eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/services/zot.md
Erich Blume ce1f696bd8 Add Reference section with 24 technical reference cards 
Phase 2 of documentation restructuring. Creates docs/reference/ with:

Services (16):
- alloy, argocd, borgmatic, 1password, forgejo, grafana
- jellyfin, kiwix, loki, miniflux, navidrome, postgresql
- prometheus, teslamate, transmission, zot

Infrastructure (3):
- hosts - Device inventory
- tailscale - ACLs, groups, tags
- routing - DNS domains and port mappings

Kubernetes (2):
- cluster - Minikube specs
- apps - ArgoCD application registry

Storage (2):
- sifaka - Synology NAS configuration
- backups - Backup policy

All cards use wiki-links for cross-referencing and include YAML
frontmatter with title and tags for Quartz.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 13:22:19 -08:00

66 lines
1.5 KiB
Markdown
Raw Blame History

---
title: Zot
tags:
- service
- registry
---
# Zot
OCI-native container registry providing pull-through cache and private image storage.
## Quick Reference
| Property | Value |
|----------|-------|
| **URL** | https://registry.ops.eblu.me |
| **Local Port** | 5050 |
| **Data** | `~/zot` |
| **Config** | `~/.config/zot/config.json` |
| **LaunchAgent** | mcquack |
## Namespace Convention
| Path | Source |
|------|--------|
| `registry.ops.eblu.me/docker.io/*` | Cached from Docker Hub |
| `registry.ops.eblu.me/ghcr.io/*` | Cached from GHCR |
| `registry.ops.eblu.me/quay.io/*` | Cached from Quay |
| `registry.ops.eblu.me/blumeops/*` | Private images |
## Pull-Through Cache
When [[kubernetes/cluster\|minikube]] pulls an image:
1. Containerd checks zot first (`host.minikube.internal:5050`)
2. If cached, returns immediately
3. If not, zot fetches from upstream, caches, returns
## Private Images
```bash
# Build and push from gilbert
podman build -t registry.ops.eblu.me/blumeops/myapp:v1 .
podman push registry.ops.eblu.me/blumeops/myapp:v1
# Use in k8s manifest
image: registry.ops.eblu.me/blumeops/myapp:v1
```
## Security Model
Network access only (no authentication). Defense is the Tailscale ACL boundary.
## Useful Commands
```bash
# List all images
curl -s http://indri:5050/v2/_catalog | jq
# List tags
curl -s http://indri:5050/v2/blumeops/devpi/tags/list | jq
```
## Related
- [[forgejo\|Forgejo]] - Container build CI
- [[kubernetes/cluster\|Cluster]] - Registry consumer
Reference in a new issue View git blame Copy permalink