Skip to content

Port Configuration

Okera is accessed via four Okera public access points:

  1. Web UI and REST API
  2. Policy Engine (planner) API
  3. Enforcement Fleet (worker) API
  4. Presto/JDBC API

Each of these access points is available via a specific port.

Default Ports

The following table lists the default TCP ports used by Okera.

Port Description
22 SSH
5010 OkeraEnsemble AWS CLI, Spark, and Databricks
8083 Okera Web UI
12050 Okera Policy Engine (planner) API
12051 Okera Policy Engine (planner) diagnostics (optional)
12052 Okera Hive HiveServer2 proxy (optional)
12053 Okera Impala HiveServer2 proxy (optional)
13050 Okera Enforcement Fleet (worker) API
13051 Okera Enforcement Fleet (worker) diagnostics (optional)
14050 Okera Presto/JDBC API
32009 Okera diagnostics (optional)

Kubernetes Clusters (EKS, GKE, and AKS)

On managed Kubernetes clusters (e.g. EKS, GKE, AKS, or a Kubernetes cluster that uses the AWS/Google Cloud Platform/Azure provider), Okera provisions LoadBalancer Kubernetes ServiceTypes for Okera external-facing services. Okera provisions these services as standard load balancers. When changing ports, the Kubernetes cloud provider synchronizes those values to the respective load balancer, which can take a few minutes to take effect.

Kubernetes ServiceTypes: NodePort vs LoadBalancer

Kubernetes has two ServiceTypes that Okera uses for public access points:

  1. NodePort, which exposes a common port across all nodes in the cluster at the host level.
  2. LoadBalancer, which provisions a load balancer object in the respective cloud provider.

There are three values defined for each port. For example, for the cdas-rest-server service:

$ kubectl get svc cdas-rest-server -oyaml
type: LoadBalancer
- name: webui
  nodePort: 31792
  port: 443
  protocol: TCP
  targetPort: 8083

Each of the port values has a different meaning:

  • targetPort is the value of the port that is open on each of the targeted pods.
  • nodePort is the value of the port that is open on each of the nodes themselves.
  • port is the value on which this service is exposed.

The port by which you access a particular access point is different depending on the ServiceType:

  • If the ServiceType is LoadBalancer, the service is accessed on the port value.
  • If the ServiceType is NodePort, the service is accessed on the nodePort value.
> **Note:** `okctl` handles this distinction for you and you do not generally need to take this into account.-->