Accessing multiple Gitlab docker registries with deploy token is not working
Summary
With docker registry enabled on multiple projects and using deploy tokens to access them we need a deploy token per project.
Issuing a docker login registry.gitlab.com
with first project token, will grant us access to the first project registry.
A docker pull on the second registry won't work as the token is project specific.
A new docker login registry.gitlab.com
won't ask for credentials as they are already provided, therefore it's impossible to use deploy tokens to pull docker images from multiple Gitlab projects.
Steps to reproduce
- Create a first project "project 1"
- Enable docker registry
- Push a docker image into it (using Gitlab CI)
- Create a docker deploy token
- Issue
docker login registry.gitlab.com
- Pull an image from project 1 registry. Confirm this is working
- Create a second project "project 2"
- Enable docker registry
- Push a docker image into it (using Gitlab CI)
- Create a docker deploy token
- issue
docker login registry.gitlab.com
, this wont ask for credentials as they are already provided - pull an image from project 2 registry. You will get a
Error response from daemon: pull access denied for registry.gitlab.com/xxxxx
What is the current bug behavior?
It's impossible to use project deploy tokens to access multiple Gitlab docker registries
What is the expected correct behavior?
Enable access to multiple Gitlab registries with one deploy token.
Creating a global deploy token that would grant access to all the Gitlab docker registries from a specific group