Reply
New Contributor
Posts: 1
Registered: ‎07-23-2018

Port range for ApplicationMaster in YARN

Hello,

 

Everytime we submit a job to YARN, it opens up a new port, it is hard to setup a firewall rule. As there is a need enforcing the security policies in cluster, is there any way to have a port range ApplicationMaster in YARN?

 

What is the best practices interms of setting up firewall in the cluster?

 

I'm using CDH enterprise 5.10

 

Thanks in advance

Arun

Posts: 1,749
Kudos: 365
Solutions: 277
Registered: ‎07-31-2013

Re: Port range for ApplicationMaster in YARN

Please see this prior post comment on AM ranges: http://community.cloudera.com/t5/Batch-Processing-and-Workflow/Where-is-the-setting-for-the-port-ran...

As to firewalls, the general practice I've observed is to setup rules at points of external access into the cluster (such as from user or other cluster networks) but leave the intra-cluster network open for the services within.

Our port range has a classification of internal/external if that would help you build your rules: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_ig_ports.html
Announcements