Installing in Internet-connected environment

Install Cloudera on premises containerized clusters in an Internet-connected environment using Cloudera Manager to automatically pull deployment images and configure local Kubernetes namespace assets.

Your Kubernetes kubeconfig must have permissions to create Kubernetes namespaces.
You must have persistent storage classes defined in your OpenShift cluster. These can be configured by OpenShift cluster administrators.
Only TLS-enabled custom Docker Registry is supported. You must use a TLS certificate to secure the custom Docker Registry. The TLS certificate can be self-signed, or signed by a private or public trusted Certificate Authority (CA).
Only TLS 1.2 is supported for authentication with Active Directory/LDAP. You must use TLS 1.2 to authenticate the Cloudera Control Plane with your LDAP directory service such as Active Directory.
OpenShift Container Platform network configurations that restrict pod communication are not supported. For example, multi-tenancy isolation with network policy is not supported.
You must ensure that the administrator credentials comply with the following policies:
- Username: Must be 1-128 characters long. Allowed characters are alphanumeric characters, dashes (-), underscores (_), and periods (.)
- Password: Must be at least 8 characters long and contain at least one uppercase letter, one number, and one special character ('#', '&', '*', '$', '%', '@', '^', '.', '_','!'

In Cloudera Manager, on the top right corner, click Add > Add Cluster. The Select Cluster Type page is displayed.

Figure 1. Add Cluster option in the Add drop-down menu
On the Select Cluster Type page, select the cluster type as Cloudera on Premises Containerized Cluster. In Other Options, click here to install Cloudera Data Services on premises, then click Continue.

Figure 2. Add Cloudera on Premises Containerized Cluster page
On the Getting Started page of the installation wizard, configure your installation pathway. . . Click Next.
1. Select Internet as the Install Method.
2. Optional: To use a custom repository link provided by Cloudera, click Custom Repository.
3. Optional: To apply a configuration template from a past installation, click Apply Previously Downloaded Template to browse and upload a template from your machine.
4. Verify the prerequisites for the version you are installing.
5. Click Next.
Figure 3. Getting Started page with the Internet Install Method selected
On the Configure Docker Repository page, select one of the following Docker repository options:
- Select the Use a custom Docker Repository option to copy all images (Internet or Air Gapped) to the embedded registry.
  1. Enter your local Docker Repository in the Custom Docker Repository field in the following format: [*DOCKER REGISTRY*]/[*REPOSITORY NAME*]
  2. Optional: If your registry doest not yet contain all the required Docker images, prepare your Docker Repository from a machine that is running Docker locally and has access to all the Docker images either directly from Cloudera or a local HTTP mirror in your network.
    - Click Generate the copy-docker script on the wizard or download the script file.
    - Log in to your custom Docker Registry and run the script.
      note
      This operation downloads 100+ Docker images and can take a while to complete.
```
docker login <your_custom_registry> -u <user_with_write_access>
bash copy-docker.txt
```
  3. Select the I confirm that I have downloaded all the Docker images to my custom Docker Repository. checkbox.
  4. Enter your Docker Username and Docker Password.
  5. Click Choose File to upload your Docker certificate.
  6. Click Next.
  Figure 4. Configure Docker Repository page with the Use a custom Docker Repository option selected
- Select the Use Cloudera's default Docker Repository option to copy images from Internet to the embedded registry. This uses the default repository that is in the manifest.json file. This option can be selected only if you have selected Internet as the installation method.
  Use this option if you are setting up Cloudera on premises in non-production environments.
On the Configure Databases page, click Next.

Figure 5. Configure Databases page
On the Configure Kubernetes page, specify the information about Kubernetes, Docker, database, and vault information.
1. Upload a Kubernetes Configuration (kubeconfig) file from your existing environment. You can obtain this file from your OpenShift Container Platform administrator. Ensure that this kubeconfig file has permissions to create Kubernetes namespaces.
2. In the Kubernetes Namespace field, enter the Kubernetes namespace that you want to use with this Cloudera on premises deployment. Kubernetes virtual clusters are called namespaces. For more information, see Kubernetes namespaces
3. Configure the default Control Plane administrator login credentials that can be used for the first time once the installation is completed.
4. Enter your Vault information and upload a CA certificate. Cloudera recommends using an external Vault for production environments. Enter the Vault address and token, and upload a CA certificate.
5. Enter a Storage Class to be configured on the Kubernetes cluster. Cloudera on premises uses persistent volumes to provision storage. You can leave this field empty if you have a default storage class configured on your Openshift cluster. Click Continue.
6. In the Additional Certificates section, click Choose File and add the SSL certificate for your HMS database (MariaDB, MySQL, PostgreSQL, or Oracle). For Cloudera Data Warehouse, you must secure the network connection between the default Database Catalog Hive MetaStore (HMS) in Cloudera Data Warehouse and the relational database hosting the base cluster’s HMS.
7. In the Ingress Certificate Secret Synchronization section, enter the name of the TLS secret located in the openshift-ingress namespace into the OpenShift Ingress Secret Name field. This is the default certificate used by the OpenShift cluster, and it will be used by the Istio ingress for TLS termination.
8. If you want to use this installation configuration again to install Cloudera on premises, download this information as a template.
  
  Figure 6. Download as Template button
  
  The template file is a text file that contains the database and vault information that you entered for this installation. This template is useful if you install on premises again with the same databases, as the template populates the fields on the Configure Kubernetes page automatically. The user password information is not saved in the template.
9. Click Next.
Figure 7. Configure Kubernetes page
The Installation Progress page displays the installation progress. When the installation is complete, click Next.

Figure 8. Installation Progress page
The Summary page displays a message with a link to Launch Cloudera on premises.

Figure 9. Launch Cloudera on Premises button on the Summary page

Click Launch Cloudera on premises to launch your Cloudera on premises.
Log in using the previously provided username and password.
Set up external authentication using the URL of the LDAP server and a CA certificate of your secure LDAP. Follow the instructions on the Welcome to Cloudera on premises page to complete this step.
Click Test Connection to ensure that you are able to connect to the configured LDAP server.
Register a Cloudera on premises environment
Create your first Virtual Warehouse in the Cloudera Data Warehouse Data Services
Provision an Cloudera AI Workbench in the Cloudera AI Data Services