Enhancement: support wildcards in k8s.v1.cni.cncf.io/policy-for

[fpoirotte]

Hi,

In my use case, I have a lot of NetworkAttachmentDefinition objets (named net1, net2, and so on).
It is tedious very tedious to list each object the policy applies to in the annotation.
Instead, I would like to be able to write something like:

apiVersion: k8s.cni.cncf.io/v1beta1
kind: MultiNetworkPolicy
metadata:
  name: default-deny
  namespace: mysubnet
  annotations:
    k8s.v1.cni.cncf.io/policy-for: net*
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

and have the policy apply to every NetworkAttachmentDefinition matching the given pattern.

In case this is too complex to implement, would it be possible to match NetworkAttachmentDefinition objects using labels instead of their name? (similar to what's done in NetworkPolicy to match namespaces using spec.ingress[].from[].namespaceSelector.matchLabels)

[s1061123]

Sorry for reply @fpoirotte . Thank you so much for the issue.

Hmm... That could be a idea. Currently MultiNetworkPolicy is still in development (as version 'v1beta1'), so it could be an idea for next version. Let me think about it more.