Is it possible to force communication ports between DSS and Elastic AI jobs?
I have Dataiku setup in a virtual machine using kubevirt in kubernetes.
This means I am unable to open all ports between 1024-65536 since the kubevirt VM is behind a kubernetes service which doesn't allow for intervals. Does anybody have an idea how I can use a small interval of ports? (around 10) for container ←> dss communications?
Operating system used: kubevirt
Answers
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,329 NeuronThis is not possible. Don't put DSS in a kubevirt VM where you can't configure ports easily. The requirements in the documentation are clear:
"The containers running on the cluster must be able to open TCP connections on the DSS host on any port."
"The networking requirement is that the DSS machine has full inbound connectivity from the EKS cluster nodes."
-
It's due to security reasons that I can't open literally every port on my VM. Has the security issue never been considered for this networking requirement?
Is there any part of the code I can overload to change this behavior?
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,329 Neuron
This is not a valid argument. You can easily open the ports on the DSS machine only when the source is the Kubernetes cluster so that there should be no concerns on those ports being open for other computers.
-
would it be feasible to close ports via firewall entries so that DSS wouldn't choose them when trying to assign a random port for communication with a container execution job?