How to deploying with remote Docker pull image from private registry?

Waypoint
1

Please, I can’t figure out how to log in on a private registry deploying with Docker in a remote machine.

Alway same response, unless I switch the force_pull option to false, then it will use the already downloaded image as expected.

» Deploying...
❌ Pulling Docker Image 1234567890.dkr.ecr.us-east-1.amazonaws.com/test:test
! unable to pull image from Docker registry: unable to pull image: Error response
  from daemon: Head
  https://1234567890.dkr.ecr.us-east-1.amazonaws.com/v2/test/manifests/test: no
  basic auth credentials

project = "example-nodejs"

app "example-nodejs" {
  labels = {
    "service" = "example-nodejs",
    "env" = "dev"
  }

  build {
    use "pack" {}

    registry {
      use "aws-ecr" {
        region     = "us-east-1"
        repository = "test"
        tag        = "test"
      }
    }
  }

  deploy { 
    use "docker" {
      force_pull = true

      client_config {
        host = "tcp://my.remote.docker.host:2375"
        api_version = "1.41"
      }
    }
  }
}
2

Hey there @juliomsilva! Just in case, have you seen the documentation for private container registries for Waypoint? From the docs:

When deploying to Docker with a private image, Waypoint will use authentication from the registry stanza or “out of band” Docker authentication configured directly with Docker.

This might have what you need! Lifecycle: Build | Waypoint | HashiCorp Developer

3

hi @briancain, thank you for your answer, it helped me set better the build stage, but yet i cannot deploy using a remote docker host:


✓ Docker image pushed:

1234.dkr.ecr.us-east-1.amazonaws.com/test:test

» Deploying...

❌ Pulling Docker Image

1234.dkr.ecr.us-east-1.amazonaws.com/test:test

! unable to pull image from Docker registry: unable to pull image: Error response

from daemon: Head

https://1234.dkr.ecr.us-east-1.amazonaws.com/v2/test/manifests

no basic auth credentials

this is my waypoint.hcl file now:

project = "test"

app "test" {
  labels = {
    "service" = "test",
    "env"     = "develop"
  }

  build {
    use "docker" {
      buildkit           = true
      disable_entrypoint = false
    }

    registry {
      use "docker" {
        image        = "1234.dkr.ecr.us-east-1.amazonaws.com/test"
        tag          = "test"
        encoded_auth = filebase64("${path.app}/aws/ecr.config.json")
      }
    }
  }

  deploy {
    use "docker" {
      force_pull   = true
      service_port = 3000

      client_config {
        host        = "tcp://my.remote.docker.host:2375"
        api_version = "1.41"
      }
    }
  }
}

thank you Sir.

4

Hey @juliomsilva, I think you’d want to specify the registry configuration in the Deploy stanza? Unless you also need it for the Build stanza too. If that doesn’t work, could you try with -vvv so we can see a debug log? Just in case, it’d probably be worth a look over to see if there are any sensitive credentials in the log before sending it over. Thanks!