Description
Rancher Server Setup
- Rancher version: 2.7.3
- Installation option (Docker install/Helm Chart):Helm chart for rancher gui, rpm for k3s
Information about the Cluster
- Kubernetes version: 1.25.7
- Cluster Type (Local/Downstream): Downstream/imported
User Information
- What is the role of the user logged in? Admin
Describe the bug
I
have rancher 2.7.3 with an rke cluster running kubernetes 1.25.7 as the storage for downstream/imported clusters
The imported/downstream cluster is rke2, 1.25.7
I want to enable PNI, project Network Isolation.
There is no option to do so in the GUI when I edit the cluster config. If I use the downstream cluster kubeconfig, and do:
kubectl edit cluster.management.cattle.io/local
I can change enableNetworkPolicy to true and save it, but the 'hn' network policies are never added. it appears this particular resource is not really used.
What I had to do was view the cluster yaml in the gui. The yaml has a name not (apparently) used elsewhere, for me it was something
like:
name: c-m-2kcjjxdd
Then, using a kubeconfig file from the primary cluster:
kubectl edit cluster.management.cattle.io/c-m-2kcjjxdd
and set enableNetworkPolicy to true and save it. The 'hn' network policies for PNI were then added shortly thereafter
Expected Result
PNI should be available when editing a downstream cluster in the rancher gui