0

I have a K3s setup with calico pods [calico-node- & calico-kube-controllers-] running. On uninstalling K3s, calico pods get deleted but I see that calicoctl and iptables -S commands still running and shows data.

I want to delete calico (including calicoctl and Iptables created by calico) completely. Which commands will help me to do so ?

K3s uninstalltion command: /usr/local/bin/k3s-uninstall.sh deletes all k3s pods including calico, but calicoctl and iptables -S still works.

PS: I already tried few things -

  1. Command kubectl delete -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.5/config/v1.5/calico.yaml deletes the calico-node- but calico-kube-controller , calicoctl and iptables -S are still present
  2. Kubectl delete commands in this que also not working for me, after executing these two commands still calicoctl and iptables -S are present
Thom A
  • 88,727
  • 11
  • 45
  • 75
solveit
  • 869
  • 2
  • 12
  • 32
  • Yes? Those are separate tools which you might have already had installed so removing them is probably out of scope for the uninstaller or it could damage systems. `iptables` especially is almost always preinstalled and critical to system functioning. – coderanger Jul 26 '21 at 11:14
  • @coderanger:- 1. Iptables command is already present but Iptables of calico created only after calico installation . 2. Isn't there way to uninstall calicoctl and Iptables-created-by-calico manually by some kubectl command or script ? I have edited the title for clarity. – solveit Jul 26 '21 at 21:57

2 Answers2

1

Deleting calico-Iptables:

Use calico-policy and add below lines at the end of script:

echo "Flush remaining calico iptables"
iptables-save | grep -i cali | iptables -F

echo "Delete remaining calico iptables"
iptables-save | grep -i cali | iptables -X

This will delete all calico iptables when you check with iptables -S

Note: Run this script only after uninstalling K3S.

Deleting calicoctl:

Simply run sudo rm $(which calicoctl) command, it will find and delete the calicoctl.

gaurav sinha
  • 156
  • 6
0

Calico does not provide any automatic uninstallers that I am aware of. You'll have to handle this yourself.

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • @coderanger-:: I can see some disabling link on there GitHub https://github.com/projectcalico/calico/blob/master/hack/remove-calico-policy/remove-policy.md . There is iptables-remover-ds.yaml & remove-calico-policy.sh scripts , can't this help ? https://github.com/projectcalico/calico/tree/master/hack/remove-calico-policy – solveit Jul 29 '21 at 15:39
  • That doesn't look at all related, you can read the scripts and see exactly what they do. – coderanger Jul 29 '21 at 18:08
  • Looks like links are broken . Have they removed the script now ? – devcodes Jun 12 '23 at 04:20