c374f9dbcb
fix: the bug when htpasswd has multiple creds |
||
---|---|---|
.bazel | ||
cmd/zot | ||
docs | ||
errors | ||
examples | ||
pkg | ||
test/scripts | ||
.bazelignore | ||
.bazelrc | ||
.gitignore | ||
.travis.yml | ||
BUILD.bazel | ||
Dockerfile | ||
Dockerfile.build | ||
go.mod | ||
go.sum | ||
LICENSE | ||
Makefile | ||
Makefile.bazel | ||
README.md | ||
stacker.yaml | ||
WORKSPACE | ||
zot.go |
zot
zot is a vendor-neutral OCI image repository server purely based on OCI Distribution Specification.
- Conforms to OCI distribution spec APIs
- Uses OCI storage layout for storage layout
- Supports helm charts
- Currently suitable for on-prem deployments (e.g. colocated with Kubernetes)
- TLS support
- Authentication via:
- TLS mutual authentication
- HTTP Basic (local htpasswd and LDAP)
- HTTP Bearer token
- Doesn't require root privileges
- Storage optimizations:
- Automatic garbage collection of orphaned blobs
- Layer deduplication using hard links when content is identical
- Swagger based documentation
- Released under Apache 2.0 License
go get -u github.com/anuvu/zot/cmd/zot
Presentations
Build and install binary (using host's toolchain)
go get -u github.com/anuvu/zot/cmd/zot
Full CI/CD Build
- Build inside a container (preferred)
make binary-container
- Alternatively, build inside a container using stacker (preferred)
make binary-stacker
- Build using host's toolchain
make
Build artifacts are in bin/
Serving
bin/zot serve _config-file_
Examples of config files are available in examples/ dir.
Container Image
The Dockerfile in this repo can be used to build a container image that runs zot.
To build the image with ref zot:latest
:
make image
Then run the image with your preferred container runtime:
# with podman
podman run --rm -it -p 5000:5000 -v $(pwd)/registry:/var/lib/registry zot:latest
# with docker
docker run --rm -it -p 5000:5000 -v $(pwd)/registry:/var/lib/registry zot:latest
This will run a registry at http://localhost:5000, storing content at ./registry
(bind mounted to /var/lib/registry
in the container). By default, auth is disabled.
If you wish use custom configuration settings, you can override
the YAML config file located at /etc/zot/config.yml
:
# Example: using a local file "custom-config.yml" that
# listens on port 8080 and uses /tmp/zot for storage root
podman run --rm -p 8080:8080 \
-v $(pwd)/custom-config.yml:/etc/zot/config.yml \
-v $(pwd)/registry:/tmp/zot \
zot:latest
Ecosystem
Since we couldn't find clients or client libraries that are stictly compliant to the dist spec, we had to patch containers/image (available as anuvu/image) and then link various binaries against the patched version.
skopeo
skopeo is a tool to work with remote image repositories.
We have a patched version available that works with zot.
git clone https://github.com/anuvu/skopeo
cd skopeo
make GO111MODULE=on binary-local
cri-o
cri-o is a OCI-based Kubernetes container runtime interface.
We have a patched version of containers/image available that works with zot which must be linked with cri-o.
git clone https://github.com/cri-o/cri-o
cd cri-o
echo 'replace github.com/containers/image => github.com/anuvu/image v1.5.2-0.20190827234748-f71edca6153a' >> go.mod
make bin/crio crio.conf GO111MODULE=on
Caveats
- go 1.12+
- The OCI distribution spec is still WIP, and we try to keep up