Installing a non-transparent proxy in a Cloudera Data Engineering
environment
If Cloudera Data Engineering is used in an air-gapped environment, a proxy
configuration is not mandatory. If a non-transparent proxy is used, then certain endpoints
must be added to the list of allowed endpoints for the proxy.
Configure the No Proxy value with the Classless Inter-Domain Routing (CIDR)
ranges for the Nodes, POD CIDR, and Service CIDR. Any IP range for internal services with
seamless internal network connectivity must be added in the No Proxy
configuration. Specify these CIDR ranges in the configuration to ensure that the traffic
destined for these ranges bypasses the proxy. Add comma-separated no-proxy configurations
without any spaces between them.
If your Cloudera Private Cloud deployment uses a
non-transparent network proxy, configure proxy hosts that the workloads can use for
connections with Cloudera Data Engineering virtual clusters. You can
configure the proxy configuration values from the Cloudera Management Console.
The procedure for updating these settings might be different and dependent on the
proxy server software used.
In the Cloudera console, click the
Cloudera Management Console tile.
The Cloudera Management Console Home page
displays.
On the left navigation menu, click Administration > Networks tab. The Networks page displays.
Configure the following options for the proxy values:
Table 1. Proxy values
Field
Description
HTTPS proxy
It is the HTTP or HTTPS proxy connection string used
with the Cloudera Data Engineering virtual
clusters. You must specify this connection string in the
form:
http(s)://[***USERNAME***]:[***PASSWORD***]@[***HOST***]:[***PORT***].
The [***USERNAME***] and
[***PASSWORD***] parameters are
optional. You can specify the connection proxy string
without these parameters.
HTTP proxy
It is the HTTP or HTTPS proxy connection string used
with the Cloudera Data Engineering virtual
clusters. You must specify this connection string in the
form:
http(s)://[***USERNAME***]:[***PASSWORD***]@[***HOST***]:[***PORT***].
The [***USERNAME***] and
[***PASSWORD***] parameters are
optional. You can specify the connection proxy string
without these parameters.
No proxy
This is a comma-separated list of hostnames, IP addresses, or hostnames and IP
addresses that should not be accessed through the specified HTTPS or HTTP proxy URLs.
In case of Cloudera Embedded Container Service
deployments, you must include no-proxy URLs for the
following:
Hostnames and IP addresses of all the Cloudera Embedded Container Service base clusters in
your deployment.
All Cloudera Private Cloud Base
cluster nodes.
CIDR IP addresses for internal operations in the ECS cluster: 10.42.0.0/16 and
10.43.0.0/16
localhost, .local, .svc, and .svc.cluster.local
Kubernetes service and Pod CIDR blocks. For these
CIDR ranges in Cloudera Embedded Container Service,
open the Cloudera Embedded Container Service
configuration page in Cloudera Manager for the Cloudera Embedded Container Service cluster and search
for “cidr”.
In case of OpenShift Container Platform
deployments, you must include no-proxy URLs for the
following:
Hostnames and IP addresses of all the OpenShift Container Platform base clusters
in your deployment.
All Cloudera Private Cloud Base
cluster nodes.
IP addresses and Hostnames of the master node(s) of
the Kubernetes cluster.
localhost, .local, .svc, and .svc.cluster.local
Kubernetes service and Pod CIDR blocks. For Pod CIDR
ranges in OpenShift Container Platform,
see CIDR range
definitions.
Click Save.
Consider the following example: Figure 1. NTP Proxy configuration example
