From 6757d785ff7da3ca6275c0ac44ef5f1ff763cf23 Mon Sep 17 00:00:00 2001
From: Catherine Luse <catherine.luse@gmail.com>
Date: Fri, 16 Apr 2021 14:03:56 -0700
Subject: [PATCH] Genericize mentions of project network isolation to apply to
 multiple RKE network plugins

---
 .../v2.5/en/cluster-admin/editing-clusters/_index.md       | 2 +-
 .../en/cluster-admin/projects-and-namespaces/_index.md     | 7 +------
 .../en/cluster-provisioning/rke-clusters/options/_index.md | 4 ++++
 .../v2.5/en/istio/configuration-reference/_index.md        | 4 ++--
 .../canal-and-project-network/_index.md                    | 6 +++---
 .../v2.5/en/istio/setup/enable-istio-in-cluster/_index.md  | 2 +-
 6 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/content/rancher/v2.5/en/cluster-admin/editing-clusters/_index.md b/content/rancher/v2.5/en/cluster-admin/editing-clusters/_index.md
index 011d4e92b1f..610282c58f8 100644
--- a/content/rancher/v2.5/en/cluster-admin/editing-clusters/_index.md
+++ b/content/rancher/v2.5/en/cluster-admin/editing-clusters/_index.md
@@ -34,7 +34,7 @@ Option | Description |
 ---------|----------|
  Kubernetes Version | The version of Kubernetes installed on each cluster node. For more detail, see [Upgrading Kubernetes]({{<baseurl>}}/rancher/v2.5/en/cluster-admin/upgrading-kubernetes). |
  Network Provider | The \container networking interface (CNI) that powers networking for your cluster.<br/><br/>**Note:** You can only choose this option while provisioning your cluster. It cannot be edited later. |
- Project Network Isolation | If you're using the Canal network provider, you can choose whether to enable or disable inter-project communication. |
+ Project Network Isolation | If your network provider allows project network isolation, you can choose whether to enable or disable inter-project communication. Before Rancher v2.5.8, project network isolation is only available if you are using the Canal network plugin for RKE. In v2.5.8+, project network isolation is available if you are using any RKE network plugin that supports the enforcement of Kubernetes network policies, such as Canal or the Cisco ACI plugin.|
  Nginx Ingress | If you want to publish your applications in a high-availability configuration, and you're hosting your nodes with a cloud-provider that doesn't have a native load-balancing feature, enable this option to use Nginx ingress within the cluster. |
  Metrics Server Monitoring | Each cloud provider capable of launching a cluster using RKE can collect metrics and monitor for your cluster nodes. Enable this option to view your node metrics from your cloud provider's portal. |
  Pod Security Policy Support | Enables [pod security policies]({{<baseurl>}}/rancher/v2.5/en/admin-settings/pod-security-policies/) for the cluster. After enabling this option, choose a policy using the **Default Pod Security Policy** drop-down. |
diff --git a/content/rancher/v2.5/en/cluster-admin/projects-and-namespaces/_index.md b/content/rancher/v2.5/en/cluster-admin/projects-and-namespaces/_index.md
index dbf7e3cf84f..b495d62f208 100644
--- a/content/rancher/v2.5/en/cluster-admin/projects-and-namespaces/_index.md
+++ b/content/rancher/v2.5/en/cluster-admin/projects-and-namespaces/_index.md
@@ -106,12 +106,7 @@ The `system` project:
 - Allows you to add more namespaces or move its namespaces to other projects.
 - Cannot be deleted because it's required for cluster operations.
 
->**Note:** In clusters where both:
->
-> - The Canal network plug-in is in use.
-> - The Project Network Isolation option is enabled.
->
->The `system` project overrides the Project Network Isolation option so that it can communicate with other projects, collect logs, and check health.
+>**Note:** In RKE clusters where the project network isolation option is enabled, the `system` project overrides the project network isolation option so that it can communicate with other projects, collect logs, and check health.
 
 # Project Authorization
 
diff --git a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md
index 48ee201f057..aef26507b12 100644
--- a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md
+++ b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md
@@ -292,6 +292,10 @@ Option to enable or disable [Cluster Monitoring]({{<baseurl>}}/rancher/v2.5/en/m
 
 Option to enable or disable Project Network Isolation.
 
+Before Rancher v2.5.8, project network isolation is only available if you are using the Canal network plugin for RKE. 
+
+In v2.5.8+, project network isolation is available if you are using any RKE network plugin that supports the enforcement of Kubernetes network policies, such as Canal or the Cisco ACI plugin.
+
 ### local_cluster_auth_endpoint
 
 See [Authorized Cluster Endpoint](#authorized-cluster-endpoint).
diff --git a/content/rancher/v2.5/en/istio/configuration-reference/_index.md b/content/rancher/v2.5/en/istio/configuration-reference/_index.md
index 50e55650a0e..79164a8f965 100644
--- a/content/rancher/v2.5/en/istio/configuration-reference/_index.md
+++ b/content/rancher/v2.5/en/istio/configuration-reference/_index.md
@@ -11,7 +11,7 @@ aliases:
 - [Selectors and Scrape Configs](#selectors-and-scrape-configs)
 - [Enable Istio with Pod Security Policies](#enable-istio-with-pod-security-policies)
 - [Additional Steps for Installing Istio on an RKE2 Cluster](#additional-steps-for-installing-istio-on-an-rke2-cluster)
-- [Additional Steps for Canal Network Plug-in with Project Network Isolation](#additional-steps-for-canal-network-plug-in-with-project-network-isolation)
+- [Additional Steps for Project Network Isolation](#additional-steps-for-project-network-isolation)
 
 ### Egress Support
 
@@ -45,6 +45,6 @@ Refer to [this section.](./enable-istio-with-psp)
 
 Refer to [this section.](./rke2)
 
-### Additional Steps for Canal Network Plug-in with Project Network Isolation
+### Additional Steps for Project Network Isolation
 
 Refer to [this section.](./canal-and-project-network)
\ No newline at end of file
diff --git a/content/rancher/v2.5/en/istio/configuration-reference/canal-and-project-network/_index.md b/content/rancher/v2.5/en/istio/configuration-reference/canal-and-project-network/_index.md
index 886d366e69b..77f82b11b3c 100644
--- a/content/rancher/v2.5/en/istio/configuration-reference/canal-and-project-network/_index.md
+++ b/content/rancher/v2.5/en/istio/configuration-reference/canal-and-project-network/_index.md
@@ -1,5 +1,5 @@
 ---
-title: Additional Steps for Canal Network Plug-in with Project Network Isolation
+title: Additional Steps for Project Network Isolation
 weight: 4
 aliases:
   - /rancher/v2.5/en/istio/v2.5/configuration-reference/canal-and-project-network
@@ -7,8 +7,8 @@ aliases:
 
 In clusters where:
 
-- The Canal network plug-in is in use.
-- The Project Network Isolation option is enabled.
+- You are using the Canal network plugin with Rancher before v2.5.8, or you are using Rancher v2.5.8+ with an any RKE network plug-in that supports the enforcement of Kubernetes network policies, such as Canal or the Cisco ACI plugin
+- The Project Network Isolation option is enabled
 - You install the Istio Ingress module
 
 The Istio Ingress Gateway pod won't be able to redirect ingress traffic to the workloads by default. This is because all the namespaces will be inaccessible from the namespace where Istio is installed. You have two options.
diff --git a/content/rancher/v2.5/en/istio/setup/enable-istio-in-cluster/_index.md b/content/rancher/v2.5/en/istio/setup/enable-istio-in-cluster/_index.md
index 3bedfae64cf..1f7f9546c31 100644
--- a/content/rancher/v2.5/en/istio/setup/enable-istio-in-cluster/_index.md
+++ b/content/rancher/v2.5/en/istio/setup/enable-istio-in-cluster/_index.md
@@ -11,7 +11,7 @@ aliases:
 >- Only a user with the `cluster-admin` [Kubernetes default role](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) assigned can configure and install Istio in a Kubernetes cluster.
 >- If you have pod security policies, you will need to install Istio with the CNI enabled. For details, see [this section.]({{<baseurl>}}/rancher/v2.5/en/istio/v2.5/configuration-reference/enable-istio-with-psp)
 >- To install Istio on an RKE2 cluster, additional steps are required. For details, see [this section.]({{<baseurl>}}/rancher/v2.5/en/istio/v2.5/configuration-reference/rke2/)
->- To install Istio in a cluster where the Canal network plug-in is in use and the Project Network isolation option is enabled, additional steps are required. For details, see [this section.]({{<baseurl>}}/rancher/v2.5/en/istio/v2.5/configuration-reference/canal-and-project-network)
+>- To install Istio in a cluster where project network isolation is enabled, additional steps are required. For details, see [this section.]({{<baseurl>}}/rancher/v2.5/en/istio/v2.5/configuration-reference/canal-and-project-network)
 
 1. From the **Cluster Explorer**, navigate to available **Charts** in **Apps & Marketplace** 
 1. Select the Istio chart from the rancher provided charts