0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-06 22:40:28 -05:00

README: update README.md

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
This commit is contained in:
Ramkumar Chinchani 2022-01-29 02:21:58 +00:00 committed by Ramkumar Chinchani
parent 38a110314b
commit b800c5f20a
2 changed files with 102 additions and 26 deletions

125
README.md
View file

@ -1,32 +1,45 @@
# zot [![build-test](https://github.com/project-zot/zot/actions/workflows/ci-cd.yml/badge.svg?branch=main)](https://github.com/project-zot/zot/actions/workflows/ci-cd.yml) [![codecov.io](http://codecov.io/github/project-zot/zot/coverage.svg?branch=main)](http://codecov.io/github/project-zot/zot?branch=main) [![Conformance Results](https://github.com/project-zot/zot/workflows/conformance/badge.svg)](https://github.com/project-zot/zot/actions?query=workflow%3Aconformance) [![CodeQL](https://github.com/project-zot/zot/workflows/CodeQL/badge.svg)](https://github.com/project-zot/zot/actions?query=workflow%3ACodeQL) # zot [![build-test](https://github.com/project-zot/zot/actions/workflows/ci-cd.yml/badge.svg?branch=main)](https://github.com/project-zot/zot/actions/workflows/ci-cd.yml) [![codecov.io](http://codecov.io/github/project-zot/zot/coverage.svg?branch=main)](http://codecov.io/github/project-zot/zot?branch=main) [![Conformance Results](https://github.com/project-zot/zot/workflows/conformance/badge.svg)](https://github.com/project-zot/zot/actions?query=workflow%3Aconformance) [![CodeQL](https://github.com/project-zot/zot/workflows/CodeQL/badge.svg)](https://github.com/project-zot/zot/actions?query=workflow%3ACodeQL)
**zot** is a vendor-neutral OCI image registry server purely based on **zot**: a production-ready vendor-neutral OCI image registry - images stored in [OCI image format](https://github.com/opencontainers/image-spec), [distribution specification](https://github.com/opencontainers/distribution-spec) on-the-wire, that's it!
[OCI Distribution Specification](https://github.com/opencontainers/distribution-spec).
https://zotregistry.io https://zotregistry.io
[```docker pull ghcr.io/project-zot/zot:latest```](https://github.com/project-zot/zot/pkgs/container/zot) [```docker pull ghcr.io/project-zot/zot-linux-amd64:latest```](https://github.com/project-zot/zot/pkgs/container/zot)
[```docker run -p 5000:5000 ghcr.io/project-zot/zot:latest```](https://github.com/project-zot/zot/pkgs/container/zot) [```docker run -p 5000:5000 ghcr.io/project-zot/zot-linux-amd64:latest```](https://github.com/project-zot/zot/pkgs/container/zot)
[**Why zot?**](COMPARISON.md) **Check the [package repository](https://github.com/orgs/project-zot/packages?repo_name=zot) for your os/arch**
## [**Why zot?**](COMPARISON.md)
## What's new?
* Supports container image signatures - [cosign](https://github.com/sigstore/cosign) and [notation](https://github.com/notaryproject/notation)
* Multi-arch support
# Features # Features
* Conforms to [OCI distribution spec](https://github.com/opencontainers/distribution-spec) APIs * Conforms to [OCI distribution spec](https://github.com/opencontainers/distribution-spec) APIs
* Clear separation between core dist-spec and zot-specific extensions * Clear separation between core dist-spec and zot-specific extensions
* ```make binary-minimal``` builds a dist-spec-only zot * ```make binary-minimal``` builds a dist-spec-only zot
* ```make binary``` builds a zot with all extensions enabled * ```make binary``` builds a zot with all extensions enabled
**Check [released binaries](https://github.com/project-zot/zot/releases) for your os/arch**
* Uses [OCI image layout](https://github.com/opencontainers/image-spec/blob/master/image-layout.md) for image storage * Uses [OCI image layout](https://github.com/opencontainers/image-spec/blob/master/image-layout.md) for image storage
* Can serve any OCI image layout as a registry * Can serve any OCI image layout as a registry
* Supports container image signatures - [cosign](https://github.com/sigstore/cosign) and [notation](https://github.com/notaryproject/notation) * Supports container image signatures - [cosign](https://github.com/sigstore/cosign) and [notation](https://github.com/notaryproject/notation)
* Supports [helm charts](https://helm.sh/docs/topics/registries/) * Supports [helm charts](https://helm.sh/docs/topics/registries/)
* Behavior controlled via [configuration](./examples/README.md) * Behavior controlled via [configuration](./examples/README.md)
* Supports `amd64` (Intel, AMD, etc) and `arm64` (ARM servers, Raspberry PI 4, etc) architectures * Supports multi-arch
| OS | Arch | Use Case |
| --- | --- | --- |
| linux | amd64 | Intel-based Linux platforms |
| linux | arm64 | ARM servers and Raspberry PI4 |
| darwin | amd64 | Intel-based Macs |
| darwin | arm64 | ARM-based Macs |
* Supports image deletion by tag * Supports image deletion by tag
* Currently suitable for on-prem deployments (e.g. colocated with Kubernetes) * Currently suitable for on-prem deployments (e.g. colocated with Kubernetes)
* Compatible with ecosystem tools such as [skopeo](#skopeo) and [cri-o](#cri-o) * Compatible with ecosystem tools such as [skopeo](#skopeo) and [cri-o](#cri-o)
* [Vulnerability scanning of images](#Scanning-images-for-known-vulnerabilities) * [Vulnerability scanning of images](#Scanning-images-for-known-vulnerabilities)
* [Command-line client support](#cli)
* TLS support * TLS support
* Authentication via: * Authentication via:
* TLS mutual authentication * TLS mutual authentication
@ -41,10 +54,12 @@ https://zotregistry.io
* Serve [multiple storage paths (and backends)](./examples/config-multiple.json) using a single zot server * Serve [multiple storage paths (and backends)](./examples/config-multiple.json) using a single zot server
* Pull and synchronize from other dist-spec conformant registries [sync](#sync) * Pull and synchronize from other dist-spec conformant registries [sync](#sync)
* Supports ratelimiting including per HTTP method * Supports ratelimiting including per HTTP method
* [Metrics](#metrics) with Prometheus
* Swagger based documentation * Swagger based documentation
* Single binary for _all_ the above features * Single binary for _all_ the above features
* [zli](https://github.com/project-zot/zot/tree/main/cmd/zli): [command-line client support](#cli)
* Also, [zb](https://github.com/project-zot/zot/tree/main/cmd/zb): [a benchmarking tool](#benchmarking) for dist-spec conformant registries
* Released under Apache 2.0 License * Released under Apache 2.0 License
* [Metrics](#metrics) with Prometheus
* Using a node exporter in case of dist-spec-only zot * Using a node exporter in case of dist-spec-only zot
* ```go get -u github.com/project-zot/zot/cmd/zot``` * ```go get -u github.com/project-zot/zot/cmd/zot```
@ -126,19 +141,27 @@ podman run --rm -p 8080:8080 \
# CLI # CLI
The same zot binary can be used for interacting with any zot server instances. ## Building `zli`
You can interact with the zot registry server using the `zli` binary.
```console
$ make cli
```
will produce `bin/zli` binary.
## Adding a zot server URL ## Adding a zot server URL
To add a zot server URL with an alias "remote-zot": To add a zot server URL with an alias "remote-zot":
```console ```console
$ zot config add remote-zot https://server-example:8080 $ zli config add remote-zot https://server-example:8080
``` ```
List all configured URLs with their aliases: List all configured URLs with their aliases:
```console ```console
$ zot config -l $ zli config -l
remote-zot https://server-example:8080 remote-zot https://server-example:8080
local http://localhost:8080 local http://localhost:8080
``` ```
@ -147,7 +170,7 @@ local http://localhost:8080
You can list all images from a server by using its alias specified [in this step](#adding-a-zot-server-url): You can list all images from a server by using its alias specified [in this step](#adding-a-zot-server-url):
```console ```console
$ zot images remote-zot $ zli images remote-zot
IMAGE NAME TAG DIGEST SIZE IMAGE NAME TAG DIGEST SIZE
postgres 9.6.18-alpine ef27f3e1 14.4MB postgres 9.6.18-alpine ef27f3e1 14.4MB
postgres 9.5-alpine 264450a7 14.4MB postgres 9.5-alpine 264450a7 14.4MB
@ -157,7 +180,7 @@ busybox latest 414aeb86 707.8KB
Or filter the list by an image name: Or filter the list by an image name:
```console ```console
$ zot images remote-zot -n busybox $ zli images remote-zot -n busybox
IMAGE NAME TAG DIGEST SIZE IMAGE NAME TAG DIGEST SIZE
busybox latest 414aeb86 707.8KB busybox latest 414aeb86 707.8KB
``` ```
@ -168,7 +191,7 @@ You can fetch CVE (Common Vulnerabilities and Exposures) info for images hosted
- Get all images affected by a CVE - Get all images affected by a CVE
```console ```console
$ zot cve remote-zot -i CVE-2017-9935 $ zli cve remote-zot -i CVE-2017-9935
IMAGE NAME TAG DIGEST SIZE IMAGE NAME TAG DIGEST SIZE
c3/openjdk-dev commit-5be4d92 ac3762e2 335MB c3/openjdk-dev commit-5be4d92 ac3762e2 335MB
``` ```
@ -176,7 +199,7 @@ c3/openjdk-dev commit-5be4d92 ac3762e2 335MB
- Get all CVEs for an image - Get all CVEs for an image
```console ```console
$ zot cve remote-zot -I c3/openjdk-dev:0.3.19 $ zli cve remote-zot -I c3/openjdk-dev:0.3.19
ID SEVERITY TITLE ID SEVERITY TITLE
CVE-2015-8540 LOW libpng: underflow read in png_check_keyword() CVE-2015-8540 LOW libpng: underflow read in png_check_keyword()
CVE-2017-16826 LOW binutils: Invalid memory access in the coff_s... CVE-2017-16826 LOW binutils: Invalid memory access in the coff_s...
@ -185,7 +208,7 @@ CVE-2017-16826 LOW binutils: Invalid memory access in the coff_s...
- Get detailed json output - Get detailed json output
```console ```console
$ zot cve remote-zot -I c3/openjdk-dev:0.3.19 -o json $ zli cve remote-zot -I c3/openjdk-dev:0.3.19 -o json
{ {
"Tag": "0.3.19", "Tag": "0.3.19",
"CVEList": [ "CVEList": [
@ -217,7 +240,7 @@ $ zot cve remote-zot -I c3/openjdk-dev:0.3.19 -o json
- Get all images in a specific repo affected by a CVE - Get all images in a specific repo affected by a CVE
```console ```console
$ zot cve remote-zot -I c3/openjdk-dev -i CVE-2017-9935 $ zli cve remote-zot -I c3/openjdk-dev -i CVE-2017-9935
IMAGE NAME TAG DIGEST SIZE IMAGE NAME TAG DIGEST SIZE
c3/openjdk-dev commit-2674e8a 71046748 338MB c3/openjdk-dev commit-2674e8a 71046748 338MB
c3/openjdk-dev commit-bd5cc94 0ab7fc76 c3/openjdk-dev commit-bd5cc94 0ab7fc76
@ -226,13 +249,13 @@ c3/openjdk-dev commit-bd5cc94 0ab7fc76
- Get all images of a specific repo where a CVE is fixed - Get all images of a specific repo where a CVE is fixed
```console ```console
$ zot cve remote-zot -I c3/openjdk-dev -i CVE-2017-9935 --fixed $ zli cve remote-zot -I c3/openjdk-dev -i CVE-2017-9935 --fixed
IMAGE NAME TAG DIGEST SIZE IMAGE NAME TAG DIGEST SIZE
c3/openjdk-dev commit-2674e8a-squashfs b545b8ba 321MB c3/openjdk-dev commit-2674e8a-squashfs b545b8ba 321MB
c3/openjdk-dev commit-d5024ec-squashfs cd45f8cf 321MB c3/openjdk-dev commit-d5024ec-squashfs cd45f8cf 321MB
``` ```
# Sync # Sync (pull-based mirroring)
Periodically pull and synchronize images between zot registries. Periodically pull and synchronize images between zot registries.
The synchronization is achieved by copying all the images found at source to destination. The synchronization is achieved by copying all the images found at source to destination.
To use it see [sync-config](examples/config-sync.json) To use it see [sync-config](examples/config-sync.json)
@ -242,6 +265,65 @@ Supports:
- Tags regex filtering - Tags regex filtering
- Tags semver compliance filtering (the 'v' prefix is optional) - Tags semver compliance filtering (the 'v' prefix is optional)
- BASIC auth - BASIC auth
- Image signatures
# Benchmarking
You can benchmark a zot registry or any other dist-spec conformant registry with `zb`.
## Building `zb``
```console
$ make bench
```
will produce `bin/zb` binary.
## Running `zb`
```console
$ zb -c 10 -n 1000 http://localhost:8080
Registry URL: http://localhost:8080
Concurrency Level: 2
Total requests: 100
Working dir:
============
Test name: Get Catalog
Time taken for tests: 45.397205ms
Complete requests: 100
Failed requests: 0
Requests per second: 2202.7788
2xx responses: 100
min: 402.259µs
max: 3.295887ms
p50: 855.045µs
p75: 971.709µs
p90: 1.127389ms
p99: 3.295887ms
============
Test name: Push Monolith 1MB
Time taken for tests: 952.336383ms
Complete requests: 100
Failed requests: 0
Requests per second: 105.00491
2xx responses: 100
min: 11.125673ms
max: 26.375356ms
p50: 18.917253ms
p75: 21.753441ms
p90: 24.02137ms
p99: 26.375356ms
...
```
# Ecosystem # Ecosystem
@ -286,11 +368,6 @@ bin/zxp config _config-file_
## Enable Metrics ## Enable Metrics
In the zot with all extensions case see [configuration example](./examples/config-metrics.json) for enabling metrics In the zot with all extensions case see [configuration example](./examples/config-metrics.json) for enabling metrics
# Caveats
* go 1.15+
* The OCI distribution spec is still WIP, and we try to keep up
# Contributing # Contributing
We encourage and support an active, healthy community of contributors. We encourage and support an active, healthy community of contributors.

View file

@ -9,7 +9,6 @@
"ReadOnly": false "ReadOnly": false
}, },
"log": { "log": {
"level": "debug", "level": "debug"
"output": "/tmp/zot.log"
} }
} }