Can I safely delete calico-* pods from my cluster?

Question

After updating container cluster node version to 1.7.6 new pods called calico-* appeared on my cluster. The question is - can I safely delete them?

I'm not sure if this is a bug or not, but those node appeared on my 2 clusters:

• first (my staging env), after update from 1.7.5 to 1.7.6
• second (my prod env), after update from 1.6.5 to 1.7.6

However, when I've created new cluster with version 1.7.5 and update it to 1.7.6 those pods have not appeared.

Mentiones pods are:

• calico-node
• calico-node-vertical-autoscaler
• calico-typha
• calico-typha-horizontal-autoscaler
• calico-typha-vertical-autoscaler

edit:

Answer 1

It looks like Google provided a way to get rid of calico PODs via Google Cloud Console. Please see the screen below.

Answer 2

Calico is how Kubernetes network policies are implemented in GKE. https://cloudplatform.googleblog.com/2017/09/network-policy-support-for-kubernetes-with-calico.html

I don't think it would be safe to delete them, if you did you very likely would end up with unreachable pods.

I thought it was necessary to specify --enable-network-policy when creating and even another extra step when updating a cluster. Though maybe the components are always deployed but allow all policies are created if the flags are not specified.

Edit: If you delete calico pods they will be recreated and the add-on manager ensures there is no way to remove calico.

Edit: There is a command to disable network policy in GKE and the directions can be found at https://cloud.google.com/container-engine/docs/network-policy#disabling_network_policy_enforcement.