Enabling a private CDW environment in Azure Kubernetes Service
An introduction to the terms and components involved in creating a private CDW environment prepares you to successfully complete the required tasks. You see a network configuration diagram.
AKS simplifies container-based application deployment and management. When you create an AKS cluster, a control plane is automatically created and configured. The Azure platform configures the secure communication between the control plane and compute nodes. In a private cluster, the API server for the control plane has an internal IP address. The Azure nodes and the Kubernetes control plane components do not have publicly routable IP addresses. When you deploy a private cluster, the network traffic between your API server and your node pools remains only on the private network.
Cluster Connectivity Manager (CCM) {version 2} enables the CDP Control Plane to communicate with the Kubernetes control plane using an inverting proxy solution. Cloudera Data Warehouse (CDW) can communicate with the Kubernetes control plane and the other resources, such as virtual machines deployed in your network, by using a special established channel.
Large enterprises have a requirement to create private CDW environments in the public cloud similar to the on-premises one in terms of security and networking. Generally, public access to your cloud environment, resources, and deployed applications is not allowed.
A private environment has the following criteria:
- Kubernetes API server for the control plane must have private API endpoints
- Hue, DAS, JDBC, or ODBC applications can only be accessed through private endpoints
- Egress Kubernetes traffic must be controlled using a transparent proxy
- Storage, SQL database, and other resources can only be accessed through private endpoints
- CDP Control Plane can only be accessed through private endpoints using Azure Private Link Service
- Ability to configure a DNS zone in your environment
