Open jianjuns opened 3 years ago
jayunit100
commented
3 years ago So you could always make an annotation on the object right? :)
Lets discuss further in this thread if you think annotations aren't good enough for this use case
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
annotations:
casey: calico
jayunit100: everything
jiunjen: antrea
spec:
ingress:
- {}
podSelector:
matchLabels:
unique: "8"
policyTypes:
- Ingress
jianjuns
commented
3 years ago I meant a single rule, but not the whole NetworkPolicy, something like this:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
spec:
ingress:
- name: allow-172.17-block
from:
ipBlock:
cidr: 172.17.0.0/16
- name: allow-frontend
from:
podSelector:
matchLabels:
role: frontend
podSelector:
matchLabels:
unique: "8"It helps when you have a large number of rules (esp. when the rules are with complex source/destination definitions).
I want to add an name or description string to a single NetworkPolicy rule in the NetworkPolicy spec, which helps me to remember the rule, and also helps visualization and analytics of NetworkPolicy rules from an external console or policy/traffic analyzer.
A readable string can help users to remember and understand the rules, and can also be used to identify a rule in the exported policy metrics and network flows (when the NetworkPolicy and rule information is appended to the metrics or flow records).
@McCodeman @abhiraut