4.2 CDF Master and Worker Node

4.2.1 CDF Management Portal

Port

Protocol

Node

Description

3000

TCP

Master

Used for accessing the CDF Management portal during CDF deployment from a web browser. This port is used to access the CDF Management portal only during CDF deployment. After deployment, port 5443 is used to access the CDF Management portal.

Web clients must be able to access this port during the installation of CDF.

5443

TCP

Master

Used for accessing the CDF Management portal post CDF deployment from a web browser.

Web clients must be able to access this port for administration and management of CDF.

5444

TCP

Master

Used for accessing the CDF Management portal post CDF deployment from a web browser, when using two-way (mutual) SSL authentication.

Web clients must be able to access this port for administration and management of CDF, when using two-way (mutual) SSL authentication.

4.2.2 CDF

Ports

Protocol

Node

Description

8200

TCP

Master

Used by the itom-vault service which provides a secured configuration store.

All cluster nodes should be able to access this port for the client connection.

8201

TCP

Master

Used by the itom-vault service which provides a secured configuration store.

All cluster nodes should be able to access this port for peer member connections.

4.2.3 Kubernetes

Ports

Protocol

Node

Description

2380

TCP

Master

Used by the etcd component which provides a distributed configuration database.

All the master nodes should be able to access this port for the etcd cluster communication.

4001

TCP

Master

Used by the etcd component which provides a distributed configuration database.

All cluster nodes should be able to access this port for the client connection.

5000

TCP

Master

Used by kube-registry component which handles the management of container image delivery.

All cluster nodes should be able to access this port to communicate with the local container registry.

8443

TCP

Master

This is a Kubernetes API server port.

All cluster nodes should be able to access this port for internal communication.

8472

UDP

All nodes

Used by the Flannel service component which manages the internal cluster networking.

All cluster nodes should be able to access this port for internal communication.

10250

TCP

All nodes

Used by the Kubelet service which functions as a local node agent that watches pod specifications through the Kubernetes API server.

All cluster nodes should be able to access this port for internal communications and worker node Kubelet API for exec and logs.

10251

TCP

All nodes

Used by Kube-scheduler component that watches for any new pod with no assigned node and assigns a node to the pod.

All cluster nodes should be able to access this port for internal communication.

10252

TCP

All nodes

Used by kube-controller-manager component that runs controller processes which regulate the state of the cluster.

All the cluster nodes should be able to access this port for internal communication.

10256

TCP

All nodes

Used by the Kube-proxy component, which is a network proxy that runs on each node, for exposing the services on each node.

All the cluster nodes should be able to access this port for internal communication.

4.2.4 Transformation Hub

Ports

Protocol

Node

with Label

Description

2181, 32181

TCP

zk:yes

Used by Kafka consumers like Kafka scheduler for database to connect to Zookeeper server.

All database nodes must be able to access this port.

9093, 39093

TCP

kafka:yes

This is a SSL port used by Kafka broker to listen for incoming client connections.

All data sources, such as SmartConnector, Identity Manager Driver for Entity Data Model, and Identity Governance should be able to access this port.

38080

TCP

th-platform: yes

Used by ArcSight Management Center (ArcMC) to connect to Transformation Hub.

Also, used by the cluster nodes labeled fusion: yes to get the list of Kafka brokers.

All cluster nodes with label fusion: yes and ArcSight Management Center should be able to access this port.

4.2.5 Identity Intelligence

Ports

Protocol

Node

Description

443

TCP

Master

Used for accessing the Identity Intelligence user interface from a web browser.