Azure Reference Network ArchitecturePDF version

Creating Cloudera Private Links Network with Authorization option

Learn about how to create Cloudera Private Links Network using the Authorization option.

Required Role: EnvironmentCreator or PowerUser

You need to use the following CLI command to create the Cloudera Private Links Network using your own network automation:
cdp cloudprivatelinks authorize-private-link-service-access

This command is used to authorize access to the Private Link services for your cloud account.

The following parameters should be specified:
Parameter Description
cloudAccountId Your Azure subscription ID where the private endpoints are created. The subscription ID needs to be provided, because Cloudera needs to authorize the subscription for Private Link service access.
region Region of the Cloudera Control Plane.
The following is an example command for creating Cloudera Private Links Network:
cdp cloudprivatelinks authorize-private-link-service-access --cli-input-json '{    
"cloudAccountId" : "8e3af657-a8ff-443c-a75c-2fe8c4bcb635", 
"region": "westus1",
}'
The executed command performs the following sequence of steps:
  1. Identifying the appropriate VNet endpoint service for the request. Existing VNet services are filtered for the requested Cloudera service component and region.
  2. Authorization of your subscription ID for authorizing access to the Private Link service is performed. Acceptance settings on the Private Link service require the subscription ID that can access the endpoint to be added to the auto approved list and visibility list. The visibility setting determines who can request access to the Private Link service. Requests can be automatically approved on a subscription level, if the subscription ID is on the auto approved list.
The command returns the Private Link service name, Cloudera service component and the authorization status as shown in the following example:
{
"authorizePrivateLinkServiceAccessResults": [
{
"privateLinkService": "cdp-privatelink-enterprise-westus1",
"serviceComponent": "cdp_control_plane",
"authorizationStatus": "SUCCESS",
"vpceClientTcpPortList": "[443]",
"hostname": "[*.altus.cloudera.com, *.us-west-1.ccm.cdp.cloudera.com, *.us-west-1.cdp.cloudera.com]"
}
],
"status": "SUCCESS"
}
After executing the command, you have to manually complete the following steps:
  1. Create private links using the private endpoints. For more information, see the Azure documentation.
  2. Create private DNS zones as required. For more information, see the Azure documentation.
You can verify that the domains of the respective Cloudera service components are reachable and resolve to private IPs from your VNet using the following command with the returned tracking ID from creating Private Link endpoints:
cdp cloudprivatelinks list-private-link-endpoint-statuses
--tracking-id [***ID***]
You can check this by selecting the metric at Monitoring > Metrics tab on the Azure Console.