39 lines
1.7 KiB
YAML
39 lines
1.7 KiB
YAML
# Zot — OCI pull-through registry cache
|
|
# =============================================================================
|
|
# Single-instance pull-through cache for Docker Hub, lscr.io, ghcr.io, quay.io
|
|
#
|
|
# How it works:
|
|
# - Each Docker host points its registry-mirror at http://100.83.230.112:5000
|
|
# - On first pull, Zot fetches from upstream and caches locally
|
|
# - Subsequent pulls on any host are served from local cache instantly
|
|
# - No credentials required for public images
|
|
#
|
|
# Storage: /volume2/metadata/docker2/zot/ (NVMe RAID1 — fast, ~10-20GB steady state)
|
|
#
|
|
# Web UI: http://100.83.230.112:5050 (browse cached images)
|
|
# Metrics: http://100.83.230.112:5050/metrics (Prometheus)
|
|
#
|
|
# Per-host mirror config (one-time, manual):
|
|
# Atlantis/Calypso: Container Manager → Registry → Settings → Mirror
|
|
# Other Linux hosts: /etc/docker/daemon.json → "registry-mirrors": ["http://100.83.230.112:5000"]
|
|
#
|
|
# To add credentials (Docker Hub authenticated pulls, ghcr.io):
|
|
# Drop /volume2/metadata/docker2/zot/credentials.json on Atlantis
|
|
# See docs/services/individual/zot.md for format
|
|
# =============================================================================
|
|
|
|
services:
|
|
zot:
|
|
image: ghcr.io/project-zot/zot-linux-amd64:latest
|
|
container_name: zot
|
|
restart: unless-stopped
|
|
ports:
|
|
- "5050:5000"
|
|
volumes:
|
|
- /volume2/metadata/docker2/zot/data:/var/lib/registry
|
|
- /volume2/metadata/docker2/zot/config.json:/etc/zot/config.json:ro
|
|
# credentials.json is optional — drop it on Atlantis to enable authenticated pulls
|
|
# - /volume2/metadata/docker2/zot/credentials.json:/etc/zot/credentials.json:ro
|
|
labels:
|
|
- com.centurylinklabs.watchtower.enable=true
|