Docker repository access
You must ensure that the cluster has access to the Docker Container Repository in order to retrieve the container images for deployment.
There are several types of Docker Repositories you can use:
- Embedded Repository
- During installation, a Docker daemon is provisioned to act as the Repository. Passwords and certificates are auto generated. No additional set up is needed. Images are copied to the repository during installation. During upgrades, only the new and changed images are copied. Copying images generally takes one to two hours.
- It is important to note that the Embedded Repository can be a single point of failure. If the node that runs the Docker Repository fails or becomes unavailable, some cluster functionalities might become unavailable. Moving the Docker Repository to another node is a complex process and will require engaging Cloudera Professional Services.
- Cloudera Repository
- Using the Cloudera Repository requires that the cluster have internet connectivity to the Cloudera public repository. Using the Cloudera Repository is the fastest option.
- The Cloudera-hosted Docker Repository option may increase the time required to deploy or start the services in the cluster. Cloudera generates Docker Repository credentials that are identical to your paywall credentials. Refer to your welcome letter for the credentials or use the credential generator on cloudera.com to generate credentials from your license key.
- This option is best suited for proof-of-concept, non-production deployments or deployments that do not have security requirements that disallow internet access.
- Custom Repository
- A Custom Repository is a repository that you manage in your environment and can be Enterprise grade and highly available.
- During installation and upgrade, a custom script is generated that you use to copy the images. Copying images can take 4 - 5 hours.
- Only TLS-enabled custom Docker Registry is supported. Ensure that you use a TLS certificate to secure the custom Docker Registry. The TLS certificate can be self-signed, or signed by a private or public trusted Certificate Authority (CA).