NewESFromK8sLabelSelector returns a new endpoint selector from the label where it the given srcPrefix will be encoded in the label's keys.

NewESFromLabels creates a new endpoint selector from the given labels.

NewWildcardEndpointSelector returns a selector that matches on all endpoints.

ParseL4Proto parses a string as layer 4 protocol.

Allowed means that reachability is allowed.

Denied means that reachability is denied.

EntityHost is an entity that represents traffic within endpoint host.

EntityWorld is an entity that represents traffic external to endpoint's cluster.

KafkaMaxTopicVal is the maximum value of supported API Keys in KafkaAPIKeyMap KafkaReverseAPIKeyMap.

KafkaMaxTopicLen is the maximum character len of a topic.

MaxCIDREntries is used to prevent compile failures at runtime.

Undecided means that we have not come to a decision yet.

CIDRMatchAll is a []CIDR that matches everything.

EntitySelectorMapping maps special entity names that come in policies to selectors.

KafkaAPIKeyMap is the map of all allowed kafka API keys with the key values.

KafkaReverseApiKeyMap is the map of all allowed kafka API keys with the key values.

KafkaTopicValidChar is a one-time regex generation of all allowed characters in kafka topic name.

CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.

EgressRule contains all rule types which can be applied at egress, i.e.

EndpointSelector is a wrapper for k8s LabelSelector.

IngressRule contains all rule types which can be applied at ingress, i.e.

K8sServiceNamespace is an abstraction for the k8s service + namespace types.

K8sServiceSelectorNamespace wraps service selector with namespace.

L7Rules is a union of port level rule types.

PortProtocol specifies an L4 port with an optional transport protocol.

PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.

PortRuleHTTP is a list of HTTP protocol constraints.

PortRuleKafka is a list of Kafka protocol constraints.

Rule is a policy rule which must be applied to all endpoints which match the labels contained in the endpointSelector Each rule is split into an ingress section which contains all rules applicable at ingress, and an egress section applicable at egress.

Service wraps around selectors for services.

CIDR specifies a block of IP addresses.

Decision is a reachability policy decision.

EndpointSelectorSlice is a slice of EndpointSelectors that can be sorted.

Entity specifies the class of receiver/sender endpoints that do not have individual identities.

L4Proto is a layer 4 protocol name.

Rules is a collection of api.Rule.

ServiceSelector is a label selector for k8s services.