Why can't I use the DOCKER_AUTH_CONFIG specified in my runner during CI

We are using the helm chart to bring our own runner and we have a custom image that we use by default in a private registry. To make this work we specified DOCKER_AUTH_CONFIG in our values.yml and this works fine.

However, when I try to build an image during CI using another image from this registry I get

ERROR: failed to fetch anonymous token: unexpected status: 403 Forbidden
failed to solve with frontend dockerfile.v0: failed to build LLB: failed to load cache key: failed to fetch anonymous token: unexpected status: 403 Forbidden

When I add an explicit login to the registry during build this works. Is it expected that I cannot use the runners authorization or do I need to do something to make this work? Run your CI/CD jobs in Docker containers | GitLab does suggest it should just work :tm: .

Hi @roelandvanbatenburg

The link you are reffering to is only for Docker executor, not for Kubernetes executor.

For Kubernetes executor you need to define image_pull_secrets in your config.toml. Here is how to define config.toml for Kubernetes executor. Please refer to The Kubernetes executor | GitLab for available configuration options

Of course, you need to create the secrets in Kubernetes. Here is how.