Reputation: 11
Gitlab DOCKER_AUTH_CONFIG with multiple robot accounts from the same registry
I use Harbor as a private Registry for my Docker images, and I store my images in different projects (ex: myproject1, myproject2, etc).
Then I create one robot account in my project "myproject1" and one robot account in "myproject2"
Finally, I use the DOCKER_AUTH_CONFIG variable in Gitlab to set up robot accounts, such as :
{
"auths": {
"myharborregistry/myproject1": {
"auth": "base64.... token 1 created in myproject1"
},
{
"myharborregistry/myproject2": {
"auth": "base64.... token 2 created in myproject2"
}
}
}
The problem is that with this configuration, Gitlab randomly takes one of the 2 authentications to pull the image in "myproject1"
As a result, my pipelines crash randomly (because Gitlab takes the robot account of "myproject2")
Do you have a solution to force the use of the right robot account depending on the project targeted?
Regards,
Jeremy
I tried with :
{
"auths": {
"myharborregistry/myproject1": {
"auth": "base64.... token 1 created in myproject1"
},
{
"myharborregistry/myproject2": {
"auth": "base64.... token 2 created in myproject2"
}
}
}
And I got "Permission denied" randomly.
Upvotes: 1
Views: 451
Answers (1)
Reputation: 5543
Harbor supports System wide robot accounts. (Since Version 2.4) This robot account can be used for multiple projects
Upvotes: 0
Related Questions
- From inside of a Docker container, how do I connect to the localhost of the machine?
- How to get a Docker container's IP address from the host
- How can GitLab Bot accounts use the dependency proxy?
- How to use multiple auths/ logins for same docker registry
- How to pull from multiple private registries with docker-compose?
- gitlab CE docker push to registry hosted in s3 fails with "denied: access forbidden"