🚀 Init

This commit is contained in:
Korbs 2024-12-09 22:20:46 -05:00
parent 175b1b2ab1
commit 7d8c939758
3 changed files with 212 additions and 2 deletions

101
README.md
View file

@ -1,3 +1,100 @@
# zot-docker-setup # Zot Docker Setup
Straight-forward setup for Zot in Docker. Steps are also included how to use it as a Docker registry. Setup Zot in Docker
This is mostly how SudoVanilla's Docker registry is setup.
> I'm still new to Zot, so some information below could be inaccurate and some important information could be missing too.
## Configuration
### Address and Port
Zot will need to bind itself to an address and port.
- `address` - `192.168.0.0` (Use Local IP)
- `port` - `2000`
Example above would bind `http://192.168.0.0:2000`
### Access Control
The already provided configuration is setup to allow guest users to view any images that is available on your Zot registry, with one user(you) being able to view, create, delete, and update images.
Make sure you give yourself access to other permissions, the email you plan to use should be set to `users` under the `*` policies under `accessControl`.
### OpenID Connect (Optional)
To setup OpenID Connect, configure the `openid` portion of the `config.json` file.
- `name` - Name that appears on login button (Sign in with `name`)
- `issuer` - `https://sso.whatever.org/odic`
- Don't use the provider configuration endpoint, use the issuer endpoint
- `clientid` - Client or App ID
- `clientsecret` - Client or App secret
- `scopes` - Permissions to give Zot that it can access.
Your Zot redirect URL will look like this:
```
// Path
/zot/auth/callback/oidc
// Full URL example
https://zot.whatever.org/zot/auth/callback/oidc
```
> The endpoint will use your `externalUrl` as the assumed redirect URL, make it is set correctly for your setup.
> If you don't plan to use this, remove the `openid` portion from the `config.json` file.
### Htpasswd (Optional)
If you plan to provide a login via email and password, you'll need to create an account with the `htpasswd` command and create the account you'll use.
Create an account:
```bash
htpasswd -bnB MyUsername MyPassword > ./htpasswd
```
> If you don't plan to use this, remove the `htpasswd` line from the `config.json` file.
## Usage
### Building Docker Image
You can build a Docker image as you normally would.
```bash
docker build -t your-image .
```
### Pushing Docker Image
Zot seems to be setup to accept OCI images, not the Docker format, so using `docker push` won't work. You can use `skopeo` to push, after you save the Docker image as a tar.
Before we proceed, make to login into your Zot registry:
```
skopeo login zot.whatever.org
```
> If you used OpenID Connect to create an account. Use your email as the `username` and crete an API Token as the `password`.
Run `docker save` to convert the existing image to a `.tar` format:
```bash
docker save -o your-image.tar your-image
```
Then, push it to your Zot registry:
```bash
skopeo copy tarball:./your-image.tar docker://zot.whatever.org/your-image
```
The `/your-image` part in the `skopeo copy` command can be whatever. `/whatever/your-image` also works.
**Try it Out**
Let's try pushing an existing image from Docker Hub to your Zot registry, we'll use Bun's image in this example.
```bash
docker pull oven/bun
docker save -o bun.tar oven/bun
skopeo copy tarball:./bun.tar docker://zot.whatever.org/oven/bun
```

102
config.json Normal file
View file

@ -0,0 +1,102 @@
{
"distSpecVersion": "1.0.1",
"storage": {
"dedupe": true,
"gc": true,
"gcDelay": "1h",
"gcInterval": "6h",
"rootDirectory": "/var/lib/registry"
},
"http": {
"address": "192.168.0.0",
"port": "2000",
"externalUrl": "https://zot.whatever.org",
"realm": "zot",
"auth": {
"htpasswd": {
"path": "/etc/zot/htpasswd"
},
"openid": {
"providers": {
"oidc": {
"name": "Company SSO or whatever",
"issuer": "https://sso.whatever.org/oidc",
"clientid": "CLIENT_ID",
"clientsecret": "CLIENT_SECRET",
"keypath": "",
"scopes": [
"openid",
"profile",
"email"
]
}
}
},
"failDelay": 1
},
"accessControl": {
"repositories": {
"*": {
"policies": [
{
"users": [
"your-email@whatever.org"
],
"actions": [
"read",
"create",
"update",
"delete"
]
}
],
"defaultPolicy": [
"read"
],
"anonymousPolicy": [
"read"
]
}
}
}
},
"log": {
"level": "debug",
"output": "/var/log/zot/zot.log",
"audit": "/var/log/zot/zot-audit.log"
},
"extensions": {
"ui": {
"enable": true
},
"search": {
"enable": true,
"cve": {
"updateInterval": "24h"
}
},
"sync": {
"enable": false,
"registries": [
{
"urls": [
"https://mirror.gcr.io/library"
],
"onDemand": true,
"maxRetries": 3,
"retryDelay": "5m",
"pollInterval": "6h"
},
{
"urls": [
"https://docker.io/library"
],
"onDemand": true
}
]
},
"scrub": {
"interval": "24h"
}
}
}

11
docker-compose.yml Normal file
View file

@ -0,0 +1,11 @@
services:
zot:
image: ghcr.io/project-zot/zot:latest
network_mode: host # Configure the ports in the "config.json" file.
stdin_open: true
tty: true
volumes:
- ./config.json:/etc/zot/config.json
- ./htpasswd:/etc/zot/htpasswd
- ./zot:/var/lib/registry # Generated
- ./logs:/var/log/zot/ # Generated