Hi dear readers after been busy the last two weeks, I am back for Day 3 of my series 30DaysOfIoTEdge. Now it’s time to learn about a container registry that you can run on devices with ARM microprocessors and that is compatible with OCI artifacts.
As the CNCF website on the sandbox projects page says “Zot is an OCI-native container registry for distributing container images and OCI artifacts”. This means that you can not just only push containers or helm charts in your registry, but also you can push any type of file. For example, configuration files, ML models, images, etc. So you can deploy something similar to Docker Hub. But is completely free to use, as common in open source software. Check its official website for more in deep information about this project: https://zotregistry.dev/.
Based on the edu.chainguard.dev website and OCI artifact is “OCI artifacts are a way of using OCI registries, or container registries that are compliant with specifications set by the Open Container Initiative, to store arbitrary files.”. Now we are clear that we can use the registries as a way to store. Something similar to having your own S3 storage. So let’s start with the technical side of my blog post.
What you will learn
In this blog post you will learn:
- Install Zot on ARM Devices (like a RPi).
- Push & Pull a container into Zot
- Push & Pull files as OCI artifacts into Zot using ORAS
Requirements
- Raspberry Pi or ARM instance in the cloud.
- Ubuntu >= 22.04
- Install docker (default installation)
Let’s put our hands on Zot.
Install Zot on ARM Devices
1. Install containerd running the following command:
sudo apt-get update
sudo apt-get install -y docker.io
These commands install Docker as your container runtime.
2. Install Zot to run in the port 5000 running following command:
docker run --name=zot -p 5000:5000 -d ghcr.io/project-zot/zot-linux-arm64:latest
Push & Pull a container into Zot
1. Pull the nginx image with the docker command:
docker pull nginx
2. Tag the image to push it with the name webserver into the Zot registry:
docker tag nginx localhost:5000//webserver:latest
NAMESPACE: Refers to any string that is going to simulate a project or user space in the registry. Because this is a basic installation you can use for it whatever string that you want.
3. Push the container into Zot as a image called webserver:latest, for this run the following command:
docker push localhost:5000//webserver:latest
4. Pull the previous container from the Zot registry as follows:
docker pull localhost:5000//webserver:latest
As you can see it works as any other registry. Let’s move to work with OCI Artifacts.
Push/Pull files as OCI artifacts into Zot using ORAS
1. Install ORAS using snap:
snap install oras --classic
2. Create 2 files in your current directory:
echo 1 > file1.txt
echo 2 > file1.txt
3. Push the files as OCI artifacts into the repo as follows:
oras push localhost:5000//files:latest file1.txt file2.txt
You will see an output like this:
✓ Exists application/vnd.oci.empty.v1+json 2/2 B 100.00% 0s
└─ sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
✓ Exists file1.txt 2/2 B 100.00% 0s
└─ sha256:4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
✓ Exists file2.txt 2/2 B 100.00% 0s
└─ sha256:53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3
✓ Uploaded application/vnd.oci.image.manifest.v1+json 795/795 B 100.00% 6ms
└─ sha256:a3ca9cc257cce158f8d94674c70ce67ee8fa6f19eea3cebe368ce1c140be9dfd
Pushed [registry] localhost:5000/test1/files:latest
ArtifactType: application/vnd.unknown.artifact.v1
Digest: sha256:a3ca9cc257cce158f8d94674c70ce67ee8fa6f19eea3cebe368ce1c140be9dfd
This command create an OCI artifact called files with the tag latest which contains the files file1.txt and file2.txt.
4. Pull the files inside the OCI artifacts files:latest using the following command:
oras pull --plain-http localhost:5000//files:latest
You will see that the files will be unpackaged in your current directory and an output as follows:
✓ Pulled file2.txt 2/2 B 100.00% 472µs
└─ sha256:53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3
✓ Pulled file1.txt 2/2 B 100.00% 2ms
└─ sha256:4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
✓ Pulled application/vnd.oci.image.manifest.v1+json 795/795 B 100.00% 113µs
└─ sha256:a3ca9cc257cce158f8d94674c70ce67ee8fa6f19eea3cebe368ce1c140be9dfd
Pulled [registry] localhost:5001/test1/files:latest
Digest: sha256:a3ca9cc257cce158f8d94674c70ce67ee8fa6f19eea3cebe368ce1c140be9dfd
Try to run this command on an empty directory to check if the artifact is unpackaged in that directory.
Zot UI
Do you want to use UI? Zot provides a UI for you, it looks like this in the main page:
And if you check an artifact looks like this:
Advanced options
Zot also provides more advance options like:
- Supports helm charts
- TLS support
- Authentication
- OCI Compatible
- ARM support
Just to mention some of the features that are included. Its pretty easy to use and lightweight for edge solutions.
Are there another Registries that runs on ARM? Yes
You can use Distribution which is another option that runs on ARM.
Conclusion about Zot and ORAS
After testing Zot, its ARM compatible, lightweight and with enough features to implement a secure implementation for edge use cases. You can start quick to configure your own registry pretty quick with Zot. You can go wrong with it. Also with ORAS you can take advantage of pushing files like ML models, configurations and other kind of files that sometimes you need to store for temporary use, thats will be ideal for edge computing. So when using Zot and ORAS you get a full setup to create and manage your registries compatible with OCI artifacts.
What do you think about Zot and ORAS? Tell me, post your comment.
See you on my next post.
Follow me
These are mi social networks:
- https://www.linkedin.com/in/sergioarmgpl
- https://sergiops.xyz
- https://x.com/sergioarmgpl
- https://www.instagram.com/sergioarmgpl/
This blog post is an extended version content of my book: