How to set up DigitalOcean Private Container Registry & Gitlab CE CI/CD

Hey guys,

does anybody have a glue how to set up the new DigitalOcean Private Docker Registry with CI/CD of Gitlab CE?

I currently use Gitlab CE CI/CD to deploy application(s) onto my DigitalOcean Kubernetes Cluster, but I would now also to integrate this new Docker Container Registry of DO. Currently using a private registry, which is on my Gitlab CE droplet - but I’m facing performance issues from time to time.

Please let me know, if someone is having a solution.

DO rocks - incredible the range of products which they provide by now …a couple of years ago it was only droplets and dns :)

Thanks, Olli

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi Olli,

Thanks for your questions!

In order to setup any CI/CD job to push or pull images from a private DO container registry, you first need to have the docker credentials for authentication. Here’s a simple way of authenticating the docker client to interact with the DigitalOcean Container registry:

  1. Obtain an API token from the DigitalOcean control panel by navigating to the API section. Copy and store the generated token to be used later.
  2. Before the docker push/pull job in the Gitlab CI config, execute docker login -u <API_TOKEN> -p <API_TOKEN> The API token can be passed as a secret or an environment variable.

For a Kubernetes cluster to pull images from the private registry, you’d need to create a docker registry Secret in the cluster with the docker config. Here’s how you can set up the secret in the namespace of your choice:

kubectl create secret docker-registry \
        docr \
        --docker-server= \
        --docker-username=API_TOKEN \

Once you create the above secret, you can specify the imagePullSecrets configuration in the pod spec like below:

apiVersion: v1
kind: Pod
  name: private-reg
  - name: private-reg-container
    image: <your-private-image>
  - name: docr

If you would like all pods in the namespace to pull from DOCR, then, you can specify the imagePullSecrets configuration on the default service account in that namespace:

apiVersion: v1
kind: ServiceAccount
  name: default
  namespace: default
- name: docr

If you’re familiar with doctl and have it setup as part of your CI environment, this post walks you through authenticating with DOCR using doctl and setting up your Kubernetes cluster to work with DOCR. We are currently working on providing a simpler way to pull images from DOCR onto your Kubernetes clusters and this will be made available soon.

The Gitlab documentation has a Requirements section which specifies the resource limits for the droplet and how much memory and CPU to allocate for the droplet. If you have already done this and are still experiencing problems with the droplet, I suggest reaching out to and specifying the problems you’re facing in detail.

Thank you for using DigitalOcean. Hope this helps!