search

hashicorp / waypoint

A tool to build, deploy, and release any application on any platform.
https://waypointproject.io
Other
4.76k stars 327 forks source link

Registry insecure flag #3333

Open marcotuna opened 2 years ago

marcotuna commented 2 years ago

Describe the bug When attempting to upload a container image to a self hosted container registry using the registry container, which runs on http by default, waypoint is not able to upload the container image to it even when specifying the insecure = true flag
https://www.waypointproject.io/plugins/docker#insecure

❌ Pushing Docker image...
 │ The push refers to repository [192.168.0.38:5000/app]
! unable to stream Docker logs to terminal: Get
  "https://192.168.0.38:5000/v2/": http: server gave HTTP response
  to HTTPS client

Steps to Reproduce

Expected behavior The container image should be uploaded when insecure = true flag is enabled and using an http container registry.

Waypoint Platform Versions Additional version and platform information to help triage the issue if applicable:

Additional context When using the below configuration it works successfully: 

registry {
        use "docker" {
            image    = "localhost:5000/app"
            tag      = "latest"
            insecure = true
        }
}

Use case:

marcotuna commented 2 years ago

Currently I did a workaround however ideally this shouldn't be needed.
Created the following script:

forward.sh

#!/bin/sh

socat tcp-listen:5000,reuseaddr,fork tcp:192.168.0.38:5000 &

This allows to have the remote host port on localhost, this way it doesn't complain about https.
Added the following entry to the waypoint template file. 

hook {
      when    = "before"
      command = ["sh", "forward.sh"]
}
briancain commented 2 years ago

Hey @marcotuna ! Thanks for opening an issue on Waypoint!

Do you have anything in your daemon settings file? Mine is at /etc/docker/daemon.json. On my system, I had to setup docker to allow for pushing to insecure registries:

{
  "insecure-registries" : ["myregistrydomain.com:5000"]
}

That's interesting that it works with localhost, likely a bug on our end if that works but the IP address does not. We'll leave this issue open to track it!

wallacepf commented 2 years ago

Hello Guys, hitting the same issue with v0.8.2 even following your recommendation @briancain. In my case, I'm using the FQDN instead of localhost or IP and this is the error I'm getting:

Image built: waypoint.local/orcha-client:latest (amd64)
 + Running push build v11
 + Tagging Docker image: waypoint.local/orcha-client:latest => registry.service.dc1.consul:5000/orcha-client:latest
 ! Pushing Docker image...
 │ The push refers to repository [registry.service.dc1.consul:5000/orcha-client]
! unable to stream Docker logs to terminal: Get
  "https://registry.service.dc1.consul:5000/v2/": http: server gave HTTP response
  to HTTPS client

Registry block configs:

registry {
       use "docker" {
         image = "registry.service.dc1.consul:5000/orcha-client"
         tag   = "latest"
         local = false
         insecure = true
       }
     }
arbourd commented 1 year ago

This is still very reproducible on 0.10.0. I experienced this with ODR running on Kubernetes and Git remote runners.

registry {
  use "docker" {
    image = "docker-registry:5000/busybox"
    tag = "latest"
    insecure = true
  }
}

The result is similar to @wallacepf:

❌ Building Docker image with kaniko...
! unable to negotiate with upstream: Get "https://docker-registry:5000/v2/": http:
  server gave HTTP response to HTTPS client

As a guess: I think the ai.Insecure value is not being set when passing around instructions with gRPC.

paladin-devops commented 1 year ago

@arbourd are you using the docker-pull builder plugin, or the docker builder plugin here?

arbourd commented 1 year ago

Great question @paladin-devops. I moved on from this solution and never committed it but I have a feeling I tried both? I think I started with docker-pull (pulling busybox and shipping it to the local reg to satisfy the ODR stuff for empty builds).