Port Configuration¶
Okera is accessed via four Okera public access points:
- Web UI and REST API
- Policy Engine (planner) API
- Enforcement Fleet (worker) API
- Presto/JDBC API
Each of these access points is available via a specific port.
Default Ports¶
The following table lists the default TCP ports used by Okera.
Port | Description |
---|---|
22 |
SSH |
5010 |
OkeraEnsemble AWS CLI, Spark, and Databricks |
8083 |
Okera Web UI |
12050 |
Okera Policy Engine (planner) API |
12051 |
Okera Policy Engine (planner) diagnostics (optional) |
12052 |
Okera Hive HiveServer2 proxy (optional) |
12053 |
Okera Impala HiveServer2 proxy (optional) |
13050 |
Okera Enforcement Fleet (worker) API |
13051 |
Okera Enforcement Fleet (worker) diagnostics (optional) |
14050 |
Okera Presto/JDBC API |
32009 |
Okera diagnostics (optional) |
Kubernetes Clusters (EKS, GKE, and AKS)¶
On managed Kubernetes clusters (e.g. EKS, GKE, AKS, or a Kubernetes cluster that uses the AWS/Google Cloud Platform/Azure provider), Okera provisions LoadBalancer
Kubernetes ServiceTypes
for Okera external-facing services. Okera provisions these services as standard load balancers. When changing ports, the Kubernetes cloud provider synchronizes those values to the respective load balancer, which can take a few minutes to take effect.
Kubernetes ServiceTypes
: NodePort
vs LoadBalancer
¶
Kubernetes has two ServiceTypes
that Okera uses for public access points:
NodePort
, which exposes a common port across all nodes in the cluster at the host level.LoadBalancer
, which provisions a load balancer object in the respective cloud provider.
There are three values defined for each port. For example, for the cdas-rest-server
service:
$ kubectl get svc cdas-rest-server -oyaml
...
type: LoadBalancer
ports:
- name: webui
nodePort: 31792
port: 443
protocol: TCP
targetPort: 8083
Each of the port values has a different meaning:
targetPort
is the value of the port that is open on each of the targeted pods.nodePort
is the value of the port that is open on each of the nodes themselves.port
is the value on which this service is exposed.
The port by which you access a particular access point is different depending on the ServiceType
:
- If the
ServiceType
isLoadBalancer
, the service is accessed on theport
value. - If the
ServiceType
isNodePort
, the service is accessed on thenodePort
value.