Skip to content

Project Network Isolation not available for downstream cluster in GUI #10620

Open
@caduceus4

Description

@caduceus4

Rancher Server Setup

  • Rancher version: 2.7.3
  • Installation option (Docker install/Helm Chart):Helm chart for rancher gui, rpm for k3s

Information about the Cluster

  • Kubernetes version: 1.25.7
  • Cluster Type (Local/Downstream): Downstream/imported

User Information

  • What is the role of the user logged in? Admin

Describe the bug
I
have rancher 2.7.3 with an rke cluster running kubernetes 1.25.7 as the storage for downstream/imported clusters
The imported/downstream cluster is rke2, 1.25.7

I want to enable PNI, project Network Isolation.

There is no option to do so in the GUI when I edit the cluster config. If I use the downstream cluster kubeconfig, and do:

kubectl edit cluster.management.cattle.io/local

I can change enableNetworkPolicy to true and save it, but the 'hn' network policies are never added. it appears this particular resource is not really used.

What I had to do was view the cluster yaml in the gui. The yaml has a name not (apparently) used elsewhere, for me it was something
like:

name: c-m-2kcjjxdd

Then, using a kubeconfig file from the primary cluster:

kubectl edit cluster.management.cattle.io/c-m-2kcjjxdd

and set enableNetworkPolicy to true and save it. The 'hn' network policies for PNI were then added shortly thereafter

Expected Result

PNI should be available when editing a downstream cluster in the rancher gui

Metadata

Metadata

Assignees

No one assigned

    Labels

    QA/dev-automationIssues that engineers have written automation around so QA doesn't have look at thiskind/bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions