Skip to content

DOCKER_AUTH_CONFIG doesn't work with multiple registries

Summary

Authentication settings for private registries are not applied when pulling a base image for the job if DOCKER_AUTH_CONFIG has more than one registry.

Steps to reproduce

  1. Add DOCKER_AUTH_CONFIG variable to Project-Settings-CI/CD { "auths": { "<first_registry>": { "auth": "<first_base64_token>" }, "<second_registry>": { "auth": "<second_base64_token>" } } }
.gitlab-ci.yml 
stages:
  - first
  - second

first:
    stage: first
    image: first_registry/image
    script: 
        echo $DOCKER_AUTH_CONFIG
        pwd
    tags:
    - run_docker

second:
    stage: second
    image: second_registry/image
    script: 
        echo $DOCKER_AUTH_CONFIG
        pwd
    tags:
    - run_docker

Actual behavior

Job can't pull base image and fails after 2 retries.

Expected behavior

Base image is pulled and executed

Relevant logs and/or screenshots

job log 
WARNING: Failed to pull image with policy "always": Error response from daemon: unauthorized: access to the requested resource is not authorized (manager.go:205:0s)
ERROR: Preparation failed: failed to pull image "first_registry/image" with specified policies [always]: Error response from daemon: unauthorized: access to the requested resource is not authorized (manager.go:205:0s)

Environment description

We use shared runners with Docker 20.10.7

config.toml contents (removed proxy-related variables) 
[[runners]]
name = "run01_docker"
pre_build_script = "[ ! -f $HOME/.docker/config.json ] && [ -w $HOME ] && ( mkdir -p $HOME/.docker/ && echo \"{ \\\"proxies\\\": { \\\"default\\\": 
{ \\\"httpProxy\\\": \\\"$http_proxy\\\", \\\"httpsProxy\\\": \\\"$https_proxy\\\", \\\"noProxy\\\": \\\"docker:2375,docker:2376,$no_proxy\\\" } 
} }\" > $HOME/.docker/config.json )"
output_limit = 8192
executor = "docker"
environment = ["DOCKER_DRIVER=overlay2"]
[runners.custom_build_dir]
[runners.docker]
tls_verify = false
image = "ubuntu:xenial"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock", "/home/coinop/.docker:/root/.docker", "/home/coinop/.m2:/home/coinop/.m2", "/home/coinop/.gradle:/home/coinop/.gradle"]
shm_size = 0
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]

Used GitLab Runner version

Running with gitlab-runner 13.12.0 (7a6612da)
  on run01_docker XPyy_c8y
Preparing the "docker" executor

-->

Possible fixes