How to set up DigitalOcean Private Container Registry & Gitlab CE CI/CD

Posted September 16, 2020 2.4k views
DockerCI/CDDigitalOcean Managed Kubernetes

Hey guys,

does anybody have a glue how to set up the new DigitalOcean Private Docker Registry with CI/CD of Gitlab CE?

I currently use Gitlab CE CI/CD to deploy application(s) onto my DigitalOcean Kubernetes Cluster, but I would now also to integrate this new Docker Container Registry of DO. Currently using a private registry, which is on my Gitlab CE droplet - but I’m facing performance issues from time to time.

Please let me know, if someone is having a solution.

DO rocks - incredible the range of products which they provide by now …a couple of years ago it was only droplets and dns :)


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi Olli,

Thanks for your questions!

In order to setup any CI/CD job to push or pull images from a private DO container registry, you first need to have the docker credentials for authentication. Here’s a simple way of authenticating the docker client to interact with the DigitalOcean Container registry:

  1. Obtain an API token from the DigitalOcean control panel by navigating to the API section. Copy and store the generated token to be used later.
  2. Before the docker push/pull job in the Gitlab CI config, execute docker login -u <API_TOKEN> -p <API_TOKEN> The API token can be passed as a secret or an environment variable.

For a Kubernetes cluster to pull images from the private registry, you’d need to create a docker registry Secret in the cluster with the docker config. Here’s how you can set up the secret in the namespace of your choice:

kubectl create secret docker-registry \
        docr \
        --docker-server= \
        --docker-username=API_TOKEN \

Once you create the above secret, you can specify the imagePullSecrets configuration in the pod spec like below:

apiVersion: v1
kind: Pod
  name: private-reg
  - name: private-reg-container
    image: <your-private-image>
  - name: docr

If you would like all pods in the namespace to pull from DOCR, then, you can specify the imagePullSecrets configuration on the default service account in that namespace:

apiVersion: v1
kind: ServiceAccount
  name: default
  namespace: default
- name: docr

If you’re familiar with doctl and have it setup as part of your CI environment, this post walks you through authenticating with DOCR using doctl and setting up your Kubernetes cluster to work with DOCR. We are currently working on providing a simpler way to pull images from DOCR onto your Kubernetes clusters and this will be made available soon.

The Gitlab documentation has a Requirements section which specifies the resource limits for the droplet and how much memory and CPU to allocate for the droplet. If you have already done this and are still experiencing problems with the droplet, I suggest reaching out to and specifying the problems you’re facing in detail.

Thank you for using DigitalOcean. Hope this helps!