Heroku-like feeling with "builtin" docker registry.

[apollo13]

Is your feature request related to a problem? Please describe.

With the addition of git polling and remote runners waypoint is really nice. What I am currently fighting with is how to pass credentials for a central docker registry to the build jobs. In an ideal world the should be able to build an image and have it end up in a registry without a) knowing about the registry or b) having credentials for it -- ie let the cluster in which it runs figure it out.

Describe the solution you'd like

It would be great if I could tell waypoint the URL to a docker registry & credentials for it and then it would automatically inject image names into the build process ala supplied_registry/project/app. When this image name is then exposed as a variable the nomad deploy job further down the line can make use of it.

Additional context

I am coming here with a strong background in heroku, so maybe I am looking at things wrong. But the nice thing about heroku is that you just give it a buildpack and don't have to care (as an app developer) where this image is pushed. I'd like to see a similar solution for waypoint for I just have to set it up to poll a git repo from a developer and the developer doesn't need to know the registry that the deploying cluster then uses.

Does this make any sense? :) I am open to other ideas, but I think this would be a great enhancement.

[briancain]

@apollo13 - Hey there! Thanks for opening an issue with Waypoint.

If I understand correctly, are you saying you wish to configure Waypoint some where once to say "this is the container registry I want all of my projects to use" so that you don't have to specify X number of times it in a waypoint.hcl for each project?

[apollo13]

Jupp that summarizes it nicely. (And I also want to specify the credentials along with the container registry. How to prevent those from leaking is another question). In the end I have waypoint, a nomad cluster and a docker registry and the end user using waypoint shouldn't have to care how the images get into a registry to be usable by nomad.

On Fri, Jan 14, 2022, at 17:32, Brian Cain wrote:

@apollo13 https://github.com/apollo13 - Hey there! Thanks for opening an issue with Waypoint.

If I understand correctly, are you saying you wish to configure Waypoint some where once to say "this is the container registry I want all of my projects to use" so that you don't have to specify X number of times it in a waypoint.hcl for each project?

— Reply to this email directly, view it on GitHub https://github.com/hashicorp/waypoint/issues/2907#issuecomment-1013275518, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAT5C6SPGCHBMYMB6QRCZLUWBF2RANCNFSM5L6CGMAQ. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.***>

[briancain]

That makes sense to me @apollo13 - I'm not sure if this is possible today with the release of Waypoint 0.7, but I imagine you could store the registry credentials inside Vault and use the new config dynamic function to look it up dynamically: https://tip.waypointproject.io/docs/app-config/dynamic#setting-dynamic-values-via-waypoint-hcl

[apollo13]

I guess that it might be possible with 0.7, but still rather cumbersome

[evanphx]

Hi @apollo13,

The reason you have to specify a registry is because waypoint can't know what registries will be available to your target platform.

Just so that I can get a clear picture, there are 3 elements that you'd like automatically configured:

1. Registry location and authentication information
2. Image name in the registry
3. The registry block itself

3 is hard because waypoint has no way to figure out a good default registry, but there are ways to make #1 and #2 cleaner today. Would that fit what you're looking for?

[apollo13]

Hi Evan,

I am not sure I understand why 3 would be hard once 1 and 2 are done -- but I am sure I miss something here. That said even with 1 & 2 only it would be a great quality of life improvement. 👍 I have no idea though if either of them is feasible.

On Wed, Jan 19, 2022, at 18:51, Evan Phoenix wrote:

Hi @apollo13 https://github.com/apollo13,

The reason you have to specify a registry is because waypoint can't know what registries will be available to your target platform.

Just so that I can get a clear picture, there are 3 elements that you'd like automatically configured:

1. Registry location and authentication information
2. Image name in the registry
3. The registry block itself

   3 https://github.com/hashicorp/waypoint/pull/3 is hard because

   waypoint has no way to figure out a good default registry, but there are ways to make #1 https://github.com/hashicorp/waypoint/pull/1 and

   2 https://github.com/hashicorp/waypoint/pull/2 cleaner today. Would

   that fit what you're looking for?

— Reply to this email directly, view it on GitHub https://github.com/hashicorp/waypoint/issues/2907#issuecomment-1016716943, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAT5CZ5OGJBK47D4MZ7XC3UW323PANCNFSM5L6CGMAQ. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.***>

[evanphx]

3 is hard because how would waypoint figure out what registry to send the image to?

[apollo13]

I see, I was thinking of the simple case where you have just one registry :) on the other hand couldn't this be an option to specify during server installation? To the best of my knowledge one waypoint install is usually bound to one nomad cluster so it could make sense to specify a default registry as well.

Thank you for listening -- even when I clearly don't understand many things :)

On Wed, Jan 19, 2022, at 19:22, Evan Phoenix wrote:

3 is hard because how would waypoint figure out what registry to send the image to?

— Reply to this email directly, view it on GitHub https://github.com/hashicorp/waypoint/issues/2907#issuecomment-1016743652, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAT5C5ZYAASJGAK7V57PD3UW36M5ANCNFSM5L6CGMAQ. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.***>

[evanphx]

Happy to sort this out with ya!

One waypoint server install isn't bound to any number of nomad, kubernetes, or really anything else. It could deploy 10 apps to 30 different places easily.

It sounds like the way you're thinking about it, you have waypoint installed in a nomad cluster and want to use waypoint to deploy applications to that same cluster. This configuration makes perfect sense and a good way to manage things.

We'll discuss internally if it makes sense to expose some defaults when deploying applications to the same platform that the server is currently running on, could be a nice way to smooth things.

[apollo13]

Now I am curious. Assume I have git polling enabled, how would I tell the projects which nomad cluster to deploy to? Would I need multiple runner profiles and associate them to projects where I set the different nomad env variables and then associate those to the projects? Sorry if the question is answered in the docs but waypoint changed relatively quickly with 0.6 and 0.7 so I might have lost track :)

On Wed, Jan 19, 2022, at 20:04, Evan Phoenix wrote:

Happy to sort this out with ya!

One waypoint server install isn't bound to any number of nomad, kubernetes, or really anything else. It could deploy 10 apps to 30 different places easily.

It sounds like the way you're thinking about it, you have waypoint installed in a nomad cluster and want to use waypoint to deploy applications to that same cluster. This configuration makes perfect sense and a good way to manage things.

We'll discuss internally if it makes sense to expose some defaults when deploying applications to the same platform that the server is currently running on, could be a nice way to smooth things.

— Reply to this email directly, view it on GitHub https://github.com/hashicorp/waypoint/issues/2907#issuecomment-1016777569, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAT5C5O3VC3IXCCHXCQBETUW4DM5ANCNFSM5L6CGMAQ. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.***>

[evanphx]

The information in the waypoint.hcl file would say which cluster to deploy to. If the deploy job has to be running in the proper cluster to be succesful, then you'd indicate the runner profile on the project, and in the future (when https://github.com/hashicorp/waypoint/pull/2862 is released), you'll be able to target the actions to separate profiles even more.