Configuring Knox API key support for Cloudera AI Inference service

To enable long-lived connectivity to Cloudera AI Inference service model endpoints using Knox API keys, you must manually configure the Knox service within your Data Lake.

The Knox API key feature is supported only on Cloudera Runtime versions 7.1.9 SP2 and 7.3.2.
You must have administrator access to Cloudera Manager.

Access Cloudera Manager:
1. Log in to the Cloudera Management Console.
2. Navigate to Environments, and select the environment where your Cloudera AI Inference service is installed.
3. In the Data Lake tab under the Services section, click the Cloudera Manager UI link to open Cloudera Manager.
Configure the Knox Gateway Default Group property property.
1. In Cloudera Manager, go to Knox > Configuration.
2. In the search box, search for conf/cdp-resources.xml.
  
  Figure 1. Adding the pre-authentication property in Knox
3. Locate the Knox Gateway Default Group, click + , and enter the following property details:
  - Name: cdp-preauth
  - Value:
```
providerConfigRef=tokenbased#KNOX-AUTH-SERVICE:preauth.auth.header.actor.id.name=x-cdp-actor-username#KNOX-AUTH-SERVICE:preauth.auth.header.actor.groups.prefix=x-cdp-actor-groups#KNOX-AUTH-SERVICE:preauth.group.filter.pattern=[^\s]+#KNOX-AUTH-SERVICE:ignore.additional.path=true
```
4. Click Save Changes.
Refresh Knox Stale Configs on Cloudera Manager.
Check the values, and click Refresh.
To verify the setup, log in to the Knox Admin UI and confirm that the topology renders successfully without errors.