Table of Contents


  1. Preface
  2. Advanced clusters
  3. Setting up AWS
  4. Setting up Google Cloud
  5. Setting up Microsoft Azure
  6. Setting up a self-service cluster
  7. Setting up a local cluster
  8. Advanced configurations
  9. Troubleshooting
  10. Appendix A: Command reference

Advanced Clusters

Advanced Clusters

NSG for worker nodes

NSG for worker nodes

Use the rules from the default network security group for worker nodes to help you create your own custom NSG.
The following image shows the default worker node NSG, which uses public IP addresses:
 The inbound and outbound rules for the default network security group for the worker node.

Inbound rules

The following table describes the inbound rules for the NSG:
SSH access
You need this rule only for troubleshooting. It isn't used by
Data Integration
For example, you can use this rule to pull logs from worker nodes. Configure this rule the same way as the master node's NSG.
Azure inbound
The default inbound rules are the same as the master node's NSG.
TCP inbound
Allow incoming traffic from TCP ports 10250, 10257, and 10259.

Outbound rules

The outbound rules for worker nodes are the same as for master nodes. Worker nodes access the same internet locations as master nodes plus additional locations such as external data sources.

Example using private clusters

The following image shows an example of NSGs for a worker node that is deployed in a private cluster, with more restrictive permissions:
Example of a NSG for a worker node that has been deployed in private mode, with more restrictive permissions.


We’d like to hear from you!