🚀 Init
This commit is contained in:
parent
175b1b2ab1
commit
7d8c939758
3 changed files with 212 additions and 2 deletions
101
README.md
101
README.md
|
@ -1,3 +1,100 @@
|
||||||
# zot-docker-setup
|
# Zot Docker Setup
|
||||||
|
|
||||||
Straight-forward setup for Zot in Docker. Steps are also included how to use it as a Docker registry.
|
Setup Zot in Docker
|
||||||
|
|
||||||
|
This is mostly how SudoVanilla's Docker registry is setup.
|
||||||
|
|
||||||
|
> I'm still new to Zot, so some information below could be inaccurate and some important information could be missing too.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
### Address and Port
|
||||||
|
|
||||||
|
Zot will need to bind itself to an address and port.
|
||||||
|
|
||||||
|
- `address` - `192.168.0.0` (Use Local IP)
|
||||||
|
- `port` - `2000`
|
||||||
|
|
||||||
|
Example above would bind `http://192.168.0.0:2000`
|
||||||
|
|
||||||
|
### Access Control
|
||||||
|
|
||||||
|
The already provided configuration is setup to allow guest users to view any images that is available on your Zot registry, with one user(you) being able to view, create, delete, and update images.
|
||||||
|
|
||||||
|
Make sure you give yourself access to other permissions, the email you plan to use should be set to `users` under the `*` policies under `accessControl`.
|
||||||
|
|
||||||
|
### OpenID Connect (Optional)
|
||||||
|
|
||||||
|
To setup OpenID Connect, configure the `openid` portion of the `config.json` file.
|
||||||
|
|
||||||
|
- `name` - Name that appears on login button (Sign in with `name`)
|
||||||
|
- `issuer` - `https://sso.whatever.org/odic`
|
||||||
|
- Don't use the provider configuration endpoint, use the issuer endpoint
|
||||||
|
- `clientid` - Client or App ID
|
||||||
|
- `clientsecret` - Client or App secret
|
||||||
|
- `scopes` - Permissions to give Zot that it can access.
|
||||||
|
|
||||||
|
Your Zot redirect URL will look like this:
|
||||||
|
```
|
||||||
|
// Path
|
||||||
|
/zot/auth/callback/oidc
|
||||||
|
|
||||||
|
// Full URL example
|
||||||
|
https://zot.whatever.org/zot/auth/callback/oidc
|
||||||
|
```
|
||||||
|
|
||||||
|
> The endpoint will use your `externalUrl` as the assumed redirect URL, make it is set correctly for your setup.
|
||||||
|
|
||||||
|
> If you don't plan to use this, remove the `openid` portion from the `config.json` file.
|
||||||
|
|
||||||
|
### Htpasswd (Optional)
|
||||||
|
|
||||||
|
If you plan to provide a login via email and password, you'll need to create an account with the `htpasswd` command and create the account you'll use.
|
||||||
|
|
||||||
|
Create an account:
|
||||||
|
```bash
|
||||||
|
htpasswd -bnB MyUsername MyPassword > ./htpasswd
|
||||||
|
```
|
||||||
|
|
||||||
|
> If you don't plan to use this, remove the `htpasswd` line from the `config.json` file.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
### Building Docker Image
|
||||||
|
|
||||||
|
You can build a Docker image as you normally would.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker build -t your-image .
|
||||||
|
```
|
||||||
|
|
||||||
|
### Pushing Docker Image
|
||||||
|
|
||||||
|
Zot seems to be setup to accept OCI images, not the Docker format, so using `docker push` won't work. You can use `skopeo` to push, after you save the Docker image as a tar.
|
||||||
|
|
||||||
|
Before we proceed, make to login into your Zot registry:
|
||||||
|
```
|
||||||
|
skopeo login zot.whatever.org
|
||||||
|
```
|
||||||
|
> If you used OpenID Connect to create an account. Use your email as the `username` and crete an API Token as the `password`.
|
||||||
|
|
||||||
|
Run `docker save` to convert the existing image to a `.tar` format:
|
||||||
|
```bash
|
||||||
|
docker save -o your-image.tar your-image
|
||||||
|
```
|
||||||
|
|
||||||
|
Then, push it to your Zot registry:
|
||||||
|
```bash
|
||||||
|
skopeo copy tarball:./your-image.tar docker://zot.whatever.org/your-image
|
||||||
|
```
|
||||||
|
|
||||||
|
The `/your-image` part in the `skopeo copy` command can be whatever. `/whatever/your-image` also works.
|
||||||
|
|
||||||
|
**Try it Out**
|
||||||
|
|
||||||
|
Let's try pushing an existing image from Docker Hub to your Zot registry, we'll use Bun's image in this example.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker pull oven/bun
|
||||||
|
docker save -o bun.tar oven/bun
|
||||||
|
skopeo copy tarball:./bun.tar docker://zot.whatever.org/oven/bun
|
||||||
|
```
|
102
config.json
Normal file
102
config.json
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
{
|
||||||
|
"distSpecVersion": "1.0.1",
|
||||||
|
"storage": {
|
||||||
|
"dedupe": true,
|
||||||
|
"gc": true,
|
||||||
|
"gcDelay": "1h",
|
||||||
|
"gcInterval": "6h",
|
||||||
|
"rootDirectory": "/var/lib/registry"
|
||||||
|
},
|
||||||
|
"http": {
|
||||||
|
"address": "192.168.0.0",
|
||||||
|
"port": "2000",
|
||||||
|
"externalUrl": "https://zot.whatever.org",
|
||||||
|
"realm": "zot",
|
||||||
|
"auth": {
|
||||||
|
"htpasswd": {
|
||||||
|
"path": "/etc/zot/htpasswd"
|
||||||
|
},
|
||||||
|
"openid": {
|
||||||
|
"providers": {
|
||||||
|
"oidc": {
|
||||||
|
"name": "Company SSO or whatever",
|
||||||
|
"issuer": "https://sso.whatever.org/oidc",
|
||||||
|
"clientid": "CLIENT_ID",
|
||||||
|
"clientsecret": "CLIENT_SECRET",
|
||||||
|
"keypath": "",
|
||||||
|
"scopes": [
|
||||||
|
"openid",
|
||||||
|
"profile",
|
||||||
|
"email"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"failDelay": 1
|
||||||
|
},
|
||||||
|
"accessControl": {
|
||||||
|
"repositories": {
|
||||||
|
"*": {
|
||||||
|
"policies": [
|
||||||
|
{
|
||||||
|
"users": [
|
||||||
|
"your-email@whatever.org"
|
||||||
|
],
|
||||||
|
"actions": [
|
||||||
|
"read",
|
||||||
|
"create",
|
||||||
|
"update",
|
||||||
|
"delete"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"defaultPolicy": [
|
||||||
|
"read"
|
||||||
|
],
|
||||||
|
"anonymousPolicy": [
|
||||||
|
"read"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"log": {
|
||||||
|
"level": "debug",
|
||||||
|
"output": "/var/log/zot/zot.log",
|
||||||
|
"audit": "/var/log/zot/zot-audit.log"
|
||||||
|
},
|
||||||
|
"extensions": {
|
||||||
|
"ui": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"search": {
|
||||||
|
"enable": true,
|
||||||
|
"cve": {
|
||||||
|
"updateInterval": "24h"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sync": {
|
||||||
|
"enable": false,
|
||||||
|
"registries": [
|
||||||
|
{
|
||||||
|
"urls": [
|
||||||
|
"https://mirror.gcr.io/library"
|
||||||
|
],
|
||||||
|
"onDemand": true,
|
||||||
|
"maxRetries": 3,
|
||||||
|
"retryDelay": "5m",
|
||||||
|
"pollInterval": "6h"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"urls": [
|
||||||
|
"https://docker.io/library"
|
||||||
|
],
|
||||||
|
"onDemand": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"scrub": {
|
||||||
|
"interval": "24h"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
11
docker-compose.yml
Normal file
11
docker-compose.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
services:
|
||||||
|
zot:
|
||||||
|
image: ghcr.io/project-zot/zot:latest
|
||||||
|
network_mode: host # Configure the ports in the "config.json" file.
|
||||||
|
stdin_open: true
|
||||||
|
tty: true
|
||||||
|
volumes:
|
||||||
|
- ./config.json:/etc/zot/config.json
|
||||||
|
- ./htpasswd:/etc/zot/htpasswd
|
||||||
|
- ./zot:/var/lib/registry # Generated
|
||||||
|
- ./logs:/var/log/zot/ # Generated
|
Loading…
Reference in a new issue