Ports Required by Cloudera Data Science Workbench
Cloudera Data Science Workbench runs on gateway hosts in a CDH/HDP cluster. As such, Cloudera Data Science Workbench acts as a gateway and requires full connectivity to cluster services such as Impala, Spark 2, etc. Additionally, in the case of Spark 2, cluster hosts will require access to the Spark driver running on a set of random ports (20050-32767) on Cloudera Data Science Workbench hosts.
Firewall restrictions must be disabled across Cloudera Data Science Workbench and CDH/HDP cluster hosts. Internally, the Cloudera Data Science Workbench master and worker hosts require full connectivity with no firewalls. Externally, end users connect to Cloudera Data Science Workbench exclusively through a web server running on the master host, and therefore do not need direct access to any other internal Cloudera Data Science Workbench or CDH services.
This information has been summarized in the following table.
| Components | Details |
|---|---|
| Communication with the CDH / HDP cluster |
CDH / HDP -> Cloudera Data Science Workbench The CDH/HDP cluster must have access to the Spark driver that runs on Cloudera Data Science Workbench hosts, on a set of randomized ports in the range, 20050-32767. |
|
Cloudera Data Science Workbench -> CDH / HDP As a gateway service, Cloudera Data Science Workbench must have access to all the ports used by CDH and Cloudera Manager. |
|
| Communication with the Web Browser | The Cloudera Data Science Workbench web application is available at port 80. HTTPS access is available over port 443. |
| Components | Details |
|---|---|
| Communication with the CDH / HDP cluster |
CDH / HDP -> Cloudera Data Science Workbench The CDH/HDP cluster must have access to the Spark driver that runs on Cloudera Data Science Workbench hosts, on a set of randomized ports in the range, 20050-32767. |
|
Cloudera Data Science Workbench -> CDH / HDP As a gateway service, Cloudera Data Science Workbench must have access to all the ports used by CDH and Cloudera Manager. |
|
| Communication with the Web Browser | The Cloudera Data Science Workbench web application is available at port 80. HTTPS access is available over port 443. |
| Port | Process | Mandatory | Note |
|---|---|---|---|
| 22/tcp | sshd | yes | secure shell server (mandatory for CM managed host provisioning) |
| 80/tcp | ingress-controller | yes | CDSW web interface |
| 2049/tcp | nfs | yes | shared filesystem |
| 2379/tcp | etcd-client | yes | k8s shared data store client |
| 2380/tcp | etcd-server | yes | k8s shared data store server |
| 3306/tcp | mysql | for CM Agent | |
| 6443/tcp | kube-apiserver | yes | k8s API endpoint |
| 6783/tcp | weaver | yes | virtual network for docker containers |
| 7191/tcp | CM Agent | yes | for CM Agent |
| 9000/tcp | CM Agent | yes | CM Agent status server |
| 9100/tcp | node_exporter | Prometheus node monitoring service | |
| 10250/tcp | kubelet | yes | k8s the primary "node agent" |
| 10256/tcp | kube-proxy | yes | network proxy that implements part of the k8s Service concept |
| 20048/tcp | rpc.mountd | yes | server side of the NFS MOUNT protocol |
| Port | Process | Mandatory | Note |
|---|---|---|---|
| 22/tcp | sshd | yes | secure shell server (mandatory for CM managed host provisioning) |
| 80/tcp | ingress-controller | CDSW web interface | |
| 111/tcp | NFS portmapper | yes | |
| 443/tcp | secure ingress-controller | yes | CDSW web interface |
| 2049/tcp | nfs | yes | shared filesystem |
| 2379/tcp | etcd-client | yes | k8s shared data store client |
| 2380/tcp | etcd-server | yes | k8s shared data store server |
| 3306/tcp | mysql | for CM Agent | |
| 6443/tcp | kube-apiserver | yes | k8s API endpoint |
| 6783/tcp | weaver | yes | virtual network for docker containers |
| 7191/tcp | CM Agent | yes | for CM Agent |
| 9000/tcp | CM Agent | yes | CM Agent status server |
| 9100/tcp | node_exporter | Prometheus node monitoring service | |
| 10053/tcp | Kub-DNS | yes | |
| 10250/tcp | kubelet | yes | k8s the primary "node agent" |
| 10251/tcp | kube-scheduler | yes | |
| 10252/tcp | kube-control-manager | yes | |
| 10256/tcp | kube-proxy | yes | network proxy that implements part of the k8s Service concept |
| 20048/tcp | rpc.mountd | yes | server side of the NFS MOUNT protocol |
| Port | Process | Mandatory | Note |
|---|---|---|---|
| 22/tcp | sshd | yes | secure shell server (mandatory for CM managed host provisioning) |
| 3306/tcp | mysql | for CM Agent | |
| 6783/tcp | weaver | yes | virtual network for docker containers |
| 7191/tcp | CM Agent | yes | for CM Agent |
| 9000/tcp | CM Agent | yes | CM Agent status server |
| 9100/tcp | node_exporter | Prometheus node monitoring service | |
| 10250/tcp | kubelet | yes | k8s the primary "node agent" |
| 10256/tcp | kube-proxy | yes | network proxy that implements part of the k8s Service concept |
