weaveworks
After removing weave-npc container (part of weave-net DaemonSet) WEAVE-NPC-* iptables chains are kept
From @brb on October 27, 2016 10:6
Upon a termination,weave-npc should remove / flush chains it has created. It is probably safe to do so even in a case of weave-npc being restarted as it is recreates the chains during its initialization (however, the gap when a NetworkPolicy is not active would be a bit longer than it is now).
Copied from original issue: weaveworks/weave-npc#25
Also the WEAVE-NPC-DEFAULT and WEAVE-NPC-INGRESS chains should be flushed and removed by weave reset
Is there a script somewhere how to cleanup manually? I'd like to disable npc test-wise but like to avoid the reboots.
@ensonic these lines should do the trick: https://github.com/weaveworks/weave/blob/fb7fc7ddae2064ba3631f162f43eb2ae230f8c57/weave#L498-L512
however as the previous comment noted, they don't clean up everything. (to disable it should be enough to remove the DROP rules and -j jumps to other chains.)
Thanks. Not sure what run_iptables does, but this is what I have now:
#!/bin/bash
# clear references
for c in INPUT FORWARD; do
while true; do
nr=$(sudo 2>/dev/null iptables -L "$c" -v -n --line-numbers | grep WEAVE-NPC| tail -1 | cut -d' ' -f1)
if [[ "$nr" != "" ]]; then
sudo iptables -D "$c" "$nr"
else
break
fi
done
done
# loop over all weave-npc chains
for c in $(sudo 2>/dev/null iptables -L | egrep ^Chain | grep WEAVE-NPC | cut -d' ' -f2); do
nr=$(sudo iptables 2>/dev/null -L "$c" -n --line-numbers | tail -1 | cut -d' ' -f1)
echo "$c : $nr";
if [[ "$nr" != "num" ]]; then
for i in $(seq "$num"); do sudo iptables -D "$c" 1; done
fi
sudo iptables -F "$c"
sudo iptables -X "$c"
done
sudo systemctl stop kubelet
docker stop "$(docker ps -q)" || /bin/true
sudo systemctl restart docker
sudo systemctl start kubelet
run_iptables runs the iptables program, with two different styles:
https://github.com/weaveworks/weave/blob/fb7fc7ddae2064ba3631f162f43eb2ae230f8c57/weave#L312-L320