Uninstalling Submariner

To properly uninstall Submariner from a cluster, follow the steps below:

Make sure KUBECONFIG for all participating clusters is exported and all participating clusters are accessible via kubectl.

  1. Delete Submariner-related namespaces

    For each participating cluster, issue the following command:

    kubectl delete namespace submariner-operator
    

    For the Broker cluster, issue the following command:

    kubectl delete namespace submariner-k8s-broker
    

    For submariner version 0.9 and above, also delete submariner-operator namespace from the Broker cluster by issuing the following command:

    kubectl delete namespace submariner-operator
    
  2. Delete the Submariner CRDs

    For each participating cluster, issue the following command:

    for CRD in `kubectl get crds | grep -iE 'submariner|multicluster.x-k8s.io'| awk '{print $1}'`; do kubectl delete crd $CRD; done
    
  3. Delete Submariner’s ClusterRoles and ClusterRoleBindings

    For each participating cluster, issue the following command:

    roles="submariner-operator submariner-operator-globalnet submariner-lighthouse submariner-networkplugin-syncer"
    kubectl delete clusterrole,clusterrolebinding $roles --ignore-not-found
    
  4. Remove the Submariner gateway labels

    For each participating cluster, issue the following command:

    kubectl label --all node submariner.io/gateway-
    
  5. For OpenShift deployments, delete Lighthouse entry from default DNS.

    For each participating cluster, issue the following command:

    kubectl apply -f -  <<EOF
    apiVersion: operator.openshift.io/v1
    kind: DNS
    metadata:
      finalizers:
      - dns.operator.openshift.io/dns-controller
      name: default
    spec:
      servers: []
    EOF
    

    This deletes the lighthouse entry from the Data section in Corefile of the configmap.

    #lighthouse-start AUTO-GENERATED SECTION. DO NOT EDIT
    clusterset.local:53 {
        forward . 100.3.185.93
    }
    #lighthouse-end
    

    Verify that the lighthouse entry is deleted from Corefile of dns-default configmap by running following command on an OpenShift cluster

    kubectl describe configmap dns-default -n openshift-dns
    

    For Kubernetes deployments, manually edit the Corefile of coredns configmap and delete the lighthouse entry by issuing below commands

    kubectl edit cm coredns -n kube-system
    

    This will also restart the coredns. Below command can also be issued to manually restart coredns.

    kubectl rollout restart -n kube-system deployment/coredns
    

    Verify that the lighthouse entry is deleted from Data section in Corefile of dns-default config map by running following command on a Kubernetes cluster

    kubectl describe configmap coredns -n kube-system
    

    Following commands need to be executed from inside the cluster nodes.

  6. Remove Submariner’s iptables chains

    On all nodes in each participating cluster, issue the following commands:

    iptables --flush SUBMARINER-INPUT
    iptables -D INPUT $(iptables -L INPUT --line-numbers | grep SUBMARINER-INPUT | awk '{print $1}')
    iptables --delete-chain SUBMARINER-INPUT
    
    iptables -t nat --flush SUBMARINER-POSTROUTING
    iptables -t nat -D POSTROUTING $(iptables -t nat -L POSTROUTING --line-numbers | grep SUBMARINER-POSTROUTING | awk '{print $1}')
    iptables -t nat --delete-chain SUBMARINER-POSTROUTING
    

    If Globalnet is enabled in the setup, additionally issue the following commands on gateway nodes:

    iptables -t nat --flush SUBMARINER-GN-INGRESS
    iptables -t nat -D PREROUTING $(iptables -t nat -L PREROUTING --line-numbers | grep SUBMARINER-GN-INGRESS | awk '{print $1}')
    iptables -t nat --delete-chain SUBMARINER-GN-INGRESS
    
    iptables -t nat --flush SUBMARINER-GN-EGRESS
    iptables -t nat --delete-chain SUBMARINER-GN-EGRESS
    
    iptables -t nat -t nat --flush SUBMARINER-GN-MARK
    iptables -t nat --delete-chain SUBMARINER-GN-MARK
    
  7. Delete the vx-submariner interface

    On all nodes in each participating cluster, issue the following command:

    ip link delete vx-submariner