Skip to content

Commit

Permalink
uninstall: set "cni.uninstall" to true
Browse files Browse the repository at this point in the history
There is a Helm variable, `cni.uninstall`, that tells the agent to clean
up its CNI configuration file and plugin binaries. This behavior was
disabled by default in PR cilium/cilium#24009.
However, when we *know* we're uninstalling Cilium, we should re-enable
the old behavior.

So, manually touch the key file in the configmap to enable uninstall.
Then, the pre-stop hook will be activated on shutdown and clean up as
usual.

Signed-off-by: Casey Callendrello <[email protected]>
  • Loading branch information
squeed authored and tklauser committed Mar 16, 2023
1 parent f4e9d6a commit 21916db
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 0 deletions.
31 changes: 31 additions & 0 deletions install/uninstall.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"strings"
"time"

"github.com/cilium/workerpool"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"

Expand All @@ -26,6 +27,7 @@ type UninstallParameters struct {
HelmValuesSecretName string
RedactHelmCertKeys bool
HelmChartDirectory string
WorkerCount int
}

type K8sUninstaller struct {
Expand All @@ -48,6 +50,8 @@ func (k *K8sUninstaller) Log(format string, a ...interface{}) {
func (k *K8sUninstaller) Uninstall(ctx context.Context) error {
k.autodetect(ctx)

k.Log("🔥 Enabling CNI cleanup...")
k.enableCNIUninstall(ctx)
k.Log("🔥 Deleting agent DaemonSet...")
k.client.DeleteDaemonSet(ctx, k.params.Namespace, defaults.AgentDaemonSetName, metav1.DeleteOptions{})
// We need to wait for daemonset to be deleted before proceeding with further cleanups
Expand Down Expand Up @@ -141,3 +145,30 @@ func (k *K8sUninstaller) waitForPodsToBeDeleted(ctx context.Context) error {
}
}
}

func (k *K8sUninstaller) enableCNIUninstall(ctx context.Context) {
pods, err := k.client.ListPods(ctx, k.params.Namespace, metav1.ListOptions{LabelSelector: defaults.AgentPodSelector})
if err != nil {
k.Log("❌ Failed to enable cni cleanup: %v", err)
return
}
wp := workerpool.NewWithContext(ctx, k.params.WorkerCount)
defer wp.Close()

for _, pod := range pods.Items {
pod := pod
wp.Submit(pod.Name, func(ctx context.Context) error {
_, err := k.client.ExecInPod(ctx, pod.Namespace, pod.Name, defaults.AgentContainerName,
[]string{
"/bin/sh",
"-c",
"echo -n true > /tmp/cilium/config-map/cni-uninstall || true",
})
if err != nil {
k.Log("❌ Failed to enable cni cleanup in pod %s: %v", pod.Name, err)
}
return nil
})
}
wp.Drain()
}
2 changes: 2 additions & 0 deletions internal/cli/cmd/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"context"
"fmt"
"os"
"runtime"
"strings"
"time"

Expand Down Expand Up @@ -187,6 +188,7 @@ func newCmdUninstall() *cobra.Command {
cmd.Flags().BoolVar(&params.RedactHelmCertKeys, "redact-helm-certificate-keys", true, "Do not print in the terminal any certificate keys generated by helm. (Certificates will always be stored unredacted in the secret defined by 'helm-values-secret-name')")
cmd.Flags().StringVar(&params.TestNamespace, "test-namespace", defaults.ConnectivityCheckNamespace, "Namespace to uninstall Cilium tests from")
cmd.Flags().BoolVar(&params.Wait, "wait", false, "Wait for uninstallation to have completed")
cmd.Flags().IntVar(&params.WorkerCount, "worker-count", runtime.NumCPU(), "Number of workers to use for parallel operations")

return cmd
}
Expand Down

0 comments on commit 21916db

Please sign in to comment.