diff --git a/templates/gitlab-ci-docker-ecr.yml b/templates/gitlab-ci-docker-ecr.yml
index 3a6356ad5670c8f9185a2806c3a89bd2bf50d3fd..bab5a596a110d1ac92f87ce2f800480cdacec13c 100644
--- a/templates/gitlab-ci-docker-ecr.yml
+++ b/templates/gitlab-ci-docker-ecr.yml
@@ -42,12 +42,12 @@ variables:
   AWS_SNAPSHOT_OIDC_ROLE_ARN: $[[ inputs.aws-snapshot-oidc-role-arn ]]
   AWS_RELEASE_OIDC_ROLE_ARN: $[[ inputs.aws-release-oidc-role-arn ]]
 
+.docker-services:
+  .variant0:
+    name: "$TBC_AWS_PROVIDER_IMAGE"
+    alias: "aws-auth-provider"
+
 .docker-base:
-  services:
-    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "8.0.6"]
-    - name: "$TBC_AWS_PROVIDER_IMAGE"
-      alias: "aws-auth-provider"
   id_tokens:
     # required for OIDC auth
     AWS_JWT:
diff --git a/templates/gitlab-ci-docker-gcp.yml b/templates/gitlab-ci-docker-gcp.yml
index 862e33554d6084ac2aef87bff9d117dcd81c657e..e0261b800372feae242b4e95e45feee142583f0e 100644
--- a/templates/gitlab-ci-docker-gcp.yml
+++ b/templates/gitlab-ci-docker-gcp.yml
@@ -40,13 +40,13 @@ variables:
   GCP_SNAPSHOT_OIDC_PROVIDER: $[[ inputs.gcp-snapshot-oidc-provider ]]
   GCP_RELEASE_OIDC_ACCOUNT: $[[ inputs.gcp-release-oidc-account ]]
   GCP_RELEASE_OIDC_PROVIDER: $[[ inputs.gcp-release-oidc-provider ]]
-  
+
+.docker-services:
+  .variant0:
+    name: "$TBC_GCP_PROVIDER_IMAGE"
+    alias: "gcp-auth-provider"
+
 .docker-base:
-  services:
-    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "8.0.6"]
-    - name: "$TBC_GCP_PROVIDER_IMAGE"
-      alias: "gcp-auth-provider"
   variables:
     #  have to be explicitly declared in the YAML to be exported to the service
     GCP_JWT: $GCP_JWT
diff --git a/templates/gitlab-ci-docker-vault.yml b/templates/gitlab-ci-docker-vault.yml
index e5f71c246f77913cf78164f1a7dae8a1dbde652e..8bd82bc631d1012751aa8517173e398aa2242898 100644
--- a/templates/gitlab-ci-docker-vault.yml
+++ b/templates/gitlab-ci-docker-vault.yml
@@ -19,14 +19,14 @@ variables:
   VAULT_SECRET_ID: "$VAULT_SECRET_ID"
   VAULT_OIDC_AUD: $[[ inputs.vault-oidc-aud ]]
 
+.docker-services:
+  .variant1:
+    name: "$TBC_VAULT_IMAGE"
+    alias: "vault-secrets-provider"
+    variables:
+      SKIP_SSL: "false"
+
 .docker-base:
-  services:
-    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "8.0.6"]
-    - name: "$TBC_VAULT_IMAGE"
-      alias: "vault-secrets-provider"
-      variables:
-        SKIP_SSL: "false"
   variables:
     VAULT_JWT_TOKEN: "$VAULT_JWT_TOKEN"
     VAULT_CA_CERTS: |
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index db86b748293b91fbb5ddc3e2884fc746ff2a8899..89ff2ad9d6e3fbfd78f625ed06619307b554eb5a 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -990,10 +990,32 @@ stages:
 
   # ENDSCRIPT
 
+.docker-services:
+  # for variants
+  .variant0:
+    name: "$TBC_DISABLED_IMAGE"
+  .variant1:
+    name: "$TBC_DISABLED_IMAGE"
+  .variant2:
+    name: "$TBC_DISABLED_IMAGE"
+  # for project
+  service0:
+    name: "$TBC_DISABLED_IMAGE"
+  service1:
+    name: "$TBC_DISABLED_IMAGE"
+  service2:
+    name: "$TBC_DISABLED_IMAGE"
+
 .docker-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
       command: ["--service", "docker", "8.0.6"]
+    - !reference [.docker-services, .variant0]
+    - !reference [.docker-services, .variant1]
+    - !reference [.docker-services, .variant2]
+    - !reference [.docker-services, service0]
+    - !reference [.docker-services, service1]
+    - !reference [.docker-services, service2]
   before_script:
     - !reference [.docker-scripts]
 
@@ -1039,6 +1061,12 @@ stages:
           if [[ -n "${_CUSTOM_CA_CERTS:-$_DEFAULT_CA_CERTS}" ]]; then echo "${_CUSTOM_CA_CERTS:-$_DEFAULT_CA_CERTS}" | tr -d '\r' >> /etc/ssl/certs/ca-certificates.crt; fi || exit
           if [[ -n "${_TRACE}" ]]; then echo "Here is the list of all CAs that are trusted by the Docker daemon:"; cat /etc/ssl/certs/ca-certificates.crt; fi
           if [[ -n "${DOCKER_REGISTRY_MIRROR}" ]]; then dockerd-entrypoint.sh --registry-mirror ${DOCKER_REGISTRY_MIRROR}; else dockerd-entrypoint.sh; fi || exit
+    - !reference [.docker-services, .variant0]
+    - !reference [.docker-services, .variant1]
+    - !reference [.docker-services, .variant2]
+    - !reference [.docker-services, service0]
+    - !reference [.docker-services, service1]
+    - !reference [.docker-services, service2]
   cache:
     - key: "$CI_COMMIT_REF_SLUG-docker"
       paths: