This topic describes how to limit access to Hive, Impala, Data Analytics Studio, or
Hue endpoints in Cloudera Data Warehouse (CDW) Public Cloud.
You can restrict access to Kubernetes endpoints and load balancer endpoints of the
Kubernetes cluster by specifying a list of IP Classless Inter-Domain Routing (CIDRs) that
are allowed access. Kubernetes endpoints are used to control the deployment and
maintenance of workload components, such as Virtual Warehouses and Database Catalogs. Load
balancer endpoints are endpoints of services like Hive, Impala, or Hue.
You can specify trusted IP addresses when you activate a CDP environment to use in the Data
Warehouse service or in the Environment Details page. Otherwise, all
external IP addresses can access these endpoints on the Kubernetes cluster that is being
used in the Data Warehouse service.
Required role: DWAdmin
Contact your network team to get your internal network's IP CIDR ranges of IP
addresses that need access to Kubernetes and load balancer service endpoints. All Cloudera IP
addresses that need access to these endpoints have already been allowed.
-
In the Data Warehouse service, expand the Environments
column by clicking the More⦠menu on the left side of the
page.
-
In the Environments column, click the search icon and locate
the environment you registered with CDP where you want to specify access for IP CIDRs.
-
When you locate the environment, click the activation icon
to launch the
Activation Settings dialog box where you can specify the IP CIDRs
that have access to the Kubernetes and load balancer service endpoints:
-
In , in Enable IP CIDR for
Kubernetes cluster specify a comma-separated list of IP CIDRs that you want
to be able to access your Kubernetes endpoints:
-
In , in Enable IP CIDR for the
load balancer specify a comma-separated list of IP CIDRs that you want to be
able to access your load balancer endpoints:
-
After specifying the IP CIDRs, click Activate.