This is an alternative way of doing the subnet configs, that leverages something existing: network policies IPBlocks. That makes the configuration of subnet labels much easier.

As application owners are likely already writting network policies that allow traffic to external workloads via IPBlocks, netobserv can leverage this information to fill in the subnet configs, so the users have almost nothing to do.

How it would work, basically:

• elligible network policies should have a label such as: "netobserv.io/label-ipblocks: my-database"
• netobserv fetches all policies having that label. For each:
  • a subnet label config is added with the value of "netobserv.io/label-ipblocks" as the name, and the list of CIDRs is the list of all IP blocks listed in the network policy.