I know this discussion is a bit old now, but I am running into the same issue.
I wish i was able to use my project’s gitlab-deploy-token for image pull secrets and have it also be able to access the registries of all internal projects, but alas, it does not work.
Potential solutions.
- use a project access token, which is long lived AND is able to access all internal project registries BUT it looks like soon (16.0) these tokens will have a mandatory expiry and that would randomly break the image pull secret at some future data, which would force me to redeploy apps on a scheduled basis. That has the potential to get messy (eg need to make sure the scheduled job is always going against the latest tag or risk accidentally rolling back the app)
- set up multiple deploy secrets as image pull secrets (one per repository from where images need to be pulled) BUT this means i have to manage and copy/paste umpteen secrets to umpteen projects’ CI variables