Can't push or pull to registry
Summary
Error when trying to pull or push from registry using project access token or personal access token.
Steps to reproduce
k8s@master-node:~$ docker login registry.MySite.com
Username: k8s
Password:
WARNING! Your password will be stored unencrypted in /home/k8s/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
k8s@master-node:~$ docker pull Registry.MySite.com/v2/group/group/project/build:latest
Error response from daemon: Get https://Registry.MySite.com/v2/group/group/project/build/manifests/latest: denied: access forbidden
k8s@master-node:~$ docker push Registry.MySite.com/group/group/project/build:test
The push refers to repository [Registry.MySite.com/group/group/project/build]
fd1ee66b9061: Preparing
0d26c19ac5ee: Preparing
2042670800fe: Preparing
33e08d3a058c: Preparing
97d57a09e1fe: Preparing
7c994156cf98: Waiting
26e4b74318a7: Waiting
3740dcce90ca: Waiting
50644c29ef5a: Waiting
denied: access forbidden
k8s@master-node:~$
Example Project
n/a
What is the current bug behavior?
denied: access forbidden
What is the expected correct behavior?
That is gives me access
Howerver this works correctly using CI from my dind worker
$ docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
Login Succeeded
.
.
.
$ docker push $CI_REGISTRY/group/group/project/build:latest
The push refers to repository [Registry.MySite.com/group/group/project/build]
c5977e2dd543: Preparing
2e5ef0da4c8e: Preparing
cb9c9960b86e: Preparing
7ad9cba4fe41: Preparing
ada273a98080: Preparing
e5367b78c3d7: Preparing
26e4b74318a7: Preparing
3740dcce90ca: Preparing
50644c29ef5a: Preparing
26e4b74318a7: Waiting
3740dcce90ca: Waiting
50644c29ef5a: Waiting
e5367b78c3d7: Waiting
c5977e2dd543: Layer already exists
ada273a98080: Layer already exists
7ad9cba4fe41: Layer already exists
cb9c9960b86e: Layer already exists
2e5ef0da4c8e: Layer already exists
e5367b78c3d7: Layer already exists
26e4b74318a7: Layer already exists
3740dcce90ca: Layer already exists
50644c29ef5a: Layer already exists
latest: digest: sha256:23d635b4340a51c31dd9bd421602f158035275f407e760f39e9b354b5c2f82e3 size: 2209
Job succeeded
Relevant logs and/or screenshots
Output of checks
n/a
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: Ubuntu 16.04 Proxy: no Current User: git Using RVM: no Ruby Version: 2.6.6p146 Gem Version: 2.7.10 Bundler Version:1.17.3 Rake Version: 12.3.3 Redis Version: 5.0.9 Git Version: 2.28.0 Sidekiq Version:5.2.9 Go Version: unknown GitLab information Version: 13.4.0-ee Revision: e70802d39ca Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 11.7 URL: https://GitLab.MySite.com HTTP Clone URL: https://GitLab.MySite.com/some-group/some-project.git SSH Clone URL: git@GitLab.MySite.com:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 13.7.0 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab subtasks ...
Checking GitLab Shell ...
GitLab Shell: ... GitLab Shell version >= 13.7.0 ? ... OK (13.7.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Gitaly ...
Gitaly: ... default ... OK
Checking Gitaly ... Finished
Checking Sidekiq ...
Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Incoming Email ...
Incoming Email: ... Reply by email is disabled in config/gitlab.yml
Checking Incoming Email ... Finished
Checking LDAP ...
LDAP: ... LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab App ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 3/2 ... yes 4/3 ... yes 3/5 ... yes 4/6 ... yes 3/7 ... yes 4/8 ... yes 8/9 ... yes 3/10 ... yes 3/11 ... yes 3/12 ... yes 4/13 ... yes 24/14 ... yes 4/15 ... yes 24/16 ... yes 31/17 ... yes 2/18 ... yes 25/19 ... yes 24/20 ... yes 31/21 ... yes 3/22 ... yes 4/23 ... yes 4/24 ... yes 4/25 ... yes 8/26 ... yes 31/27 ... yes 4/28 ... yes 4/29 ... yes 25/30 ... yes 4/31 ... yes 4/32 ... yes 4/33 ... yes 31/34 ... yes 2/35 ... yes 8/36 ... yes 4/37 ... yes 3/38 ... yes Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.6) Git version >= 2.24.0 ? ... yes (2.28.0) Git user has default SSH configuration? ... yes Active users: ... 19 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Elasticsearch version 6.x - 7.x? ... skipped (elasticsearch is disabled)
Checking GitLab App ... Finished
Checking GitLab subtasks ... Finished