From 64b17a176aaaf6bcada4ce101192e877200977da Mon Sep 17 00:00:00 2001 From: Krunal Hingu Date: Wed, 12 Nov 2025 11:12:09 +0530 Subject: [PATCH 1/3] update doc for pni in gke --- .../gke-cluster-configuration.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md index 43258e491c4c..0d42222d816d 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md @@ -63,7 +63,16 @@ Enable network policy enforcement on the cluster. A network policy defines the l _Mutable: yes_ -choose whether to enable or disable inter-project communication. Note that enabling Project Network Isolation will automatically enable Network Policy and Network Policy Config, but not vice versa. +choose whether to enable or disable inter-project communication. + +:::note + +For **imported GKE clusters**, Project Network Isolation (PNI) requires Kubernetes Network Policy to be enabled on the cluster beforehand. +- Rancher will enable Network Policy automatically when creating clusters in Rancher (downstream), so this step is only needed for imported clusters. +- In GKE, enable network policy (Calico) on **both master and worker nodes**: **Networking → Network security and observability → Enable Calico Kubernetes Network Policy**. +- After enabling, import the cluster into Rancher and enable PNI for project-level isolation. + +::: ### Node Ipv4 CIDR Block From a9158f4f0d9d85a783f3d3065d6b998e8ff33018 Mon Sep 17 00:00:00 2001 From: Krunal Hingu Date: Wed, 19 Nov 2025 10:54:39 +0530 Subject: [PATCH 2/3] Update GKE Cluster Configuration for Project Network Isolation instructions --- .../gke-cluster-configuration.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md index 0d42222d816d..f5c6016d5ad3 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md @@ -63,16 +63,15 @@ Enable network policy enforcement on the cluster. A network policy defines the l _Mutable: yes_ -choose whether to enable or disable inter-project communication. +Choose whether to enable or disable inter-project communication. -:::note +#### Imported Clusters -For **imported GKE clusters**, Project Network Isolation (PNI) requires Kubernetes Network Policy to be enabled on the cluster beforehand. -- Rancher will enable Network Policy automatically when creating clusters in Rancher (downstream), so this step is only needed for imported clusters. -- In GKE, enable network policy (Calico) on **both master and worker nodes**: **Networking → Network security and observability → Enable Calico Kubernetes Network Policy**. -- After enabling, import the cluster into Rancher and enable PNI for project-level isolation. +For imported clusters, Project Network Isolation (PNI) requires Kubernetes Network Policy to be enabled on the cluster beforehand. +For clusters created by Rancher, Rancher enables Kubernetes Network Policy automatically. -::: +1. In GKE, enable Network Policy at the cluster level. (Refer to the official GKE guide)[https://cloud.google.com/kubernetes-engine/docs/how-to/network-policy] +2. After enabling Network Policy, import the cluster into Rancher and enable PNI for project-level isolation. ### Node Ipv4 CIDR Block From b7e24258c35666882289c3e400fa43b6c3bbfb0e Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Wed, 19 Nov 2025 14:48:05 -0800 Subject: [PATCH 3/3] Fix link and port to 2.13 --- .../gke-cluster-configuration.md | 6 +++--- .../gke-cluster-configuration.md | 10 +++++++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md index f5c6016d5ad3..a604d75ef3d4 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md @@ -67,11 +67,11 @@ Choose whether to enable or disable inter-project communication. #### Imported Clusters -For imported clusters, Project Network Isolation (PNI) requires Kubernetes Network Policy to be enabled on the cluster beforehand. +For imported clusters, Project Network Isolation (PNI) requires Kubernetes Network Policy to be enabled on the cluster beforehand. For clusters created by Rancher, Rancher enables Kubernetes Network Policy automatically. -1. In GKE, enable Network Policy at the cluster level. (Refer to the official GKE guide)[https://cloud.google.com/kubernetes-engine/docs/how-to/network-policy] -2. After enabling Network Policy, import the cluster into Rancher and enable PNI for project-level isolation. +1. In GKE, enable Network Policy at the cluster level. Refer to the [official GKE guide](https://cloud.google.com/kubernetes-engine/docs/how-to/network-policy) for instructions. +1. After enabling Network Policy, import the cluster into Rancher and enable PNI for project-level isolation. ### Node Ipv4 CIDR Block diff --git a/versioned_docs/version-2.13/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md b/versioned_docs/version-2.13/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md index 43258e491c4c..a604d75ef3d4 100644 --- a/versioned_docs/version-2.13/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md +++ b/versioned_docs/version-2.13/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md @@ -63,7 +63,15 @@ Enable network policy enforcement on the cluster. A network policy defines the l _Mutable: yes_ -choose whether to enable or disable inter-project communication. Note that enabling Project Network Isolation will automatically enable Network Policy and Network Policy Config, but not vice versa. +Choose whether to enable or disable inter-project communication. + +#### Imported Clusters + +For imported clusters, Project Network Isolation (PNI) requires Kubernetes Network Policy to be enabled on the cluster beforehand. +For clusters created by Rancher, Rancher enables Kubernetes Network Policy automatically. + +1. In GKE, enable Network Policy at the cluster level. Refer to the [official GKE guide](https://cloud.google.com/kubernetes-engine/docs/how-to/network-policy) for instructions. +1. After enabling Network Policy, import the cluster into Rancher and enable PNI for project-level isolation. ### Node Ipv4 CIDR Block