diff --git a/docs/deployment-models/multicluster.md b/docs/deployment-models/multicluster.md
index 1c8010521..8a3041f61 100644
--- a/docs/deployment-models/multicluster.md
+++ b/docs/deployment-models/multicluster.md
@@ -123,13 +123,11 @@ These steps are common to every multi-cluster deployment and should be completed
 
 6. Push the intermediate CAs to each cluster.
     ```bash
-    kubectl --context "${CTX_CLUSTER1}" label namespace istio-system topology.istio.io/network=network1
     kubectl get secret -n istio-system --context "${CTX_CLUSTER1}" cacerts || kubectl create secret generic cacerts -n istio-system --context "${CTX_CLUSTER1}" \
       --from-file=east/ca-cert.pem \
       --from-file=east/ca-key.pem \
       --from-file=east/root-cert.pem \
       --from-file=east/cert-chain.pem
-    kubectl --context "${CTX_CLUSTER2}" label namespace istio-system topology.istio.io/network=network2
     kubectl get secret -n istio-system --context "${CTX_CLUSTER2}" cacerts || kubectl create secret generic cacerts -n istio-system --context "${CTX_CLUSTER2}" \
       --from-file=west/ca-cert.pem \
       --from-file=west/ca-key.pem \
@@ -407,11 +405,10 @@ In this setup there is a Primary cluster (`cluster1`) and a Remote cluster (`clu
     EOF
     ```
 
-6. Set the controlplane cluster and network for `cluster2`.
+6. Set the controlplane cluster for `cluster2`.
 
     ```bash
     kubectl --context="${CTX_CLUSTER2}" annotate namespace istio-system topology.istio.io/controlPlaneClusters=cluster1
-    kubectl --context="${CTX_CLUSTER2}" label namespace istio-system topology.istio.io/network=network2
     ```
 
 7. Install a remote secret on `cluster1` that provides access to the `cluster2` API server.
diff --git a/docs/deployment-models/resources/setup-multi-primary.sh b/docs/deployment-models/resources/setup-multi-primary.sh
index 81c0678bb..b2c55ce07 100755
--- a/docs/deployment-models/resources/setup-multi-primary.sh
+++ b/docs/deployment-models/resources/setup-multi-primary.sh
@@ -80,7 +80,6 @@ kubectl get ns sail-operator --context "${CTX_CLUSTER2}" || make -C "${SCRIPT_DI
 # 3. Create istio-system namespace on each cluster and configure a common root CA. 
 
 kubectl get ns istio-system --context "${CTX_CLUSTER1}" || kubectl create namespace istio-system --context "${CTX_CLUSTER1}"
-kubectl --context "${CTX_CLUSTER1}" label namespace istio-system topology.istio.io/network=network1
 kubectl get secret -n istio-system --context "${CTX_CLUSTER1}" cacerts || kubectl create secret generic cacerts -n istio-system --context "${CTX_CLUSTER1}" \
   --from-file=${CERTS_DIR}/east/ca-cert.pem \
   --from-file=${CERTS_DIR}/east/ca-key.pem \
@@ -88,7 +87,6 @@ kubectl get secret -n istio-system --context "${CTX_CLUSTER1}" cacerts || kubect
   --from-file=${CERTS_DIR}/east/cert-chain.pem
 
 kubectl get ns istio-system --context "${CTX_CLUSTER2}" || kubectl create namespace istio-system --context "${CTX_CLUSTER2}"
-kubectl --context "${CTX_CLUSTER2}" label namespace istio-system topology.istio.io/network=network2
 kubectl get secret -n istio-system --context "${CTX_CLUSTER2}" cacerts || kubectl create secret generic cacerts -n istio-system --context "${CTX_CLUSTER2}" \
   --from-file=${CERTS_DIR}/west/ca-cert.pem \
   --from-file=${CERTS_DIR}/west/ca-key.pem \
diff --git a/tests/e2e/multicluster/multicluster_primaryremote_test.go b/tests/e2e/multicluster/multicluster_primaryremote_test.go
index 7b080ac33..625294375 100644
--- a/tests/e2e/multicluster/multicluster_primaryremote_test.go
+++ b/tests/e2e/multicluster/multicluster_primaryremote_test.go
@@ -181,7 +181,6 @@ values:
 								"merge",
 								`{"metadata":{"annotations":{"topology.istio.io/controlPlaneClusters":"cluster1"}}}`)).
 							To(Succeed(), "Error patching istio-system namespace")
-						Expect(k2.Label("namespace", controlPlaneNamespace, "topology.istio.io/network", "network2")).To(Succeed(), "Error labeling istio-system namespace")
 
 						// To be able to access the remote cluster from the primary cluster, we need to create a secret in the primary cluster
 						// Remote Istio resource will not be Ready until the secret is created
diff --git a/tests/e2e/util/certs/certs.go b/tests/e2e/util/certs/certs.go
index 0a59c1f34..173765f20 100644
--- a/tests/e2e/util/certs/certs.go
+++ b/tests/e2e/util/certs/certs.go
@@ -226,12 +226,6 @@ func PushIntermediateCA(k kubectl.Kubectl, ns, zone, network, basePath string, c
 	// Check if the secret exists in the cluster
 	_, err := common.GetObject(context.Background(), cl, kube.Key("cacerts", ns), &corev1.Secret{})
 	if err != nil {
-		// Label the namespace with the network
-		err = k.Label("namespace", ns, "topology.istio.io/network", network)
-		if err != nil {
-			return fmt.Errorf("failed to label namespace: %w", err)
-		}
-
 		// Read the pem content from the files
 		caCertPath := filepath.Join(certDir, zone, "ca-cert.pem")
 		caKeyPath := filepath.Join(certDir, zone, "ca-key.pem")