search

hashicorp / waypoint

A tool to build, deploy, and release any application on any platform.
https://waypointproject.io
Other
4.76k stars 326 forks source link

Build stage docker push to GCP Artifact Registry fails on Kubernetes #4204

Open adzap opened 1 year ago

adzap commented 1 year ago

Describe the bug Using the docker registry in the build stage with GCP Artifact Registry fails during Testing registry and uploading entrypoint layer step with unsupported protocol scheme "". I am using service account key for auth which seems to be working as it passes the initial registry auth step. Waypoint is installed on GCP GKE (kubernetes).

Error occurs using remote runner. Running this with local runner is able to push successfully to repo.

Steps to Reproduce Build stage in waypoint.hcl

build {
    use "pack" {}

    registry {
      use "docker" {
        image = "australia-southeast1-docker.pkg.dev/<project-id>/<repo-name>/<image-name>"
        tag   = "latest"
        encoded_auth = filebase64("/path/to/dockerAuth.json") # where username is `_json_key_base64` and password is base64 encoded string of the service account json key
      }
    }
}

when running waypoint up -local=false -w staging

output is

✓ Running build v12
✓ Building Buildpack with kaniko...
❌ Testing registry and uploading entrypoint layer
! error setting up entrypoint layer to host:
  "https://australia-southeast1-docker.pkg.dev", err: Put
"/artifacts-uploads/namespaces/<project-id>/repositories/<repo-name>/uploads/AHi26s-a8LP3-Vg515kiVAim7BuuzinGNS1Fn6zBhOCdPLGIka128CrfPsQk1YmPBf6U9Orc6c7j-bOtpix4XCAfgLOY3XM0yhkfVGU06hsS_238RH
  unsupported protocol scheme ""

Expected behavior Waypoint should be able to push entrypoint layer to the artifact registry repo.

Waypoint Platform Versions Additional version and platform information to help triage the issue if applicable:

Additional context

izaaklauer commented 1 year ago

Hey @adzap ,

Thanks for reporting! Can you send us the output of waypoint runner profile list? We've fixed bugs related to this recently, and it would be nice to verify that the oci_url of your waypoint on-demand runner is up-to-date.

adzap commented 1 year ago 
Runner profiles
             NAME            | PLUGIN TYPE |                 OCI URL                 | TARGET RUNNER | DEFAULT
-----------------------------+-------------+-----------------------------------------+---------------+----------
  01GHASKKP2H47X961AAMVMTGD7 | kubernetes  | docker.io/hashicorp/waypoint-odr:0.10.3 | *             | yes
briancain commented 1 year ago

Thanks for sharing your runner profile @adzap ! This looks like something that we should investigate, as it looks like a bug!

Lippur commented 1 year ago

This also happens when using the GitHub Container Registry with Docker builder.

build {
  use "docker" {}

  registry {
    use "docker" {
      image = "ghcr.io/<org>/<image>"
      tag   = gitrefpretty()

      auth {
        username = var.gh_username
        password = var.gh_token
      }
    }
  }
}

Output:

» Building website...
 + Running build v8
 + Building Docker image with kaniko...
 ! Testing registry and uploading entrypoint layer
! error setting up entrypoint layer to host "https://ghcr.io", err: Put
  "/v2/<org>/<image>/blobs/upload/<uuid>?digest=sha256:<digest>":
  unsupported protocol scheme ""
Runner profiles
            NAME           | PLUGIN TYPE |            OCI URL            | TARGET RUNNER | DEFAULT
---------------------------+-------------+-------------------------------+---------------+----------
  docker-bootstrap-profile | docker      | hashicorp/waypoint-odr:latest | *             | yes

Waypoint CLI Version: v0.11.0 Waypoint Server Platform and Version: docker, v0.11.0 Waypoint Plugin: docker