Gitlab CICD - denied when I push image into container registry

Question

I am using gitlab.com ci/cd to push images into gitlab registry. I had 2 repositories already and pushing images into registries as registry.gitlab.com/group1/project1 and registry.gitlab.com/group1/project2.

Now I have another 2 repos up and running. I want to run CI/CD for the new projects. I also want to push images into different registries and names them as follows : registry.gitlab.com/group2/project1 and registry.gitlab.com/group2/project2 And I am getting following error:

denied: requested access to the resource is denied

Does free gitlab provide only 2 registries? Do I need to pay to create more registries ?

Answer 1

The example .gitlab-ci.yml below is to lint, build, test, and tag container images for your GitLab project into the matching image registry. Before you can interact with your image registry, you need to login, see the docker login lines, and the GitLab CI Runner uses a generated token for this, but only matches the current project. And also only when you have enabled the Container Registry in the Setting -> General section

---
image: docker:latest

services:
  - docker:dind

stages:
  - verify
  - build
  - test
  - release

variables:
  CI_DOCKER_IMAGE:  ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
  CI_DOCKER_TAG:    ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
  CI_DOCKER_BRANCH: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}
  CI_DOCKER_LATEST: ${CI_REGISTRY_IMAGE}:latest

Docker lint:
  stage: verify
  image: projectatomic/dockerfile-lint
  script:
    - dockerfile_lint -p -f Dockerfile

Docker build:
  stage: build
  before_script:
    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
  script:
    - docker build --pull -t ${CI_DOCKER_IMAGE} .
    - docker push ${CI_DOCKER_IMAGE}

Docker test:
  stage: test
  before_script:
    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
  script:
    - docker pull ${CI_DOCKER_IMAGE}
    - docker run ${CI_DOCKER_IMAGE} /path/to/test.sh

Release branch:
  stage: release
  before_script:
    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
  script:
    - docker pull ${CI_DOCKER_IMAGE}
    - docker tag ${CI_DOCKER_IMAGE} ${CI_DOCKER_BRANCH}
    - docker push ${CI_DOCKER_BRANCH}
  only:
    - branches
  except:
    - master

Release tag:
  stage: release
  before_script:
    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
  script:
    - docker pull ${CI_DOCKER_IMAGE}
    - docker tag ${CI_DOCKER_IMAGE} ${CI_DOCKER_TAG}
    - docker push ${CI_DOCKER_TAG}
  only:
    - tags

Release latest:
   stage: release
   before_script:
     - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
   script:
     - docker pull ${CI_DOCKER_IMAGE}
     - docker tag ${CI_DOCKER_IMAGE} ${CI_DOCKER_LATEST}
     - docker push ${CI_DOCKER_LATEST}
   only:
     - master

If you want to push to an image registry other than the default registry that comes with your project, then you should provide the credentials to the CI/CD -> Variables section. Also, .gitlab-ci.yml should be modified to have the correct registry, username and accesstoken variables in the YAML file.