Ports Used By Cloudera Data Science Workbench

Cloudera Data Science Workbench runs on gateway hosts in a CDH/HDP cluster. As such, Cloudera Data Science Workbench acts as a gateway and requires full connectivity to cluster services such as Impala, Spark 2, etc. Additionally, in the case of Spark 2, cluster hosts will require access to the Spark driver running on a set of random ports (20050-32767) on Cloudera Data Science Workbench hosts.

Firewall restrictions must be disabled across Cloudera Data Science Workbench and CDH/HDP cluster hosts. Internally, the Cloudera Data Science Workbench master and worker hosts require full connectivity with no firewalls. Externally, end users connect to Cloudera Data Science Workbench exclusively through a web server running on the master host, and therefore do not need direct access to any other internal Cloudera Data Science Workbench or CDH services.

This information is summarized in the following tables:
Components Details

Communication with the CDH / HDP cluster

CDH / HDP -> Cloudera Data Science Workbench

The CDH/HDP cluster must have access to the Spark driver that runs on Cloudera Data Science Workbench hosts, on a set of randomized ports in the range, 20050-32767.

Cloudera Data Science Workbench -> CDH / HDP

As a gateway service, Cloudera Data Science Workbench must have access to all the ports used by CDH and Cloudera Manager.

Communication with the Web Browser

The Cloudera Data Science Workbench web application is available at port 80. HTTPS access is available over port 443.
Ports used for communication with Unsecure Master
Port Process Mandatory Note
22/tcp sshd yes Secure shell server (mandatory for CM managed host provisioning)
80/tcp ingress-controller yes CDSW web interface
2049/tcp nfs yes Shared filesystem
2379/tcp etcd-client yes Kubernetes shared data store client
2380/tcp etcd-server yes Kubernetes shared data store server
3306/tcp mysql   For CM Agent
6443/tcp kube-apiserver yes Kubernetes API endpoint
6783/tcp weaver yes Virtual network for docker containers
7191/tcp CM Agent yes For CM Agent
9000/tcp CM Agent yes CM Agent status server
9100/tcp node_exporter   Prometheus node monitoring service
10250/tcp kubelet yes Kubernetes the primary node agent
10256/tcp kube-proxy yes Network proxy that implements part of the Kubernetes Service concept
20048/tcp rpc.mountd yes Server side of the NFS MOUNT protocol
Ports used for communication with Secure Master
Port Process Mandatory Note
22/tcp sshd yes Secure shell server (mandatory for CM managed host provisioning)
80/tcp ingress-controller   CDSW web interface
443/tcp secure ingress-controller yes CDSW web interface
2049/tcp nfs yes Shared filesystem
2379/tcp etcd-client yes Kubernetes shared data store client
2380/tcp etcd-server yes Kubernetes shared data store server
3306/tcp mysql   For CM Agent
6443/tcp kube-apiserver yes Kubernetes API endpoint
6783/tcp weaver yes Virtual network for docker containers
7191/tcp CM Agent yes For CM Agent
9000/tcp CM Agent yes CM Agent status server
9100/tcp node_exporter   Prometheus node monitoring service
10250/tcp kubelet yes Kubernetes the primary node agent
10256/tcp kube-proxy yes Network proxy that implements part of the Kubernetes Service concept
20048/tcp rpc.mountd yes Server side of the NFS MOUNT protocol
Ports used for communication with Secure/Unsecure Worker
Port Process Mandatory Note
22/tcp sshd yes Secure shell server (mandatory for CM managed host provisioning)
3306/tcp mysql   For CM Agent
6783/tcp weaver yes Virtual network for docker containers
7191/tcp CM Agent yes For CM Agent
9000/tcp CM Agent yes CM Agent status server
9100/tcp node_exporter   Prometheus node monitoring service
10250/tcp kubelet yes Kubernetes the primary node agent
10256/tcp kube-proxy yes Network proxy that implements part of the Kubernetes Service concept