Feature: HA option for building harness config containers
Context
The current scion build / harness config container build feature relies on a local Docker daemon. This works in single-node deployments but is incompatible with HA (multi-replica hub) deployments where:
- Replicas may not have access to a local Docker daemon
- Build artifacts from one replica are not available to others
- A centralized, repository-backed build is needed for consistency
Proposed Solution for HA Mode
- Cloud Build integration: When running in HA mode, delegate container builds to GCP Cloud Build rather than local Docker. This avoids requiring a Docker daemon on hub replicas.
- Push to configured repository: After a successful build, the resulting image must be pushed to the configured container registry (e.g.
gcr.io/<project>/<image> or ghcr.io/<org>/<image>) so all hub replicas can pull it.
Behavior Split
| Mode |
Build mechanism |
Image availability |
| Single-node / local |
Existing local Docker build (unchanged) |
Local daemon only |
| HA mode |
GCP Cloud Build |
Pushed to configured registry, available to all replicas |
Requirements to Consider
- Auth: Cloud Build requires a service account with Cloud Build Editor + Artifact Registry Writer (or equivalent)
- Registry config: The target registry/repo must already be configured in hub settings
- Status feedback: Cloud Build is async — hub needs to poll build status and surface progress/errors to the user
- Cost/quota: Cloud Build has per-minute pricing; this should be documented in the feature
Feature: HA option for building harness config containers
Context
The current
scion build/ harness config container build feature relies on a local Docker daemon. This works in single-node deployments but is incompatible with HA (multi-replica hub) deployments where:Proposed Solution for HA Mode
gcr.io/<project>/<image>orghcr.io/<org>/<image>) so all hub replicas can pull it.Behavior Split
Requirements to Consider