Cloudera Docs

Configuring VPC in GCP with private IPs and CCM

When you configure a VPC network with private IPs and CCM, you should set up the VPC network with your private IPs and security groups.

You will need the following:

  • At least one subnet for hosts that will use CCM.
  • Outbound traffic via the SSH (secure shell) tunnel initiated by CCM allowed to the Cloudera hosted NLBs on workload nodes.

In the Google Cloud console, configure the following:

  1. Create a NAT gateway with a cloud router.
  2. Create at least one subnet:
    1. Attach the NAT gateway to this subnet.
    2. You must configure outbound traffic for CDP resources.
    3. The workload clusters containing CCM (Knox, master, or CM for Classic Cluster) must be able to reach the Network Load Balancers (NLBs).
  3. Currently you can use ports 6000-6049 to connect to the NLBs. The private subnets must be in different availability zones (AZs).
Create your firewall rules. Firewall rules do not need any external facing connections. You can choose what they open. The only requirement is to have outbound connectivity. At this point there is no defined network CIDR range needed. The SSH tunnel service will assign a random IP to the NLB.