Cleanup2

Author: willie-yao

templates/test/ci/cluster-template-prow-azl3.yaml

@@ -26,35 +26,6 @@
       # Kubelet API (port 10250) - bound to all IPv6 interfaces, needs cluster access
       iptables -A INPUT -p tcp --dport 10250 -j ACCEPT
 
-      # kube-proxy (port 10256) - bound to all IPv6 interfaces, needs cluster access
-      # iptables -A INPUT -p tcp --dport 10256 -j ACCEPT
-
-      # Calico networking requirements
-      # Calico Typha (port 5473) - bound to all IPv6 interfaces, needs cluster access
-      iptables -A INPUT -p tcp --dport 5473 -j ACCEPT
-      
-      # VXLAN for overlay networking (port 4789 UDP) - bound to all interfaces
-      iptables -A INPUT -p udp --dport 4789 -j ACCEPT
-
-      # Calico metrics ports (29603, 29605) - bound to all IPv6 interfaces
-      # iptables -A INPUT -p tcp --dport 29603 -j ACCEPT
-      # iptables -A INPUT -p tcp --dport 29605 -j ACCEPT
-      
-      # BGP for node-to-node communication (port 179) - not in netstat but needed for Calico
-      iptables -A INPUT -p tcp --dport 179 -j ACCEPT
-      
-      # IP-in-IP protocol for Calico
-      # iptables -A INPUT -p 4 -j ACCEPT
-
-      # DHCP client (port 68 UDP) - for IP assignment
-      # iptables -A INPUT -p udp --dport 68 -j ACCEPT
-
-      # NTP (port 323 UDP) - for time synchronization  
-      # iptables -A INPUT -p udp --dport 323 -j ACCEPT
-
-      # Allow ICMP for connectivity checks
-      # iptables -A INPUT -p icmp -j ACCEPT
-
       # Allow traffic to Kubernetes service network (10.96.0.0/12) - required for pod-to-service communication
       iptables -A OUTPUT -d 10.96.0.0/12 -j ACCEPT
       iptables -A INPUT -s 10.96.0.0/12 -j ACCEPT