It took me too much time to not share this. When using Gitlab access tokens to allow Microk8s to access the registry of you Gitlab instance, there is no documented procedure regarding the authentication. After fiddling around with this, I got the crucial hint from DeepSeek.
The solution is to copy over a working config.json to one member of the k8s cluster.
sudo mkdir -p /var/snap/microk8s/current/.docker/
mv ~/config.json /var/snap/microk8s/current/.docker/
sudo chmod 600 /var/snap/microk8s/current/.docker/config.json
After that, a hosts.toml file in the correct path needs to be created.
mkdir -p "/var/snap/microk8s/current/args/certs.d/${GITLAB_HOST}:${GITLAB_PORT}"
cat > "/var/snap/microk8s/current/args/certs.d/${GITLAB_HOST}:${GITLAB_PORT}/hosts.toml" << EOF
server = "https://${GITLAB_HOST}:${GITLAB_PORT}"
[host."https://${GITLAB_HOST}:${GITLAB_PORT}"]
capabilities = ["pull", "resolve", "push"]
skip_verify = false
EOF
And then the cluster needs a restart to apply the changes.
The approach to move the authentication from hosts.toml to a config.json is not documented in the microk8s documentation. I found several pages where people with the same scenario where looking for help, but not a single working answer. The LLM saved the day.