Creating Cloudera Private Links Network with VNet option

Learn about how to create Cloudera Private Links Network using the VNet option.

Required Role: EnvironmentCreator or PowerUser

You need to use the following CDP CLI command to create the Cloudera Private Links Network with VNet option:

cdp cloudprivatelinks create-private-link-endpoint

This command is used to create a private endpoint in your workload VNet. This establishes the private link connectivity between the created private endpoint and the respective VNet service present in the Cloudera Control Plane. The private endpoint will be created for all supported components.

The following parameters should be specified:


Parameter	Description
`azureAccountDetails`	This should have the following fields `azureClientSecretCredential` or `credentialCrn` - Either `azureClientSecretCredential` or `credentialCrn` is mandatory. `azureClientSecretCredential` consists of `clientId`, `clientSecret` and `tenantId`. `credentialCrn` is configured with default policy or reduced access policy for provisioning the Azure private endpoint `subscriptionId` - Azure subscription where the private endpoint needs to be created `location` - Azure location `vNetId` - Azure Vnet ID in which private endpoint needs to be created `subnetIds` - ID of the private subnet in which a private endpoint needs to be created.

The following is an example command for creating Cloudera Private Links Network:

Using credentialCRN
Using azureClientSecretCredential

cdp cloudprivatelinks create-private-link-endpoint
 --cli-input-json '{
 "cloudServiceProvider : azure,
  "enablePrivateDns": true,
  "azureAccountDetails": {
  "credentialCrn": "crn:cdp:environments:westus1:cbbe14ac-6db2-444a-b2c3-d71e8e4807ff:credential:781f3844-3fdb-4fb1-a5bc-8af2e04f4691",
        "subscriptionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
        "resourceGroup": "resourceGroupName",
    "location": "westus1",
    "vNetId": "vnetName",
    "subnetId": "subnetName"
  }
}'

cdp cloudprivatelinks create-private-link-endpoint
 --cli-input-json '{
"cloudServiceProvider : azure,
  "enablePrivateDns": false,
  "azureAccountDetails": {
    "azureClientSecretCredential": {
      "clientId": "153c0929-9cc0-4226-9deb-6f6c87879ecb",
      "clientSecret": "secret",
      "tenantId": "51f13146-80e9-41f2-8735-b620ff5b6914"
    },
    "subscriptionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
    "resourceGroup": "resourceGroupName",
    "location": "westus1",
    "vNetId": "vnetName",
    "subnetId": "subnetName"
  }
}'

The executed command performs the following sequence of steps:

Identifying the appropriate Private Link service for the request. Existing services are filtered for the requested region.
Authorization of your subscription ID for authorizing access to the Private Link service is performed. Acceptance settings on the Private Link service require the subscription ID that can access the endpoint to be added to the auto approved list and visibility list. The visibility setting determines who can request access to the Private Link service. Requests can be automatically approved on a subscription level, if the subscription ID is on the auto approved list.

The command returns a trackingId, which can be used to verify that the domains of the respective Cloudera service components are reachable and resolve to private IPs from your VNet using the following command with the returned tracking ID from creating Private Link endpoints:

cdp cloudprivatelinks list-private-link-endpoint-statuses
--tracking-id [***ID***]

You can check this by selecting the metric at Monitoring > Metrics tab on the Azure Console.