Support Questions

Find answers, ask questions, and share your expertise

Port range for ApplicationMaster in YARN

avatar
New Contributor

Hello,

 

Everytime we submit a job to YARN, it opens up a new port, it is hard to setup a firewall rule. As there is a need enforcing the security policies in cluster, is there any way to have a port range ApplicationMaster in YARN?

 

What is the best practices interms of setting up firewall in the cluster?

 

I'm using CDH enterprise 5.10

 

Thanks in advance

Arun

1 REPLY 1

avatar
Mentor
Please see this prior post comment on AM ranges: http://community.cloudera.com/t5/Batch-Processing-and-Workflow/Where-is-the-setting-for-the-port-ran...

As to firewalls, the general practice I've observed is to setup rules at points of external access into the cluster (such as from user or other cluster networks) but leave the intra-cluster network open for the services within.

Our port range has a classification of internal/external if that would help you build your rules: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_ig_ports.html