I was trying to use a container from Scaleway CR, and I’ve got issue mirroring it. The message in the logs does not help at all, indicating that there is a problem at the mirroring. I try replace every credential I’ve got, but it does not seems to help at all.
Do you mind sharing your app Qovery console link?
Also, just to clarify, you have a custom Scaleway CR on which you have an image and you are trying to deploy an app using this image?
Can you give me the repository name and / or ID (SCW side)?
On the qovey side I’m using scw-cr-general point to https://rg.fr-par.scw.cloud/, and scaleway side it is on the e5ef73ae-8adc-43ad-b148-256e2de6835e id.
And the custom registry you want to use is
registry-ca1e18f1-10c1-4ccd-997b-ce38e2bd53b0 on Qovery side which points to registry
qweeko-bombuilder-prod01 SCW side for this app ?
I’m trying to get an image from the namespace (CR)
qweeko-bombuilder-prod01 SCW from my custom CR (scw-cr-general on the qovery side). Using this I need to mirror the image on the Service CR created by qovery, id
2ca9e5c5-2a3d-4e15-a0f3-bc5f0ff867c0. It seems that mirroring does not work from SCW CR (custom) to another SCW CR (qovery managed). At the creation of the app I have just indicated my custom SCW CR where my images is stored and pass < namespace-cr-scw > / < image > with a tag.
Sooooo after investigation:
I created a new CR for scaleway just no to break your one (
Setup your app to use this one
Still got an error, checked if tag
0.7.3 exists, apparently it doesn’t
Setup tag to be
0.7.4: everything looks to be ok
Can you try to deploy this app now?
Still got the same error,
From scw perspective the 0.7.3 exist and I can pull it localy.
Trying to redeploy it with 0.7.4 and 0.8.0 and got the exact same error.
Trying with the CR
scw-general-new and still the same.
Still investigating, I can reproduce locally the issue, I will get back to you ASAP.
So, I found the issue I guess, when doing mirror, we use
docker buildx imagetools create. We do two logins, one on the external registry, one to the cluster (mirror registry). But somehow, on SCW when doing so creds are stored with registry hostname, for example:
In your case, you have one registry on SCW with scoped permissions (which is totally fine) and your credentials for the cluster and the cluster registry.
It seems doing both docker login clashes. So I need to find a long term workaround.
For the time being, on your side, what could be done is allowing your Qovery user (SCW side) to use your external registry. It’s far from ideal, but while we are working on this one, it should unlock you.
Note: issue is described here Cannot provide multiple logins for the same docker registry · Issue #37569 · moby/moby · GitHub
That what I thought after retrying it locally. I have instead migrated my images on a CR acessible by Qovery (in the same Scaleway project) to maintain a secure IAM policy. Working forward I will migrate and use only the Qovery designated project in Scaleway has an endpoint for my build image.
Thank you for your help and your indepth explanation !
Great ! On our end we are planning to work on this issue (which is quite a big topic), I have good hope we will have a better solution.