kubernetes - 删除 calico 的 iptables -S
问题描述
我正在尝试使用calico-script删除所有与 calico 相关的 Iptables 。运行此脚本后,大部分 calico iptables 将被删除,但以下除外:
root@Ubuntu-18-VM:~# iptables -S | grep -oP '(?<!^:)cali-[^ ]+'
cali-FORWARD
cali-INPUT
cali-OUTPUT
cali-cidr-block
cali-from-hep-forward
cali-from-host-endpoint
cali-from-wl-dispatch
cali-from-wl-dispatch-5
cali-fw-cali2847b154969
cali-fw-cali4bb24809f90
cali-fw-cali531f8f2e712
cali-fw-cali5a82b3ff301
cali-pri-_CVSZITRyIpEmH8AB6H
cali-pri-_HayIXLB85hzHkIhWER
cali-pri-_PTRGc0U-L5Kz7V6ERW
cali-pri-_u2Tn2rSoAPffvE7JO6
cali-pri-kns.kube-system
cali-pro-_CVSZITRyIpEmH8AB6H
cali-pro-_HayIXLB85hzHkIhWER
cali-pro-_PTRGc0U-L5Kz7V6ERW
cali-pro-_u2Tn2rSoAPffvE7JO6
cali-pro-kns.kube-system
cali-to-hep-forward
cali-to-host-endpoint
cali-to-wl-dispatch
cali-to-wl-dispatch-5
cali-tw-cali2847b154969
cali-tw-cali4bb24809f90
cali-tw-cali531f8f2e712
cali-tw-cali5a82b3ff301
cali-wl-to-host
总共还剩下31个。我正在尝试在脚本中添加一个 grep 行,该行应该 grep 高于剩余的 31 个条目并删除那些 iptables。但是当我在第 14 行之后添加以下行时
iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | while read line; do iptables -t nat -F $line; done
我出现以下错误 31 次:
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
.
.
.
如何修复此脚本,以便它也可以 grep 和删除剩余的 31 个 iptables 条目。
解决方案
删除你的行
尝试在L36之后添加以下内容
echo 'Cleaning all calico'
for i in `iptables -L |grep cali|awk '{print $2}'`; do iptables -F $i && iptables -X $i; done
就我而言,在此调整之前,脚本在 242 中留下了 40
iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
40
之后:0
# iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
242
# ./calico-removal.sh
Setting default FORWARD action to ACCEPT...
net.ipv4.ip_forward = 1
Starting the flush Calico policy rules...
Make sure calico-node DaemonSet is stopped before this gets executed.
Flushing all the calico iptables chains in the nat table...
Flushing all the calico iptables chains in the raw table...
Flushing all the calico iptables chains in the mangle table...
Flushing all the calico iptables chains in the filter table...
Cleaning up calico rules from the nat table...
Cleaning up calico rules from the raw table...
Cleaning up calico rules from the mangle table...
Cleaning up calico rules from the filter table...
Cleaning all calico
## iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
0
推荐阅读
- javascript - 获取所选下拉jQuery的分组值
- azure - 为 Azure Application Insights 启用实时指标流
- apache-spark - 使用 Spark 进行 RDD 和元组操作
- reactjs - 来自 react-router 里面
来自语义-ui-react - opengl - Vertexbuffer中的OpenGL数组结构数据布局可能吗?
- android - 如何知道应用重新提交在 google play store 上是否成功?
- batch-file - 清除 Internet Explorer 缓存 SOTI 脚本
- ios - 带有推送通知的Phonegap ios证书问题
- javascript - 为什么在 NodeJS 项目中使用 linter?
- trusted-timestamp - setup signserver on mac get exception EJBCLIENT000025