From a8e140be5569dc4b0e742d99bc27ac130d5a8183 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Berkay=20Tekin=20=C3=96z?= Date: Fri, 15 Nov 2024 10:01:14 +0300 Subject: [PATCH] Cleanup left-over iptables rules from kubeproxy and cilium (#788) --- k8s/lib.sh | 2 ++ snap/snapcraft.yaml | 1 + src/k8s/pkg/k8sd/features/cilium/cleanup.go | 21 +++++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/k8s/lib.sh b/k8s/lib.sh index a30f3a30a..ba6d96b1a 100755 --- a/k8s/lib.sh +++ b/k8s/lib.sh @@ -46,6 +46,8 @@ k8s::common::is_strict() { # Cleanup configuration left by the network feature k8s::remove::network() { k8s::common::setup_env + + "${SNAP}/bin/kube-proxy" --cleanup || true k8s::cmd::k8s x-cleanup network || true } diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 9d21e55f1..435f40fb2 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -164,6 +164,7 @@ parts: - ethtool - hostname - iproute2 + - ipset - kmod - libatm1 - libnss-resolve diff --git a/src/k8s/pkg/k8sd/features/cilium/cleanup.go b/src/k8s/pkg/k8sd/features/cilium/cleanup.go index bb97321e8..679e56135 100644 --- a/src/k8s/pkg/k8sd/features/cilium/cleanup.go +++ b/src/k8s/pkg/k8sd/features/cilium/cleanup.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "os/exec" + "strings" "github.com/canonical/k8s/pkg/snap" ) @@ -18,5 +19,25 @@ func CleanupNetwork(ctx context.Context, snap snap.Snap) error { } } + for _, cmd := range []string{"iptables", "ip6tables", "iptables-legacy", "ip6tables-legacy"} { + out, err := exec.Command(fmt.Sprintf("%s-save", cmd)).Output() + if err != nil { + return fmt.Errorf("failed to read iptables rules: %w", err) + } + + lines := strings.Split(string(out), "\n") + for i, line := range lines { + if strings.Contains(strings.ToLower(line), "cilium") { + lines[i] = "" + } + } + + restore := exec.Command(fmt.Sprintf("%s-restore", cmd)) + restore.Stdin = strings.NewReader(strings.Join(lines, "\n")) + if err := restore.Run(); err != nil { + return fmt.Errorf("failed to restore iptables rules: %w", err) + } + } + return nil }