k3s 中对 killall.sh 的 calico 网络依赖
calico network dependency on killall.sh in k3s
我有一个 k3s 集群,其系统 pods 应用了 calico 策略:
kube-system pod/calico-node-xxxx
kube-system pod/calico-kube-controllers-xxxxxx
kube-system pod/metrics-server-xxxxx
kube-system pod/local-path-provisioner-xxxxx
kube-system pod/coredns-xxxxx
app-system pod/my-app-xxxx
I 运行 /usr/local/bin/k3s-killall.sh 清理容器和网络。请问这个clean/remove/reset我的calico网络也可以吗? (尽管在 killall.sh 之后 calico 的 iptables 仍然存在)
引自 killall.sh link:
The killall script cleans up containers, K3s directories, and networking components while also removing the iptables chain with all the associated rules.
它说网络组件也将被清理,但它是 kubernetes 网络还是应用于集群的任何网络?
当您根据说明安装 k3s 时 here it won't install Calico CNI by default. There is a need to install Calico CNI separately。
为了回答您的问题,让我们分析一下 /usr/local/bin/k3s-killall.sh 文件,尤其是带有 iptables 命令的部分:
...
iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore
可以看出,该命令仅删除以KUBE或CNI.
开头的iptableschains
如果您在使用 k3s 和 Calico CNI 的集群设置上 运行 命令 iptables -S,您可以看到 Calico 使用的链以 cali-:[=35 开头=]
iptables -S
-A cali-FORWARD -m comment --comment "cali:vjrMJCRpqwy5oRoX" -j MARK --set-xmark 0x0/0xe0000
-A cali-FORWARD -m comment --comment "cali:A_sPAO0mcxbT9mOV" -m mark --mark 0x0/0x10000 -j cali-from-hep-forward
...
简要回答您的问题:
I ran /usr/local/bin/k3s-killall.sh to clean up containers and networks. Will this clean/remove/reset my calico networking also ?
没有。仍然会有一些 Calico CNI 组件,例如前面提到的 iptables 链以及网络接口:
ip addr
6: calicd9e5f8ac65@if4: <BROADCAST,MULTICAST,UP,LOWER_UP>
7: cali6fcd2eeafde@if4: <BROADCAST,MULTICAST,UP,LOWER_UP>
...
It says that networking component will also be cleaned up though, but is it kubernetes networking or any networking applied to cluster ?
这些是 k3s 默认提供的网络组件,如前面提到的 KUBE- 和 CNI- iptables 链。要详细了解 k3s-killall.sh 脚本的功能,我建议阅读它的 code(k3s-killall.sh 脚本从 # --- create killall script --- 开始,第 575 行)。
我有一个 k3s 集群,其系统 pods 应用了 calico 策略:
kube-system pod/calico-node-xxxx
kube-system pod/calico-kube-controllers-xxxxxx
kube-system pod/metrics-server-xxxxx
kube-system pod/local-path-provisioner-xxxxx
kube-system pod/coredns-xxxxx
app-system pod/my-app-xxxx
I 运行 /usr/local/bin/k3s-killall.sh 清理容器和网络。请问这个clean/remove/reset我的calico网络也可以吗? (尽管在 killall.sh 之后 calico 的 iptables 仍然存在)
引自 killall.sh link:
The killall script cleans up containers, K3s directories, and networking components while also removing the iptables chain with all the associated rules.
它说网络组件也将被清理,但它是 kubernetes 网络还是应用于集群的任何网络?
当您根据说明安装 k3s 时 here it won't install Calico CNI by default. There is a need to install Calico CNI separately。
为了回答您的问题,让我们分析一下 /usr/local/bin/k3s-killall.sh 文件,尤其是带有 iptables 命令的部分:
...
iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore
可以看出,该命令仅删除以KUBE或CNI.
iptableschains
如果您在使用 k3s 和 Calico CNI 的集群设置上 运行 命令 iptables -S,您可以看到 Calico 使用的链以 cali-:[=35 开头=]
iptables -S
-A cali-FORWARD -m comment --comment "cali:vjrMJCRpqwy5oRoX" -j MARK --set-xmark 0x0/0xe0000
-A cali-FORWARD -m comment --comment "cali:A_sPAO0mcxbT9mOV" -m mark --mark 0x0/0x10000 -j cali-from-hep-forward
...
简要回答您的问题:
I ran /usr/local/bin/k3s-killall.sh to clean up containers and networks. Will this clean/remove/reset my calico networking also ?
没有。仍然会有一些 Calico CNI 组件,例如前面提到的 iptables 链以及网络接口:
ip addr
6: calicd9e5f8ac65@if4: <BROADCAST,MULTICAST,UP,LOWER_UP>
7: cali6fcd2eeafde@if4: <BROADCAST,MULTICAST,UP,LOWER_UP>
...
It says that networking component will also be cleaned up though, but is it kubernetes networking or any networking applied to cluster ?
这些是 k3s 默认提供的网络组件,如前面提到的 KUBE- 和 CNI- iptables 链。要详细了解 k3s-killall.sh 脚本的功能,我建议阅读它的 code(k3s-killall.sh 脚本从 # --- create killall script --- 开始,第 575 行)。