OCI Registry Service
Comprehensive OCI (Open Container Initiative) registry deployment and management for the provisioning system.
Source:
provisioning/platform/oci-registry/
Supported Registries
- Zot (Recommended for Development): Lightweight, fast, OCI-native with UI
- Harbor (Recommended for Production): Full-featured enterprise registry
- Distribution (OCI Reference): Official OCI reference implementation
Features
- Multi-Registry Support: Zot, Harbor, Distribution
- Namespace Organization: Logical separation of artifacts
- Access Control: RBAC, policies, authentication
- Monitoring: Prometheus metrics, health checks
- Garbage Collection: Automatic cleanup of unused artifacts
- High Availability: Optional HA configurations
- TLS/SSL: Secure communication
- UI Interface: Web-based management (Zot, Harbor)
Quick Start
Start Zot Registry (Default)
cd provisioning/platform/oci-registry/zot
docker-compose up -d
# Initialize with namespaces and policies
nu ../scripts/init-registry.nu --registry-type zot
# Access UI
open http://localhost:5000
Start Harbor Registry
cd provisioning/platform/oci-registry/harbor
docker-compose up -d
sleep 120 # Wait for services
# Initialize
nu ../scripts/init-registry.nu --registry-type harbor --admin-password Harbor12345
# Access UI
open http://localhost
# Login: admin / Harbor12345
Default Namespaces
| Namespace | Description | Public | Retention |
|---|---|---|---|
provisioning-extensions | Extension packages | No | 10 tags, 90 days |
provisioning-kcl | KCL schemas | No | 20 tags, 180 days |
provisioning-platform | Platform images | No | 5 tags, 30 days |
provisioning-test | Test artifacts | Yes | 3 tags, 7 days |
Management
Nushell Commands
# Start registry
nu -c "use provisioning/core/nulib/lib_provisioning/oci_registry; oci-registry start --type zot"
# Check status
nu -c "use provisioning/core/nulib/lib_provisioning/oci_registry; oci-registry status --type zot"
# View logs
nu -c "use provisioning/core/nulib/lib_provisioning/oci_registry; oci-registry logs --type zot --follow"
# Health check
nu -c "use provisioning/core/nulib/lib_provisioning/oci_registry; oci-registry health --type zot"
# List namespaces
nu -c "use provisioning/core/nulib/lib_provisioning/oci_registry; oci-registry namespaces"
Docker Compose
# Start
docker-compose up -d
# Stop
docker-compose down
# View logs
docker-compose logs -f
# Remove (including volumes)
docker-compose down -v
Registry Comparison
| Feature | Zot | Harbor | Distribution |
|---|---|---|---|
| Setup | Simple | Complex | Simple |
| UI | Built-in | Full-featured | None |
| Search | Yes | Yes | No |
| Scanning | No | Trivy | No |
| Replication | No | Yes | No |
| RBAC | Basic | Advanced | Basic |
| Best For | Dev/CI | Production | Compliance |
Security
Authentication
Zot/Distribution (htpasswd):
htpasswd -Bc htpasswd provisioning
docker login localhost:5000
Harbor (Database):
docker login localhost
# Username: admin / Password: Harbor12345
Monitoring
Health Checks
# API check
curl http://localhost:5000/v2/
# Catalog check
curl http://localhost:5000/v2/_catalog
Metrics
Zot:
curl http://localhost:5000/metrics
Harbor:
curl http://localhost:9090/metrics
Related Documentation
- Architecture: OCI Integration
- User Guide: OCI Registry Guide