Sign up to take part
Registered users can ask their own questions, contribute to discussions, and be part of the Community!
Is it possible to force communication ports between DSS and Elastic AI jobs?
Added on March 3, 2025 5:22PM
Likes: 0
Replies: 5
DrissiReda
Registered Posts: 68 ✭✭✭✭✭
I have Dataiku setup in a virtual machine using kubevirt in kubernetes.
This means I am unable to open all ports between 1024-65536 since the kubevirt VM is behind a kubernetes service which doesn't allow for intervals. Does anybody have an idea how I can use a small interval of ports? (around 10) for container ←> dss communications?
Operating system used: kubevirt
Answers
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,424 NeuronThis is not possible. Don't put DSS in a kubevirt VM where you can't configure ports easily. The requirements in the documentation are clear:
"The containers running on the cluster must be able to open TCP connections on the DSS host on any port."
"The networking requirement is that the DSS machine has full inbound connectivity from the EKS cluster nodes."
-
It's due to security reasons that I can't open literally every port on my VM. Has the security issue never been considered for this networking requirement?
Is there any part of the code I can overload to change this behavior?
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,424 Neuron
This is not a valid argument. You can easily open the ports on the DSS machine only when the source is the Kubernetes cluster so that there should be no concerns on those ports being open for other computers.
-
would it be feasible to close ports via firewall entries so that DSS wouldn't choose them when trying to assign a random port for communication with a container execution job?
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,424 Neuron