Tycho Andersen
95d4a7ce04
Clients today expect the repo to clean up if there are unused blobs, not to manually delete things they think are unused. Let's do that, and use umoci's code to do it since it's tested and works. v2: also run GC on update as well as delete v3: fix up error return paths needing two args Signed-off-by: Serge Hallyn <shallyn@cisco.com> Signed-off-by: Tycho Andersen <tycho@tycho.ws>
zot 
zot is a vendor-neutral OCI image repository server purely based on OCI Distribution Specification.
- Conforms to OCI distribution spec APIs
- Uses OCI storage layout for storage layout
- Currently suitable for on-prem deployments (e.g. colocated with Kubernetes)
- TLS support
- Authentication via TLS mutual authentication and HTTP BASIC (local htpasswd and LDAP)
- Doesn't require root privileges
- Swagger based documentation
- Released under Apache 2.0 License
go get -u github.com/anuvu/zot/cmd/zot
Presentations
Build and install binary (using host's toolchain)
go get -u github.com/anuvu/zot/cmd/zot
Full CI/CD Build
- Build inside a container (preferred)
make binary-container
- Alternatively, build inside a container using stacker (preferred)
make binary-stacker
- Build using host's toolchain
make
Build artifacts are in bin/
Serving
bin/zot serve _config-file_
Examples of config files are available in examples/ dir.
Container Image
The Dockerfile in this repo can be used to build a container image that runs zot.
To build the image with ref zot:latest:
make image
Then run the image with your preferred container runtime:
# with podman
podman run --rm -it -p 5000:5000 -v $(pwd)/registry:/var/lib/registry zot:latest
# with docker
docker run --rm -it -p 5000:5000 -v $(pwd)/registry:/var/lib/registry zot:latest
This will run a registry at http://localhost:5000, storing content at ./registry
(bind mounted to /var/lib/registry in the container). By default, auth is disabled.
If you wish use custom configuration settings, you can override
the YAML config file located at /etc/zot/config.yml:
# Example: using a local file "custom-config.yml" that
# listens on port 8080 and uses /tmp/zot for storage root
podman run --rm -p 8080:8080 \
-v $(pwd)/custom-config.yml:/etc/zot/config.yml \
-v $(pwd)/registry:/tmp/zot \
zot:latest
Ecosystem
Since we couldn't find clients or client libraries that are stictly compliant to the dist spec, we had to patch containers/image (available as anuvu/image) and then link various binaries against the patched version.
skopeo
skopeo is a tool to work with remote image repositories.
We have a patched version available that works with zot.
git clone https://github.com/anuvu/skopeo
cd skopeo
make GO111MODULE=on binary-local
cri-o
cri-o is a OCI-based Kubernetes container runtime interface.
We have a patched version of containers/image available that works with zot which must be linked with cri-o.
git clone https://github.com/cri-o/cri-o
cd cri-o
echo 'replace github.com/containers/image => github.com/anuvu/image v1.5.2-0.20190827234748-f71edca6153a' >> go.mod
make bin/crio crio.conf GO111MODULE=on
Caveats
- go 1.12+
- The OCI distribution spec is still WIP, and we try to keep up