From 0293bd9a933452bbb7bb8bf53849a047b649bbb1 Mon Sep 17 00:00:00 2001
From: Berkay Tekin Oz <berkay.tekinoz@canonical.com>
Date: Tue, 12 Nov 2024 10:57:46 +0000
Subject: [PATCH 1/2] Clear leftover iptables rules

---
 src/k8s/pkg/k8sd/features/cilium/cleanup.go | 24 +++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/src/k8s/pkg/k8sd/features/cilium/cleanup.go b/src/k8s/pkg/k8sd/features/cilium/cleanup.go
index bb97321e8..aa19178d4 100644
--- a/src/k8s/pkg/k8sd/features/cilium/cleanup.go
+++ b/src/k8s/pkg/k8sd/features/cilium/cleanup.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"strings"
 
 	"github.com/canonical/k8s/pkg/snap"
 )
@@ -18,5 +19,28 @@ func CleanupNetwork(ctx context.Context, snap snap.Snap) error {
 		}
 	}
 
+	for _, cmd := range []string{"iptables", "ip6tables", "iptables-legacy", "ip6tables-legacy"} {
+		out, err := exec.Command(fmt.Sprintf("%s-save", cmd)).Output()
+		if err != nil {
+			return fmt.Errorf("failed to read iptables rules: %w", err)
+		}
+
+		lines := strings.Split(string(out), "\n")
+		for i, line := range lines {
+			for _, word := range []string{"cilium", "kube", "CILIUM", "KUBE"} {
+				if strings.Contains(line, word) {
+					lines[i] = ""
+					break
+				}
+			}
+		}
+
+		restore := exec.Command(fmt.Sprintf("%s-restore", cmd))
+		restore.Stdin = strings.NewReader(strings.Join(lines, "\n"))
+		if err := restore.Run(); err != nil {
+			return fmt.Errorf("failed to restore iptables rules: %w", err)
+		}
+	}
+
 	return nil
 }

From 893edb6646a06240f09ed781f66670434ebb4346 Mon Sep 17 00:00:00 2001
From: Berkay Tekin Oz <berkay.tekinoz@canonical.com>
Date: Thu, 14 Nov 2024 09:17:55 +0000
Subject: [PATCH 2/2] Adjust to be more precise on cleanup

---
 k8s/lib.sh                                  | 2 ++
 snap/snapcraft.yaml                         | 1 +
 src/k8s/pkg/k8sd/features/cilium/cleanup.go | 7 ++-----
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/k8s/lib.sh b/k8s/lib.sh
index 3ef47f516..dff293d38 100755
--- a/k8s/lib.sh
+++ b/k8s/lib.sh
@@ -46,6 +46,8 @@ k8s::common::is_strict() {
 # Cleanup configuration left by the network feature
 k8s::remove::network() {
   k8s::common::setup_env
+  
+  "${SNAP}/bin/kube-proxy" --cleanup || true
 
   k8s::cmd::k8s x-cleanup network || true
 }
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 9d21e55f1..435f40fb2 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -164,6 +164,7 @@ parts:
       - ethtool
       - hostname
       - iproute2
+      - ipset
       - kmod
       - libatm1
       - libnss-resolve
diff --git a/src/k8s/pkg/k8sd/features/cilium/cleanup.go b/src/k8s/pkg/k8sd/features/cilium/cleanup.go
index aa19178d4..679e56135 100644
--- a/src/k8s/pkg/k8sd/features/cilium/cleanup.go
+++ b/src/k8s/pkg/k8sd/features/cilium/cleanup.go
@@ -27,11 +27,8 @@ func CleanupNetwork(ctx context.Context, snap snap.Snap) error {
 
 		lines := strings.Split(string(out), "\n")
 		for i, line := range lines {
-			for _, word := range []string{"cilium", "kube", "CILIUM", "KUBE"} {
-				if strings.Contains(line, word) {
-					lines[i] = ""
-					break
-				}
+			if strings.Contains(strings.ToLower(line), "cilium") {
+				lines[i] = ""
 			}
 		}