删除 calico 的 Iptables -S
Deleting Iptables -S of calico
我正在尝试使用 calico-script 删除所有与 calico 相关的 Iptables。在 运行 这个脚本之后,大多数 calico iptables 被删除,除了这些:
root@Ubuntu-18-VM:~# iptables -S | grep -oP '(?<!^:)cali-[^ ]+'
cali-FORWARD
cali-INPUT
cali-OUTPUT
cali-cidr-block
cali-from-hep-forward
cali-from-host-endpoint
cali-from-wl-dispatch
cali-from-wl-dispatch-5
cali-fw-cali2847b154969
cali-fw-cali4bb24809f90
cali-fw-cali531f8f2e712
cali-fw-cali5a82b3ff301
cali-pri-_CVSZITRyIpEmH8AB6H
cali-pri-_HayIXLB85hzHkIhWER
cali-pri-_PTRGc0U-L5Kz7V6ERW
cali-pri-_u2Tn2rSoAPffvE7JO6
cali-pri-kns.kube-system
cali-pro-_CVSZITRyIpEmH8AB6H
cali-pro-_HayIXLB85hzHkIhWER
cali-pro-_PTRGc0U-L5Kz7V6ERW
cali-pro-_u2Tn2rSoAPffvE7JO6
cali-pro-kns.kube-system
cali-to-hep-forward
cali-to-host-endpoint
cali-to-wl-dispatch
cali-to-wl-dispatch-5
cali-tw-cali2847b154969
cali-tw-cali4bb24809f90
cali-tw-cali531f8f2e712
cali-tw-cali5a82b3ff301
cali-wl-to-host
还剩31个。我正在尝试在脚本中再添加一个 grep 行,该行应该 grep 超过剩余的 31 个条目并删除那些 iptables。但是当我在 line14
之后添加下面的行时
iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | while read line; do iptables -t nat -F $line; done
我遇到错误 31 次:
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
.
.
.
我该如何修复这个脚本,以便它也可以 grep 并删除剩余的 31 个 iptables 条目。
删除你的行
尝试在下面添加 L36
echo 'Cleaning all calico'
for i in `iptables -L |grep cali|awk '{print }'`; do iptables -F $i && iptables -X $i; done
就我而言,在这次调整之前,脚本在 242 个中留下了 40 个
iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
40
之后:0
# iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
242
# ./calico-removal.sh
Setting default FORWARD action to ACCEPT...
net.ipv4.ip_forward = 1
Starting the flush Calico policy rules...
Make sure calico-node DaemonSet is stopped before this gets executed.
Flushing all the calico iptables chains in the nat table...
Flushing all the calico iptables chains in the raw table...
Flushing all the calico iptables chains in the mangle table...
Flushing all the calico iptables chains in the filter table...
Cleaning up calico rules from the nat table...
Cleaning up calico rules from the raw table...
Cleaning up calico rules from the mangle table...
Cleaning up calico rules from the filter table...
Cleaning all calico
## iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
0
我正在尝试使用 calico-script 删除所有与 calico 相关的 Iptables。在 运行 这个脚本之后,大多数 calico iptables 被删除,除了这些:
root@Ubuntu-18-VM:~# iptables -S | grep -oP '(?<!^:)cali-[^ ]+'
cali-FORWARD
cali-INPUT
cali-OUTPUT
cali-cidr-block
cali-from-hep-forward
cali-from-host-endpoint
cali-from-wl-dispatch
cali-from-wl-dispatch-5
cali-fw-cali2847b154969
cali-fw-cali4bb24809f90
cali-fw-cali531f8f2e712
cali-fw-cali5a82b3ff301
cali-pri-_CVSZITRyIpEmH8AB6H
cali-pri-_HayIXLB85hzHkIhWER
cali-pri-_PTRGc0U-L5Kz7V6ERW
cali-pri-_u2Tn2rSoAPffvE7JO6
cali-pri-kns.kube-system
cali-pro-_CVSZITRyIpEmH8AB6H
cali-pro-_HayIXLB85hzHkIhWER
cali-pro-_PTRGc0U-L5Kz7V6ERW
cali-pro-_u2Tn2rSoAPffvE7JO6
cali-pro-kns.kube-system
cali-to-hep-forward
cali-to-host-endpoint
cali-to-wl-dispatch
cali-to-wl-dispatch-5
cali-tw-cali2847b154969
cali-tw-cali4bb24809f90
cali-tw-cali531f8f2e712
cali-tw-cali5a82b3ff301
cali-wl-to-host
还剩31个。我正在尝试在脚本中再添加一个 grep 行,该行应该 grep 超过剩余的 31 个条目并删除那些 iptables。但是当我在 line14
之后添加下面的行时iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | while read line; do iptables -t nat -F $line; done
我遇到错误 31 次:
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
.
.
.
我该如何修复这个脚本,以便它也可以 grep 并删除剩余的 31 个 iptables 条目。
删除你的行
尝试在下面添加 L36
echo 'Cleaning all calico'
for i in `iptables -L |grep cali|awk '{print }'`; do iptables -F $i && iptables -X $i; done
就我而言,在这次调整之前,脚本在 242 个中留下了 40 个
iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
40
之后:0
# iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
242
# ./calico-removal.sh
Setting default FORWARD action to ACCEPT...
net.ipv4.ip_forward = 1
Starting the flush Calico policy rules...
Make sure calico-node DaemonSet is stopped before this gets executed.
Flushing all the calico iptables chains in the nat table...
Flushing all the calico iptables chains in the raw table...
Flushing all the calico iptables chains in the mangle table...
Flushing all the calico iptables chains in the filter table...
Cleaning up calico rules from the nat table...
Cleaning up calico rules from the raw table...
Cleaning up calico rules from the mangle table...
Cleaning up calico rules from the filter table...
Cleaning all calico
## iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
0