New Pipeline for TAG ends in: Insufficient permissions for protected ref '2.20'

We use the internal Docker Registry to push our MASTER and TEST Branches. This works fine.

To be more flexible, we want our Customers to pull specific Versions (ie. docker pull registry/group/project:2.21 to get the version 2.21)

We tried to run a Pipeline on the Tag 2.21 but all we get is Insufficient permissions for protected ref '2.20'

There is a Branch called 2.21 and it is protected, as development has been ended on that Branch. Even if we unprotect it, we couldnt create a Pipeline for it.

What would be the best Way to get Versions into the Registry? We have LATEST and TEST in our .gitlab-ci.yml and that Versions can be pulled. Do we have to put every single Version in that File?