Erich Blume
649ae15204
Remove backslash escaping from pipe characters in wiki-links. Correct: [[services/forgejo|Forgejo]] Wrong: [[services/forgejo\|Forgejo]] Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1.5 KiB
1.5 KiB
| title | tags | ||
|---|---|---|---|
| Zot |
|
Zot
OCI-native container registry providing pull-through cache and private image storage.
Quick Reference
| Property | Value |
|---|---|
| URL | https://registry.ops.eblu.me |
| Local Port | 5050 |
| Data | ~/zot |
| Config | ~/.config/zot/config.json |
| LaunchAgent | mcquack |
Namespace Convention
| Path | Source |
|---|---|
registry.ops.eblu.me/docker.io/* |
Cached from Docker Hub |
registry.ops.eblu.me/ghcr.io/* |
Cached from GHCR |
registry.ops.eblu.me/quay.io/* |
Cached from Quay |
registry.ops.eblu.me/blumeops/* |
Private images |
Pull-Through Cache
When kubernetes/cluster pulls an image:
- Containerd checks zot first (
host.minikube.internal:5050) - If cached, returns immediately
- If not, zot fetches from upstream, caches, returns
Private Images
# Build and push from gilbert
podman build -t registry.ops.eblu.me/blumeops/myapp:v1 .
podman push registry.ops.eblu.me/blumeops/myapp:v1
# Use in k8s manifest
image: registry.ops.eblu.me/blumeops/myapp:v1
Security Model
Network access only (no authentication). Defense is the Tailscale ACL boundary.
Useful Commands
# List all images
curl -s http://indri:5050/v2/_catalog | jq
# List tags
curl -s http://indri:5050/v2/blumeops/devpi/tags/list | jq
Related
- forgejo - Container build CI
- kubernetes/cluster - Registry consumer