To properly uninstall Submariner from a cluster, follow the steps below:
Make sure KUBECONFIG for all participating clusters is exported and all participating clusters are accessible via kubectl.
Delete Submariner-related namespaces
For each participating cluster, issue the following command:
kubectl delete namespace submariner-operator
For the Broker cluster, issue the following command:
kubectl delete namespace submariner-k8s-broker
For submariner version 0.9 and above, also delete submariner-operator namespace from the Broker cluster
by issuing the following command:
kubectl delete namespace submariner-operator
Delete the Submariner CRDs
For each participating cluster, issue the following command:
for CRD in `kubectl get crds | grep -iE 'submariner|multicluster.x-k8s.io'| awk '{print $1}'`; do kubectl delete crd $CRD; done
Delete Submariner’s ClusterRoles and ClusterRoleBindings
For each participating cluster, issue the following command:
roles="submariner-operator submariner-operator-globalnet submariner-lighthouse submariner-networkplugin-syncer"
kubectl delete clusterrole,clusterrolebinding $roles --ignore-not-found
Remove the Submariner gateway labels
For each participating cluster, issue the following command:
kubectl label --all node submariner.io/gateway-
For OpenShift deployments, delete Lighthouse entry from default DNS.
For each participating cluster, issue the following command:
kubectl apply -f - <<EOF
apiVersion: operator.openshift.io/v1
kind: DNS
metadata:
finalizers:
- dns.operator.openshift.io/dns-controller
name: default
spec:
servers: []
EOF
This deletes the lighthouse entry from the Data section in Corefile of the configmap.
#lighthouse-start AUTO-GENERATED SECTION. DO NOT EDIT
clusterset.local:53 {
forward . 100.3.185.93
}
#lighthouse-end
Verify that the lighthouse entry is deleted from Corefile of dns-default configmap by running
following command on an OpenShift cluster
kubectl describe configmap dns-default -n openshift-dns
For Kubernetes deployments, manually edit the Corefile of coredns configmap and delete the
lighthouse entry by issuing below commands
kubectl edit cm coredns -n kube-system
This will also restart the coredns. Below command can also be issued to manually restart coredns.
kubectl rollout restart -n kube-system deployment/coredns
Verify that the lighthouse entry is deleted from Data section in Corefile of dns-default
config map by running following command on a Kubernetes cluster
kubectl describe configmap coredns -n kube-system
Following commands need to be executed from inside the cluster nodes.
Remove Submariner’s iptables chains
On all nodes in each participating cluster, issue the following commands:
iptables --flush SUBMARINER-INPUT
iptables -D INPUT $(iptables -L INPUT --line-numbers | grep SUBMARINER-INPUT | awk '{print $1}')
iptables --delete-chain SUBMARINER-INPUT
iptables -t nat --flush SUBMARINER-POSTROUTING
iptables -t nat -D POSTROUTING $(iptables -t nat -L POSTROUTING --line-numbers | grep SUBMARINER-POSTROUTING | awk '{print $1}')
iptables -t nat --delete-chain SUBMARINER-POSTROUTING
If Globalnet is enabled in the setup, additionally issue the following commands on gateway nodes:
iptables -t nat --flush SUBMARINER-GN-INGRESS
iptables -t nat -D PREROUTING $(iptables -t nat -L PREROUTING --line-numbers | grep SUBMARINER-GN-INGRESS | awk '{print $1}')
iptables -t nat --delete-chain SUBMARINER-GN-INGRESS
iptables -t nat --flush SUBMARINER-GN-EGRESS
iptables -t nat --delete-chain SUBMARINER-GN-EGRESS
iptables -t nat -t nat --flush SUBMARINER-GN-MARK
iptables -t nat --delete-chain SUBMARINER-GN-MARK
Delete the vx-submariner interface
On all nodes in each participating cluster, issue the following command:
ip link delete vx-submariner