Hi,
we are running GitLab for a while now without any issue regarding to the Docker Runners. But recently we run into docker hubs rate limits. I discussed with my colleague what our options are. We came up with the idea to use our GitLabs Registry as a Registry Mirror. This could reduces any overhead that we might have with all other solutions - so we wanted to give it a shot.
So our setup is pretty simple:
We are running gitlab and the gitlab runner as a docker container. I then configured the Registry Mirror on the host system as described here Registry as a pull through cache | Docker Documentation.
cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.example.com"]
}
After that it was a matter of restarting docker then verifying it with the following command
docker info
[...]
Registry Mirrors:
https://registry.example.com/
Looks like everything is in order.
I spun up docker logs -f gitlab to see any possible logs regarding the registry and did a docker pull node:latest. As expected everything worked.
Now here is the actual problem: If I use a docker image in the CI/CD pipeline I can see that pulling the image failed due to a unauthorized request.
==> /var/log/gitlab/gitlab-rails/production.log <==
Started GET "/jwt/auth?scope=repository%3Alibrary%2Fnode%3Apull&service=container_registry" for <ip> at 2021-02-04 07:12:39 +0000
Processing by JwtController#auth as HTML
Parameters: {"scope"=>"repository:library/node:pull", "service"=>"container_registry"}
Completed 403 Forbidden in 24ms (Views: 0.4ms | ActiveRecord: 1.8ms | Elasticsearch: 0.0ms | Allocations: 6107)
I would love to hear what you guys think about my approach.
Thanks a lot for your time
- tuna