Puppet module to manage zot registry.
Following code would start zot
registry based on configuration values defined in in Hiera common.yaml.
include zot
Override installed version, see zot releases.
zot::version: 2.0.0-rc7
Bind on all interfaces and port 8080
zot::config:
http:
address: 0.0.0.0
port: 8080
Turn on debugging:
zot::config:
log:
level: debug
Prometheus metrics:
zot::config:
extensions:
metrics:
enable: true
prometheus:
path: /metrics
Full example:
---
zot::version: 1.4.3
zot::log_dir: /var/log/zot
zot::data_dir: /var/lib/zot
zot::config:
distSpecVersion: 1.0.1
http:
address: 0.0.0.0
port: 5000
realm: zot
tls:
cert: /etc/letsencrypt/live/my.registry/fullchain.pem
key: /etc/letsencrypt/live/my.registry/privkey.pem
storage:
dedupe: true
gc: true
gcDelay: 1h
gcInterval: 6h
log:
level: info
extensions:
metrics:
enable: true
prometheus:
path: /metrics
search:
enable: true
cve:
updateInterval: 24h
sync:
enable: true
registries:
- urls:
- https://docker.io/library
onDemand: true # only requested images will be cached
maxRetries: 3
retryDelay: 5m
pollInterval: 6h
scrub:
interval: 24h
ui:
enable: true
retention:
zot::data_dir: /tmp/zot
zot::config:
distSpecVersion: 1.1.0-dev
storage:
gc: true
gcDelay: 2h
gcInterval: 1h
retention:
dryRun: false
delay: 24h
policies:
- repositories:
- infra/*
- prod/*
deleteReferrers: false
keepTags:
- patterns:
- v2.*
- .*-prod
- patterns:
- v3.*
- .*-prod
pulledWithin: 168h
- repositories:
- tmp/**
deleteReferrers: true
deleteUntagged: true
keepTags:
- patterns:
- v1.*
pulledWithin: 168h
pushedWithin: 168h
- repositories:
- '**'
deleteReferrers: true
deleteUntagged: true
keepTags:
- mostRecentlyPushedCount: 10
mostRecentlyPulledCount: 10
pulledWithin: 720h
pushedWithin: 720h
subPaths:
/a:
rootDirectory: /tmp/zot1
dedupe: true
retention:
policies:
- repositories:
- infra/*
- prod/*
deleteReferrers: false
http:
address: 127.0.0.1
port: 8080
log:
level: debug
For full parameter reference see the official documentation for the installed version. This module doesn't attempt to validate registry config specification. Merged configuration is serialized to JSON which will be syntactically correct but the config should be validated against distSpecVersion
using e.g. zot verify /etc/zot/config.json
.
Change storage directory:
zot::data_dir: /srv/zot
Change log directory:
zot::log_dir: /srv/log
In order to bind the zot
service on ports < 1024, you'll need either root
priviledges or configure bind capabilities, e.g. using file_capability
file_capability::file_capabilities:
"/usr/bin/zot-%{lookup('zot::version')}":
ensure: present
capability: 'cap_net_bind_service=eip'
All Puppet variables are documented in REFERENCE.md.