CI/CD pulling registry images from multiple non-public projects

[Randall Smith]

Greetings,

I have several non-public project successfully building automatically to the Gitlab Registry through Gitlab CI. I want to pull those generated images on the docker hosts that will run them. I know that I can log in with `docker login -u gitlab-ci-token -p <project specific ci token> registry`. My problem is that I want to automatically pull multiple images from different projects.

Many docker orchestration tools (including the base docker app) only allow one to use a single set of credentials to pull images from a registry. I tried using the global token but, of course, that did not work. Making these projects public is a non-starter for a variety of reasons.

So to my actual question: Is there a built-in global credential that be used? Failing that, does it make sense to create an internal user that is added as a low privileged user (Reporter role?) to every docker project that will run on our infrastructure?

Thanks.

[Drew Blessing]

Hi Randall,

This problem is being discussed in https://gitlab.com/gitlab-org/gitlab-ce/issues/18994.