Cloudera Docs

What's new in Cloudera Data Engineering on premises

Review the new features in the Cloudera Data Engineering service of the Cloudera Data Services on premises 1.5.5 release.

Integrating third-party certificate manager

Cert-manager is an open-source tool for Kubernetes that automates the provisioning, management, and renewal of TLS certificates. Its documentation at https://cert-manager.io/docs/ provides comprehensive guidance on installing, configuring, and using cert-manager to secure workloads with trusted X.509 certificates. Cloudera provides out-of-the-box support for Venafi TPP as part of the Cloudera Embedded Container Service installation. By integrating cert-manager, the Cloudera Data Services on premises achieve secure communication, reduced manual overhead, and compliance with security standards, leveraging its robust automation and flexibility. For more information on setting up and integrating Cert-manager using Venafi TPP, see Integrating third-party certificate manager.

User Access Management

Users must be assigned roles on Cloudera Data Engineering Services and Virtual Clusters to provide them with specific access to the Service or the Virtual Cluster. User Access Management allows you to assign the roles to manage and access the Cloudera Data Engineering Service and Virtual Clusters by defining the access levels for a particular user or user groups. This allows you to assign role-based access to individual users or user groups. For more information, see User Access Management.

Privacy Settings for Virtual Clusters

The new Privacy Settings option for Virtual Clusters allows administrators to define how the artifacts are shared between different users or user groups with VC User role. This allows you to keep all the artifacts private to the user or the user group. For more information, see Privacy Settings.

Artifact access management

By default, you can access and manage the artifacts that are either owned by you or if they are explicitly shared with you by another user. Only users or user groups with full access can share the artifacts with others. Users or user groups with read-only access cannot share artifacts. Users with full access can share an artifact that they own with another user or user group with either full access or read only access. For more information, see Artifact access management.

Hadoop authentication

The Hadoop Authentication tab allows you to authenticate the Kerberos Keytab file for a Cloudera Data Engineering Service or a Virtual Cluster. If the Kerberos Keytab file is not authenticated properly, then you cannot run the jobs or sessions. For more information, see Hadoop authentication.

Updating TLS certificate

Starting from Cloudera Data Engineering 1.5.5 release, you can update the TLS certificate for Cloudera Data Engineering Service or a Virtual Cluster in the Cloudera Data Engineering UI or API directly instead of running the cde-utils.sh script. For more information about how to upload a TLS certificate, see Updating the Control Plane certificates in Cloudera Data Engineering Services or Updating the Control Plane certificates in Cloudera Data Engineering Virtual Clusters.

Support for Ozone OFS data connector in Cloudera Data Engineering Sessions

You can now use data connectors to connect to Ozone in Cloudera Data Engineering Sessions which allows you to access data from Ozone directly. To configure Ozone OFS data connector in Cloudera Data Engineering Sessions, see Creating Sessions in Cloudera Data Engineering or Creating a Session using the CDE CLI.

Quota Management for multiple base cluster support

Quota management enables you to control how resources are allocated within your Cloudera Data Services on premises clusters. In order to prevent a single workload from consuming all available cluster resources, you can limit the number of CPUs, GPUs, and memory allocated by application, user, business units, or Data Service by defining resource pools that define resource limits. Pools are organized in a hierarchical manner by defining nodes in the hierarchy with resource limits, which can then be subdivided as needed to allocate resources for an organization and to allocate resources to cluster or environment wide services such as the monitoring service.