Open dotdiego opened 2 years ago
briancain
commented
2 years ago @dotdiego - Yes, that specific piece of documentation is mostly meant to say that you don't have to use Waypoint to build your application. But Waypoint still expects you to be deploying some built artifact. In that case, your build stanza would be a docker-pull, so from that sense yes building is optional, but the build stanza isn't.
dotdiego
commented
2 years ago @briancain ok nice one !
So the docker-pull only pulls the image.
Then when I try to add a data_source to enable git source.
runner {
enable = true
data_source "git" {
url = "https://github.com/dotdiego/homelab-nomad-jobs.git"
}
}I get an error
| ==> Missing arguments:
|
| - docker.AccessInfoThe waypoint workflow i'm trying to achieve is the following :
All jobs are using images already built from public registries.
Currently I could get this workflow running by cloning manually my repo and using templating to create the app stanza and it's children. But i'd prefer to automate it and tell waypoint to pick up a repository and execute waypoint up.
briancain
commented
2 years ago Yes @dotdiego - That error is telling you that if you are going to pull a container from a registry, you need to provide access credentials. So something like:
build {
use "docker-pull" {
image = var.image
tag = var.tag
}
registry {
use "docker" {
image = var.image
tag = var.tag
username = var.registry_username
password = var.registry_password
local = var.registry_local
}
}
}@briancain retrying again with waypoint.
I'm pulling the hashicorp/demo-webapp-lb-guide so no authentication should be needed as it's a public image from docker hub.
It's unfortunate that there are no documentation to do a basic : docker pull image -> deploy using nomad (plus nomad is already fetching the image from docker if needed, so this build step should not be mandatory)
dotdiego
commented
2 years ago After a bit of work I got something working.
So for the users that will get in the same situation as me :
empty/absent build -> deploy.That kind of workflow must be run in a waypoint console to run locally so no automation there.
I'll go back using other tools for CI/CD, but I hope those kind of ways to use waypoint will be added in future releases.
dotdiego
commented
2 years ago After many trials and errors, I got something working that seems better (issues mentioned in my previous comment are still present but I have some workarounds).
On the ideas an integration with Vault would be amazing. Because using the UI to add for each project secrets is not really fun, and the input variables in the UI have no possibility to be hidden.
I'm facing the same kaniko issue as #2984 so I used the same workaround.
waypoint runner profile set -name nomad-bootstrap-profile -plugin-type nomad -env-var "container=docker" -default
Then I used this waypoint.hcl to finally deploy something from the UI.
project = "init"
variable "registry_username" {
type = string
}
variable "registry_password" {
type = string
sensitive = true
}
runner {
enabled = true
// profile set to avoid kaniko --force issue
profile = "nomad-bootstrap-profile"
data_source "git" {
url = "https://github.com/dotdiego/waypoint-test.git"
}
}
app "demo" {
// get a small image from docker because we can't bypass the build step
build {
use "docker-pull" {
image = "hello-world"
tag = "latest"
disable_entrypoint = true
}
// push it to docker registry because remote-runner needs a registry block
registry {
use "docker" {
image = "${var.registry_username}/hello-world"
tag = "latest"
username = var.registry_username
password = var.registry_password
}
}
}
// finally deploy to nomad
deploy {
use "nomad-jobspec" {
jobspec = templatefile("${path.project}/webapp.nomad")
}
}
}On the ideas an integration with Vault would be amazing. Because using the UI to add for each project secrets is not really fun, and the input variables in the UI have no possibility to be hidden.
You can do this today with the Vault config sourcer plugin!
https://waypointproject.io/plugins/vault
You can see a real example in one of my example Waypoint projects: https://github.com/briancain/waypoint-tetris/blob/main/waypoint.hcl#L252-L270
variable "registry_username" {
default = dynamic("vault", {
path = "secret/data/registry"
key = "/data/registry_username"
})
type = string
sensitive = true
description = "username for container registry"
}
variable "registry_password" {
default = dynamic("vault", {
path = "secret/data/registry"
key = "/data/registry_password"
})
type = string
sensitive = true
description = "password for registry" // don't hack me plz
}Hey there @dotdiego - can you link me to where you found this documentation you reported? Thanks.
dotdiego
commented
2 years ago @briancain sure : https://developer.hashicorp.com/waypoint/docs/lifecycle
The github file behind this documentation I think is this one : https://github.com/hashicorp/waypoint/blob/4f7174861053bb0bf51a17a26d56120867c5b7b1/website/content/docs/lifecycle/index.mdx
briancain
commented
2 years ago Thanks @dotdiego ! That explains why I couldn't find that sentence 😅 We had made some docs fixes but they hadn't yet made it to our stable website branch. This should be resolved now!
The documentation states :
However creating an waypoint.hcl without a build stanza results in :
What can I do to only deploy an app that has already been packaged on a registry by another tool (or someone else) ?
For notes: I'm trying to deploy all my homelab applications from a repository with only nomad-jobspec.
Following the GitOps way even tough we don't have a controller with a reconciliation loop yet in Nomad.