我正在尝试使用calico-script删除所有与calico相关的Iptables。运行完这个脚本后,除了下面这些,大部分的印花布表都被删除了:
root@Ubuntu-18-VM:~# iptables -S | grep -oP '(?<!^:)cali-[^ ]+'
cali-FORWARD
cali-INPUT
cali-OUTPUT
cali-cidr-block
cali-from-hep-forward
cali-from-host-endpoint
cali-from-wl-dispatch
cali-from-wl-dispatch-5
cali-fw-cali2847b154969
cali-fw-cali4bb24809f90
cali-fw-cali531f8f2e712
cali-fw-cali5a82b3ff301
cali-pri-_CVSZITRyIpEmH8AB6H
cali-pri-_HayIXLB85hzHkIhWER
cali-pri-_PTRGc0U-L5Kz7V6ERW
cali-pri-_u2Tn2rSoAPffvE7JO6
cali-pri-kns.kube-system
cali-pro-_CVSZITRyIpEmH8AB6H
cali-pro-_HayIXLB85hzHkIhWER
cali-pro-_PTRGc0U-L5Kz7V6ERW
cali-pro-_u2Tn2rSoAPffvE7JO6
cali-pro-kns.kube-system
cali-to-hep-forward
cali-to-host-endpoint
cali-to-wl-dispatch
cali-to-wl-dispatch-5
cali-tw-cali2847b154969
cali-tw-cali4bb24809f90
cali-tw-cali531f8f2e712
cali-tw-cali5a82b3ff301
cali-wl-to-host
总共还剩下31个。我试图在脚本中添加更多的grep行,应该在剩余的31个条目之上grep,并删除那些iptables。但是当我在第14行之后加上下面一行
iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | while read line; do iptables -t nat -F $line; done
我得到低于错误31次:
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
.
.
.
我如何修复这个脚本,使它可以grep &删除剩余的31个iptables表项。
更新2022年11月:删除脚本从Calico现在位于
https://github.com/projectcalico/calico/blob/master/calico/hack/remove-calico-policy/remove-calico-policy.sh
删除行
尝试在L36后添加以下内容
echo 'Cleaning all calico'
for i in `iptables -L |grep cali|awk '{print $2}'`; do iptables -F $i && iptables -X $i; done
iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
40
:后0
# iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
242
# ./calico-removal.sh
Setting default FORWARD action to ACCEPT...
net.ipv4.ip_forward = 1
Starting the flush Calico policy rules...
Make sure calico-node DaemonSet is stopped before this gets executed.
Flushing all the calico iptables chains in the nat table...
Flushing all the calico iptables chains in the raw table...
Flushing all the calico iptables chains in the mangle table...
Flushing all the calico iptables chains in the filter table...
Cleaning up calico rules from the nat table...
Cleaning up calico rules from the raw table...
Cleaning up calico rules from the mangle table...
Cleaning up calico rules from the filter table...
Cleaning all calico
## iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
0