[TOC] calico 提供两种方式安装，分别是 `operator` 与 `manifest` 方法。这里只演示 `manifest` 方式卸载 # 卸载 ## 删除 manifest 提供资源 ```shell $ kubectl delete -f calico.yaml secret "calico-etcd-secrets" deleted configmap "calico-config" deleted clusterrole.rbac.authorization.k8s.io "calico-kube-controllers" deleted clusterrolebinding.rbac.authorization.k8s.io "calico-kube-controllers" deleted clusterrole.rbac.authorization.k8s.io "calico-node" deleted clusterrolebinding.rbac.authorization.k8s.io "calico-node" deleted daemonset.apps "calico-node" deleted serviceaccount "calico-node" deleted deployment.apps "calico-kube-controllers" deleted serviceaccount "calico-kube-controllers" deleted poddisruptionbudget.policy "calico-kube-controllers" deleted ``` ## 清理环境 >[info] 集群所有节点都需要操作 ```shell # 删除cni相关配置 $ rm -rf /etc/cni/net.d/ # 卸载ipip $ modprobe -r ipip # 清理bird协议的路由 $ ip route flush proto bird # 删除calixxx网卡 $ ip link list | grep cali | awk '{print $2}' | cut -c 1-15 | xargs -I {} ip link delete {} # 删除cali字符相关的iptables规则 # ## KUBE-相关的规则是kube-proxy生成的，之所以需要删除它。因为 iptables-restore 抛出异常 Bad IP address "" 或者 Port '0' not valid 错误。所以直接将KUBE-相关规则删除掉，使得kube-proxy重新生成规则(秒级别自动恢复/重启kube-proxy) $ iptables-save | egrep -v "cali|KUBE-" | iptables-restore ``` # 验证 ```shell # 检查所有名字里面带有 calico|tigera 的资源 $ kubectl get all --all-namespaces | egrep "calico|tigera" # 检查所有名字里面带有 calico|tigera 的 不带namespace信息的 api resources $ kubectl api-resources --verbs=list -o name | egrep "calico|tigera" # 查看是否有cali或tunl0网卡 $ ip a | egrep "cali|tunl0" # 查看是否有bird协议的路由 $ ip route list proto bird # 查看是否有cali相关iptables规则 $ iptables-save | grep cali ``` > 如果 `api-resources` 资源有残留的话，使用 `kubectl get crd -o name | egrep "calico|tigera" | xargs kubectl delete` 清理环境