Custom image repositories

If your organization must control the acquisition and provisioning of images in your cloud account custom image repositories are available. If your organization does not allow internet access, or restricts image repositories to only those within your virtual private network (VPC in AWS or VNet in Azure), you can bring your own repository to CDP.

Using your custom repository, you can host and scan Cloudera Data Warehouse (CDW) images. You gain complete control over which images are provisioned in your cloud account and how you acquire the images. You can choose to verify, or not, that the image targeted by a query is present.

To use this feature, you must obtain the CDP_CUSTOM_REPO entitlement.

CDW architecture

The following diagram shows the CDW architecture using a custom image repository based on ACR. The architecture is similar for ECR-based repositories.

When you set up a custom repository, you must read the manifest.json file using your paywall credentials from Cloudera to obtain a list of images. Cloudera provides an image list with each release. You must pull images each time a new release of CDW occurs. Cloudera recommends that you create an automated way to pull these images.

You can set the Disable image version verification option. You might not set this option, thereby enabling verification, for networking or security reasons. You might set this option to disable verification if you need time to onboard new images. The option works as follows:

• If you do not set this option, Cloudera attempts to verify the images in your repository, and if the latest version of the images is not available in the registry, some filtering occurs, and old images are started. CDW does not fully support starting older images, so pulling new versions of images promptly is recommended.
• If you do set this option, when the new releases occur, the server starts the new images without verification. If the images are not present in the registry, provisioning fails.