0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-06 22:40:28 -05:00
zot/README.md
Ramkumar Chinchani 488ff24aef README: update compliance test results
Documented results/notes for zot and docker.
Setting up quay is proving a little harder, will append once available.
2020-01-07 13:14:10 -08:00

4.2 KiB

zot Build Status codecov.io

zot is a vendor-neutral OCI image repository server purely based on OCI Distribution Specification.

  • Conforms to OCI distribution spec APIs
  • Uses OCI storage layout for storage layout
  • TLS support
  • Authentication via TLS mutual authentication and HTTP BASIC (local htpasswd and LDAP)
  • Doesn't require root privileges
  • Swagger based documentation
  • Can run compliance checks against registries
  • Released under Apache 2.0 License
  • go get -u github.com/anuvu/zot/cmd/zot

Presentations

Build and install binary (using host's toolchain)

go get -u github.com/anuvu/zot/cmd/zot

Full CI/CD Build

  • Build inside a container (preferred)
make binary-container
  • Alternatively, build inside a container using stacker (preferred)
make binary-stacker
  • Build using host's toolchain
make

Build artifacts are in bin/

Serving

bin/zot serve _config-file_

Examples of config files are available in examples/ dir.

Compliance checks

bin/zot compliance -H hostIP -P port [-V "all"] [--json]

Compliance is important for the following reasons:

  1. A standards-based client code can be implemented that can then interact with compliant registries.

  2. Customers benefit from the ability to move and locate their images across compliant registries.

Methodology

  • A positive compliance means the registry is compliant and meaningful work can be accomplished when interacting with that registry.

  • A negative compliance means the registry is compliant, however, it only returns errors that are compliant and no meaningful work can be performed when interacting with that registry.

The focus of compliance tests is positive compliance.

Compliance Reports

Registry Version Tested Notes
zot v0.3.8
docker v2.7.1
quay TODO, [opensourced recently] (https://www.redhat.com/en/blog/red-hat-introduces-open-source-project-quay-container-registry)

Ecosystem

Since we couldn't find clients or client libraries that are stictly compliant to the dist spec, we had to patch containers/image (available as anuvu/image) and then link various binaries against the patched version.

skopeo

skopeo is a tool to work with remote image repositories.

We have a patched version available that works with zot.

git clone https://github.com/anuvu/skopeo

cd skopeo

make GO111MODULE=on binary-local

cri-o

cri-o is a OCI-based Kubernetes container runtime interface.

We have a patched version of containers/image available that works with zot which must be linked with cri-o.

git clone https://github.com/cri-o/cri-o

cd cri-o

echo 'replace github.com/containers/image => github.com/anuvu/image v1.5.2-0.20190827234748-f71edca6153a' >> go.mod

make bin/crio crio.conf GO111MODULE=on

Caveats

  • go 1.12+
  • The OCI distribution spec is still WIP, and we try to keep up