fix uninstall.sh

dist/images/cleanup.sh

@@ -24,14 +24,11 @@ kubectl delete clusterrolebinding ovn --ignore-not-found=true
 kubectl delete svc ovn-nb ovn-sb ovn-northd kube-ovn-pinger kube-ovn-controller kube-ovn-cni kube-ovn-monitor -n kube-system --ignore-not-found=true
 kubectl delete ds kube-ovn-cni -n kube-system --ignore-not-found=true
 kubectl delete deployment ovn-central kube-ovn-controller kube-ovn-monitor -n kube-system --ignore-not-found=true
-for ovsstatus in $(kubectl get pod --no-headers -n kube-system -lapp=ovs | awk '{print $1"+"$3}')
-do
-  status=`echo ${ovsstatus#*+}`
-  if [  "$status" = "Running"  ]; then
-    ovs=`echo ${ovsstatus%+*}`
-    kubectl exec -n kube-system "$ovs" -- bash /kube-ovn/uninstall.sh
-  fi
-done
+kubectl get pod --no-headers -n kube-system -lapp=ovs -o custom-columns=NAME:.metadata.name,STATUS:.status.phase,IP:.status.podIP | awk '{
+  if ($2 == "Running") {
+    system("kubectl exec -n kube-system "$1" -- bash /kube-ovn/uninstall.sh "$3)
+  }
+}'
 kubectl delete ds ovs-ovn kube-ovn-pinger -n kube-system --ignore-not-found=true
 kubectl delete crd --ignore-not-found=true \
   ips.kubeovn.io \

dist/images/uninstall.sh

@@ -4,39 +4,49 @@ ovs-dpctl del-dp ovs-system
 
 iptables -t nat -D POSTROUTING -m set --match-set ovn40subnets-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE
 iptables -t nat -D POSTROUTING -m set --match-set ovn40local-pod-ip-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE
-iptables -t nat -D POSTROUTING -m set ! --match-set ovn40subnets src -m set --match-set ovn40subnets-nat dst -j RETURN
-iptables -t nat -D POSTROUTING -m set ! --match-set ovn40subnets src -m set --match-set ovn40local-pod-ip-nat dst -j RETURN
-iptables -t nat -D POSTROUTING -m set --match-set ovn40subnets src -m set --match-set ovn40subnets dst -j MASQUERADE
-iptables -t nat -D POSTROUTING -m set --match-set ovn40subnets src -m set --match-set ovn40subnets dst -j RETURN
-iptables -t nat -D POSTROUTING -m set ! --match-set ovn40subnets src -m set ! --match-set ovn40other-node src -m set --match-set ovn40local-pod-ip-nat dst -j RETURN
-iptables -t nat -D POSTROUTING -m set ! --match-set ovn40subnets src -m set ! --match-set ovn40other-node src -m set --match-set ovn40subnets-nat dst -j RETURN
+iptables -t nat -D POSTROUTING -m mark --mark 0x40000/0x40000 -j MASQUERADE
+iptables -t mangle -D PREROUTING -i ovn0 -m set --match-set ovn40subnets src -m set --match-set ovn40services dst -j MARK --set-xmark 0x40000/0x40000
 iptables -t filter -D INPUT -m set --match-set ovn40subnets dst -j ACCEPT
 iptables -t filter -D INPUT -m set --match-set ovn40subnets src -j ACCEPT
+iptables -t filter -D INPUT -m set --match-set ovn40services dst -j ACCEPT
+iptables -t filter -D INPUT -m set --match-set ovn40services src -j ACCEPT
 iptables -t filter -D FORWARD -m set --match-set ovn40subnets dst -j ACCEPT
 iptables -t filter -D FORWARD -m set --match-set ovn40subnets src -j ACCEPT
+iptables -t filter -D FORWARD -m set --match-set ovn40services dst -j ACCEPT
+iptables -t filter -D FORWARD -m set --match-set ovn40services src -j ACCEPT
+
+if [ -n "$1" ]; then
+    iptables -t nat -D POSTROUTING ! -s "$1" -m set --match-set ovn40subnets dst -j MASQUERADE
+fi
 
 ipset destroy ovn40subnets-nat
 ipset destroy ovn40subnets
 ipset destroy ovn40local-pod-ip-nat
 ipset destroy ovn40other-node
+ipset destroy ovn40services
 
 ip6tables -t nat -D POSTROUTING -m set --match-set ovn60subnets-nat src -m set ! --match-set ovn60subnets dst -j MASQUERADE
 ip6tables -t nat -D POSTROUTING -m set --match-set ovn60local-pod-ip-nat src -m set ! --match-set ovn60subnets dst -j MASQUERADE
-ip6tables -t nat -D POSTROUTING -m set ! --match-set ovn60subnets src -m set --match-set ovn60subnets-nat dst -j RETURN
-ip6tables -t nat -D POSTROUTING -m set ! --match-set ovn60subnets src -m set --match-set ovn60local-pod-ip-nat dst -j RETURN
-ip6tables -t nat -D POSTROUTING -m set --match-set ovn60subnets src -m set --match-set ovn60subnets dst -j MASQUERADE
-ip6tables -t nat -D POSTROUTING -m set --match-set ovn60subnets src -m set --match-set ovn60subnets dst -j RETURN
-ip6tables -t nat -D POSTROUTING -m set ! --match-set ovn60subnets src -m set ! --match-set ovn60other-node src -m set --match-set ovn60local-pod-ip-nat dst -j RETURN
-ip6tables -t nat -D POSTROUTING -m set ! --match-set ovn60subnets src -m set ! --match-set ovn60other-node src -m set --match-set ovn60subnets-nat dst -j RETURN
+ip6tables -t nat -D POSTROUTING -m mark --mark 0x40000/0x40000 -j MASQUERADE
+ip6tables -t mangle -D PREROUTING -i ovn0 -m set --match-set ovn60subnets src -m set --match-set ovn60services dst -j MARK --set-xmark 0x40000/0x40000
 ip6tables -t filter -D INPUT -m set --match-set ovn60subnets dst -j ACCEPT
 ip6tables -t filter -D INPUT -m set --match-set ovn60subnets src -j ACCEPT
+ip6tables -t filter -D INPUT -m set --match-set ovn60services dst -j ACCEPT
+ip6tables -t filter -D INPUT -m set --match-set ovn60services src -j ACCEPT
 ip6tables -t filter -D FORWARD -m set --match-set ovn60subnets dst -j ACCEPT
 ip6tables -t filter -D FORWARD -m set --match-set ovn60subnets src -j ACCEPT
+ip6tables -t filter -D FORWARD -m set --match-set ovn60services dst -j ACCEPT
+ip6tables -t filter -D FORWARD -m set --match-set ovn60services src -j ACCEPT
+
+if [ -n "$1" ]; then
+    ip6tables -t nat -D POSTROUTING ! -s "$1" -m set --match-set ovn60subnets dst -j MASQUERADE
+fi
 
 ipset destroy ovn6subnets-nat
 ipset destroy ovn60subnets
 ipset destroy ovn60local-pod-ip-nat
 ipset destroy ovn60other-node
+ipset destroy ovn60services
 
 rm -rf /var/run/openvswitch/*
 rm -rf /var/run/ovn/*