoints. It adds the ability to set DSCP values on traffic from host endpoints for quality of service (QoS) marking.
Key changes:
- Add DSCP field to QoSControls model structures and protobuf definitions
- Implement QoS policy chain rendering and management for iptables/nftables
- Add support for DSCP annotations in Kubernetes backend conversion
- Create comprehensive tests for QoS policy functionality
Reviewed Changes
Copilot reviewed 30 out of 30 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| libcalico-go/lib/backend/model/hostendpoint.go | Adds QoSControls pointer field to HostEndpoint struct |
| libcalico-go/lib/backend/k8s/conversion/workload_endpoint_default.go | Updates copyright and adds DSCP annotation handling logic |
| libcalico-go/lib/backend/k8s/conversion/constants.go | Updates copyright and adds AnnotationQoSEgressDSCP constant |
| libcalico-go/lib/apis/v3/zz_generated.deepcopy.go | Updates generated deepcopy methods for DSCP field |
| libcalico-go/lib/apis/v3/workloadendpoint.go | Updates copyright and adds DSCP field to QoSControls struct |
| libcalico-go/lib/apis/v3/generated.openapi.go | Adds DSCP field to OpenAPI schema |
| felix/rules/static_test.go | Adds test expectations for QoS policy chain jump rules |
| felix/rules/static.go | Implements QoS policy chain jump logic in mangle table |
| felix/rules/rule_defs.go | Adds QoS policy chain constant and interface method |
| felix/rules/qos_test.go | New comprehensive test file for QoS policy chain rendering |
| felix/rules/qos.go | New implementation file for QoS policy chain rendering |
| felix/rules/nat.go | Updates copyright and renames IPSet constant for consistency |
| felix/proto/felixbackend.proto | Adds QoSPolicy message and fields to endpoint messages |
| felix/proto/felixbackend.pb.go | Generated protobuf code with QoSPolicy support |
| felix/nftables/actions_test.go | Adds test cases for DSCPAction in nftables |
| felix/nftables/actions.go | Implements DSCPAction for nftables dataplane |
| felix/iptables/actions_test.go | Adds test cases for DSCPAction in iptables |
| felix/iptables/actions.go | Implements DSCPAction for iptables dataplane |
| felix/generictables/actions.go | Adds DSCP method to ActionFactory interface |
| felix/fv/qos_policy_test.go | New comprehensive functional test for QoS policies |
| felix/fv/infrastructure/infra_k8s.go | Updates pod annotations for DSCP QoS controls |
| felix/dataplane/linux/qos_policy_mgr_test.go | New unit tests for QoS policy manager |
| felix/dataplane/linux/qos_policy_mgr.go | New QoS policy manager implementation |
| felix/dataplane/linux/masq_mgr.go | Updates IPSet ID constant for consistency |
| felix/dataplane/linux/int_dataplane.go | Registers QoS policy managers for IPv4/IPv6 |
| felix/calc/event_sequencer_test.go | Adds DSCP test data and copyright update |
| felix/calc/event_sequencer.go | Converts DSCP from model to protobuf format |
| api/pkg/openapi/generated.openapi.go | Adds DSCP type to OpenAPI definitions |
| api/pkg/lib/numorstring/numorstring_test.go | Adds comprehensive DSCP validation tests |
| api/pkg/lib/numorstring/dscp.go | New DSCP type implementation with validation |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
3 tasks
mazdakn
commented
Aug 21, 2025
libcalico-go/lib/backend/syncersv1/updateprocessors/hostendpointprocessor.go
Outdated
Show resolved
Hide resolved
caseydavenport
added
docs-not-required
marvin-tigera
removed
release-note-required
caseydavenport
approved these changes
Aug 21, 2025
3 tasks
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Setting DSCP for host endpoint. This is a follow up for the first PR: #10718
Related issues/PRs
Todos
Release Note
Reminder for the reviewer
Make sure that this PR has the correct labels and milestone set.
Every PR needs one
docs-*label.docs-pr-required: This change requires a change to the documentation that has not been completed yet.docs-completed: This change has all necessary documentation completed.docs-not-required: This change has no user-facing impact and requires no docs.Every PR needs one
release-note-*label.release-note-required: This PR has user-facing changes. Most PRs should have this label.release-note-not-required: This PR has no user-facing changes.Other optional labels:
cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.