New Contributor
Posts: 1
Registered: ‎07-23-2018

Port range for ApplicationMaster in YARN



Everytime we submit a job to YARN, it opens up a new port, it is hard to setup a firewall rule. As there is a need enforcing the security policies in cluster, is there any way to have a port range ApplicationMaster in YARN?


What is the best practices interms of setting up firewall in the cluster?


I'm using CDH enterprise 5.10


Thanks in advance


Posts: 1,903
Kudos: 435
Solutions: 307
Registered: ‎07-31-2013

Re: Port range for ApplicationMaster in YARN

Please see this prior post comment on AM ranges:

As to firewalls, the general practice I've observed is to setup rules at points of external access into the cluster (such as from user or other cluster networks) but leave the intra-cluster network open for the services within.

Our port range has a classification of internal/external if that would help you build your rules: