Cloudera Docs

Installing a non-transparent proxy in a Cloudera Data Engineering environment

If Cloudera Data Engineering is used in an air-gapped environment, a proxy configuration is not mandatory. If a non-transparent proxy is used, then certain endpoints must be added to the list of allowed endpoints for the proxy.

Configure the No Proxy value with the Classless Inter-Domain Routing (CIDR) ranges for the Nodes, POD CIDR, and Service CIDR. Any IP range for internal services with seamless internal network connectivity must be added in the No Proxy configuration. Specify these CIDR ranges in the configuration to ensure that the traffic destined for these ranges bypasses the proxy. Add comma-separated no-proxy configurations without any spaces between them.

If your CDP Private Cloud deployment uses a non-transparent network proxy, configure proxy hosts that the workloads can use for connections with Cloudera Data Engineering virtual clusters. You can configure the proxy configuration values from the Management Console.

The procedure for updating these settings might be different and dependent on the proxy server software used.

  1. In the Cloudera Data Platform (CDP) console, click the Management Console tile. The Management Console Home page displays.
  2. On the left navigation menu, click Administration > Networks tab. The Networks page displays.
  3. Configure the following options for the proxy values:
    Table 1. Proxy values
    Field Description
    HTTPS proxy It is the HTTP or HTTPS proxy connection string used with the Cloudera Data Engineering virtual clusters. You must specify this connection string in the form: http(s)://[***USERNAME***]:[***PASSWORD***]@[***HOST***]:[***PORT***].

    The [***USERNAME***] and [***PASSWORD***] parameters are optional. You can specify the connection proxy string without these parameters.
    HTTP proxy It is the HTTP or HTTPS proxy connection string used with the Cloudera Data Engineering virtual clusters. You must specify this connection string in the form: http(s)://[***USERNAME***]:[***PASSWORD***]@[***HOST***]:[***PORT***].

    The [***USERNAME***] and [***PASSWORD***] parameters are optional. You can specify the connection proxy string without these parameters.
    No proxy

    This is a comma-separated list of hostnames, IP addresses, or hostnames and IP addresses that should not be accessed through the specified HTTPS or HTTP proxy URLs.

    In case of ECS deployments, you must include no-proxy URLs for the following:

    • Hostnames and IP addresses of all the ECS base clusters in your deployment.
    • All CDP Private Cloud Base cluster nodes.
    • CIDR IP addresses for internal operations in the ECS cluster: 10.42.0.0/16 and 10.43.0.0/16
    • localhost, .local, .svc, and .svc.cluster.local
    • Kubernetes service and Pod CIDR blocks. For these CIDR ranges in ECS, open the ECS configuration page in Cloudera Manager for the ECS cluster and search for “cidr”.

    In case of OCP deployments, you must include no-proxy URLs for the following:

    • Hostnames and IP addresses of all the OCP base clusters in your deployment.
    • All CDP Private Cloud Base cluster nodes.
    • IP addresses and Hostnames of the master node(s) of the Kubernetes cluster.
    • localhost, .local, .svc, and .svc.cluster.local
    • Kubernetes service and Pod CIDR blocks. For Pod CIDR ranges in OCP, see CIDR range definitions.
  4. Click Save.
Consider the following example:
Figure 1. NTP Proxy configuration example