[DISCUSSION] add a name or description to a NetworkPolicy rule

[jianjuns]

I want to add an name or description string to a single NetworkPolicy rule in the NetworkPolicy spec, which helps me to remember the rule, and also helps visualization and analytics of NetworkPolicy rules from an external console or policy/traffic analyzer.

A readable string can help users to remember and understand the rules, and can also be used to identify a rule in the exported policy metrics and network flows (when the NetworkPolicy and rule information is appended to the metrics or flow records).

@McCodeman @abhiraut

[jayunit100]

So you could always make an annotation on the object right? :)

Lets discuss further in this thread if you think annotations aren't good enough for this use case

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  annotations:
    casey: calico
    jayunit100: everything
    jiunjen: antrea
spec:
  ingress:
  - {}
  podSelector:
    matchLabels:
      unique: "8"
  policyTypes:
  - Ingress

[jianjuns]

I meant a single rule, but not the whole NetworkPolicy, something like this:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  spec:
    ingress:
      - name: allow-172.17-block
      from:
        ipBlock:
          cidr: 172.17.0.0/16
      - name: allow-frontend
      from:
        podSelector:
          matchLabels:
            role: frontend
    podSelector:
      matchLabels:
        unique: "8"

It helps when you have a large number of rules (esp. when the rules are with complex source/destination definitions).