HashiCorp Developer AI Private beta now available Sign up today
Waypoint
Waypoint Home

Disable the Waypoint Entrypoint

Warning

This content is part of the legacy version of Waypoint that is no longer actively maintained. For additional information on the new vision of Waypoint, check out this blog post and the HCP Waypoint documentation.

The entrypoint can be disabled by disabling build-time injection or by setting a runtime variable in already-built artifacts. The former can be used to prevent the Waypoint from ever being used by a deployment. The latter can be used to disable the entrypoint in deployments that already have it installed.

If the entrypoint is disabled, all functionality that requires the entrypoint will stop functioning for that deployment. If other deployments, apps, etc. use the entrypoint, the entrypoint functionality will work for those deployments and apps.

Disable at Runtime

You can disable the entrypoint at runtime by setting the WAYPOINT_CEB_DISABLE environment variable to a truthy value (e.g. "1").

This environment variable is checked immediately on entrypoint startup. If the value is true, then the entrypoint will immediately execute the child process. The entrypoint will not attempt to even connect to the server and will not use any network or disk resources.

This approach allows you to always inject the entrypoint in case you want to use it in the future, but to disable it completely until then.

Disable at Build

The entrypoint can be disabled by preventing it from being installed or injected in the first place.

For builders that support automatic injection, they should offer some configuration to disable this behavior. For example, if you're using the "docker" builder you can set the disable_entrypoint configuration:

app "my-app" {
  build {
    use "docker" {
      disable_entrypoint = true
    }
  }

  # ...
}

For builders that do not support automatic injection, you must manually alter your build scripts to prevent entrypoint installation.

Disabling Specific Features

Exec

You can disable only the waypoint exec functionality by setting the WAYPOINT_CEB_DISABLE_EXEC environment variable to a truthy value (e.g. "1"). Other entrypoint features such as logs, application config, etc. will continue to work.

This environment variable must be set before the entrypoint starts. Therefore, it cannot be set with application configuration. It must be set at build time or by using functionality of your deployment plugin.

The example below shows how to set this using the Kubernetes plugin:

deploy {
  use "kubernetes" {
    static_environment = {
      "WAYPOINT_CEB_DISABLE_EXEC" = "1"
    }
  }
}

When exec is disabled, the entrypoint will not allow waypoint exec to target that specific instance. If there are other instances running without the environment variable set (such as from a previous deployment), those may still be targeted.

This environment variable only disables entrypoint-based exec. For some plugins, waypoint exec works without the Waypoint entrypoint. For example, the AWS Lambda plugin launches a just-in-time instance for exec that doesn't use the entrypoint. This environment variable will have no effect on this functionality.

Edit this page on GitHub