Docker push denied: requested access to the resource is denied

Please help fill in this template with all the details to help others help you more efficiently. Use formatting blocks for code, config, logs and ensure to remove sensitive data.

Problem to solve

Hi , I am new to GitLab and this forum - so please excuse me if go about the incorrect way finding a solution for my problem.

Since a few days, I am unable to push images in gitlab container registry.

Steps to reproduce

I have created de deploy token (Repository → Deploy token) with read_repository, read_registry, write_registry, read_package_registry, write_package_registry scopes.

docker pull registry,gitlab.com/my-group/my-sub-group/nginx:latest

Getting image source signatures
Copying blob 16eaaaf5f1c0 skipped: already exists  
Copying blob 5e845cc16269 [--------------------------------------] 0.0b / 11.1MiB (skipped: 0.0b = 0.00%)
Copying blob 3c854c8cbf46 skipped: already exists  
Copying blob 5e845cc16269 [=>------------------------------------] 725.6KiB / 11.1MiB | 206.9 MiB/s
Copying blob b407bcc80638 skipped: already exists  
Copying blob a0fbd691d7c1 skipped: already exists  
Copying blob da33b1ad0ac4 skipped: already exists  
Copying blob 1cf175353448 [--------------------------------------] 0.0b / 302.0b (skipped: 0.0b = 0.00%)
Copying blob 1cf175353448 done   | 
Copying blob 6d537a74f034 [--------------------------------------] 0.0b / 370.0b (skipped: 0.0b = 0.00%)
Copying blob 6d537a74f034 done   | 
Copying blob 87bd6401ed06 [--------------------------------------] 0.0b / 8.5MiB (skipped: 0.0b = 0.00%)
Copying blob 87bd6401ed06 [--------------------------------------] 0.0b / 8.5MiB | 0.0 b/s
Copying blob f5acecbf4173 [--------------------------------------] 0.0b / 442.0b (skipped: 0.0b = 0.00%)
Copying blob f5acecbf4173 done   | 
Copying blob de5d475193dd skipped: already exists  
Copying blob 0e4ff09d5351 [--------------------------------------] 0.0b / 1.2KiB (skipped: 0.0b = 0.00%)
Copying blob 0e4ff09d5351 [--------------------------------------] 0.0b / 1.2KiB | 0.0 b/s

but docker push registry,gitlab.com/my-group/my-sub-group/nginx:latest

The push refers to repository [registry.gitlab.com/my-group/my-sub-group/nginx]
2883002ec21d: Preparing 
c8beeff22ce7: Preparing 
714f56238fb5: Preparing 
f33e343848bd: Preparing 
4cb10dd2545b: Preparing 
d2d7ec0f6756: Waiting 
1a73b54f556b: Waiting 
e624a5370eca: Waiting 
d52f02c6501c: Waiting 
ff5700ec5418: Waiting 
7bea6b893187: Waiting 
6fbdf253bbc2: Waiting 
54ad2ec71039: Waiting 
denied: requested access to the resource is denied

It was working previously.

Configuration

image1365×130 15.5 KB

image1486×378 28.1 KB

image1513×822 90.6 KB

Versions

Please select whether options apply, and add the version information.

• Self-managed
• GitLab.com SaaS

I am using the latest (v17.2) SaaS free version of Gitlab.

Any advice will be appreciated.

Hi there,

Is there a specific reason why you use deploy tokens instead of CI_REGISTRY_USER?

I would suggest you to use CI_REGISTRY_USER and CI_REGISTRY_PASSWORD to authenticate with the registry, as suggested by the official docs.

Hi paula.kokic I have tried with CI_REGISTREY_USER and CI_REGISTRY_PASSWORD and I’ve got this error:

Executing "step_script" stage of the job script
00:01
$ mkdir -p /kaniko/.docker
$ echo "{\"auths\":{\"${GITLAB_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
$ cat /kaniko/.docker/config.json
{"auths":{"registry.gitlab.com":{"auth":"Z2l0bGFiLWNpLXRva2VuOnRoaXMtaXMtYS1mYWtlLXRva2VuCg=="}}}
$ /kaniko/executor  --context $CI_PROJECT_DIR  --skip-tls-verify  --dockerfile ./Dockerfile  --destination $GITLAB_REGISTRY/$GITLAB_REPO_FOLDER/$MICRO_SERVICE_NAME:$CI_COMMIT_SHORT_SHAExecuting "step_script" stage of the job script
00:01
$ mkdir -p /kaniko/.docker
$ echo "{\"auths\":{\"${GITLAB_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
$ cat /kaniko/.docker/config.json
{"auths":{"registry.gitlab.com":{"auth":"Z2l0bGFiLWNpLXRva2VuOnRoaXMtaXMtYS1mYWtlLXRva2VuCg=="}}}
$ /kaniko/executor  --context $CI_PROJECT_DIR  --skip-tls-verify  --dockerfile ./Dockerfile  --destination $GITLAB_REGISTRY/$GITLAB_REPO_FOLDER/$MICRO_SERVICE_NAME:$CI_COMMIT_SHORT_SHA
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "registry.gitlab.com/my-group/my-sub-group/nginx:latest": POST https://registry.gitlab.com/my-group/my-sub-group/nginx:latest/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:my-group/my-sub-group/nginx ProjectPath: Type:repository] map[Action:push Class: Name:my-group/my-sub-group/nginx: ProjectPath: Type:repository]]
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: command terminated with exit code 1
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "registry.gitlab.com/my-group/my-sub-group/nginx:latest": POST https://registry.gitlab.com/my-group/my-sub-group/nginx:latest/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:my-group/my-sub-group/nginx ProjectPath: Type:repository] map[Action:push Class: Name:my-group/my-sub-group/nginx ProjectPath: Type:repository]]
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: command terminated with exit code 1

Even with the CI_* variables the pipeline fails.

I was trying to push an image in the wrong repostory.

It’s solved now!