In general, your cluster configuration cannot have a firewall between the cluster and CDAP. Instead, if a firewall is used, the cluster and certain CDAP components need to be together behind the firewall. These are the ports which can be opened to provide external access:
Listen Ports for External Access
Description | Governing Configuration | Default Value in Packages |
---|
Default Value in Ambari/Cloudera Manager
CDAP Router listen port (HTTP RESTful) |
|
11015 | |
CDAP Router listen port (HTTP RESTful) (SSL) |
|
10443 | ||
CDAP UI listen port |
| 11011 |
11011
CDAP UI listen port (SSL) |
|
9443 | ||
CDAP Auth Server listen port |
| 10009 |
10009
CDAP Auth Server listen port (SSL) |
|
10010 |
The exact configuration and ports required will vary depending on your use of firewalls and your specific configuration. This diagram shows a likely scenario that you could use:
...