Technology · Ebook

zot: A Vendor-Neutral OCI Registry

by Shriira Press

Every container image has to live in a registry, and zot is the CNCF sandbox project that takes a minimal, standards-first approach to the job. Built purely on the OCI Distribution Specification and Image Format, it ships as a single small Go binary that runs anywhere from a cloud cluster to an edge device. This book builds zot from the ground up: what an OCI registry is and why standards matter, how images are laid out on disk, the single-binary architecture, local and S3 storage with dedupe and garbage collection, authentication and fine-grained authorization, sync mirroring, the GraphQL search and embedded Trivy CVE scanning, supply-chain trust with cosign and notation signatures, and how to run zot well in practice — all with real config keys and zli commands.

Contents

1. 1Preface
2. 2Chapter 1 — The Registry Problem
3. 3Chapter 2 — Built on OCI Standards
4. 4Chapter 3 — Architecture and the Single Binary
5. 5Chapter 4 — Storage: Local, S3, Dedupe, and GC
6. 6Chapter 5 — Authentication and Authorization
7. 7Chapter 6 — Sync and Mirroring
8. 8Chapter 7 — Search, CVE Scanning, and the UI
9. 9Chapter 8 — Supply-Chain Trust
10. 10Chapter 9 — zot in Practice