Custom docker registry on Helm installed GCP

lucas-koehler · February 19, 2021, 11:20am

Hello,

I installed Gitpod on GCP via the Helm installer (as the GCP installer is currently broken).

I then wanted to use a custom docker registry hosted by Google in my GCP project. I followed the steps at https://www.gitpod.io/docs/self-hosted/latest/install/docker-registry/ .
I created the registry-auth.json secret and adapted the config (adaptions not shown here, just for reference from the docs)

components:
imageBuilder:
registryCerts: []
registry:
# name must not end with a “/”
name: your.registry.com/gitpod
secretName: image-builder-registry-secret
path: secrets/registry-auth.json

workspace:
pullSecret:
secretName: image-builder-registry-secret

docker-registry:
enabled: false

However, the secret image-builder-registry-secret is not found by my image builder. It is also not present when checking with kubectl get secrets. There was no mention of whether I need to create it myself in the docs.
Do I need to do that and if yes what exactly should it contain?

The blobserve and image builder pods do not start anymore. the logs say the following:
{"@type":"type.googleapis.com/google.devtools.clouderrorreporting.v1beta1.ReportedErrorEvent","error":"read /mnt/pull-secret.json: is a directory","level":"fatal","message":"cannot read docker config","serviceContext":{"service":"blobserve","version":""},"severity":"CRITICAL","time":"2021-02-19T11:15:14Z"}

And the logs of the image builder service say this:
{"level":"fatal","message":"read /config/pull-secret.json: is a directory","serviceContext":{"service":"image-builder","version":""},"severity":"CRITICAL","time":"2021-02-19T11:15:16Z"}

Thanks in advance for any help

corneliusludmann · February 22, 2021, 2:57pm

Have you created the file secrets/registry-auth.json on your computer that runs the helm command? How does you secret image-builder-registry-secret look like?

kubectl get secret image-builder-registry-secret -o yaml

Note: Remove your sensitive data!

lucas-koehler · February 22, 2021, 4:30pm

Hello,
yes I created the secrets/registry-auth.json.

The result of kubectl get secret image-builder-registry-secret -o yaml is the following. Everything <redacted> was removed by me.

apiVersion: v1
data:
  registry-auth.json: <redacted, ~ 4200 characters base64 encoded string>
kind: Secret
metadata:
  creationTimestamp: "2021-02-19T10:57:48Z"
  name: image-builder-registry-secret
  namespace: default
  resourceVersion: "4373393"
  selfLink: /api/v1/namespaces/default/secrets/image-builder-registry-secret
  uid: <redacted>
type: Opaque

wulfthimm · February 23, 2021, 4:24pm

Hi @lucas-koehler,

could you also verify that the content of that files is the same as in you local secrets/registry-auth.json.
I could also suggest to use the Terraform script to install Gitpod on GCP. You only have to download Terraform and set some variables. https://github.com/gitpod-io/gitpod/tree/master/install/gcp-terraform/environment/full

Best regards
Wulf