Project Network Isolation not available for downstream cluster in GUI

[caduceus4]

Rancher Server Setup

• Rancher version: 2.7.3
• Installation option (Docker install/Helm Chart):Helm chart for rancher gui, rpm for k3s

Information about the Cluster

• Kubernetes version: 1.25.7
• Cluster Type (Local/Downstream): Downstream/imported

User Information

• What is the role of the user logged in? Admin

Describe the bug I have rancher 2.7.3 with an rke cluster running kubernetes 1.25.7 as the storage for downstream/imported clusters The imported/downstream cluster is rke2, 1.25.7

I want to enable PNI, project Network Isolation.

There is no option to do so in the GUI when I edit the cluster config. If I use the downstream cluster kubeconfig, and do:

kubectl edit cluster.management.cattle.io/local

I can change enableNetworkPolicy to true and save it, but the 'hn' network policies are never added. it appears this particular resource is not really used.

What I had to do was view the cluster yaml in the gui. The yaml has a name not (apparently) used elsewhere, for me it was something like:

name: c-m-2kcjjxdd

Then, using a kubeconfig file from the primary cluster:

kubectl edit cluster.management.cattle.io/c-m-2kcjjxdd

and set enableNetworkPolicy to true and save it. The 'hn' network policies for PNI were then added shortly thereafter

Expected Result

PNI should be available when editing a downstream cluster in the rancher gui

[skanakal]

It would appear that it's a UI issue...