Zot

OCI-native container registry providing pull-through cache and private image storage.

Quick Reference

Property	Value
URL	https://registry.ops.eblu.me
Local Port	5050
Data	`~/zot`
Config	`~/.config/zot/config.json`
LaunchAgent	mcquack

Namespace Convention

Path	Source
`registry.ops.eblu.me/docker.io/*`	Cached from Docker Hub
`registry.ops.eblu.me/ghcr.io/*`	Cached from GHCR
`registry.ops.eblu.me/quay.io/*`	Cached from Quay
`registry.ops.eblu.me/blumeops/*`	Private images

Pull-Through Cache

When minikube pulls an image, containerd checks zot first. If cached, returns immediately. If not, zot fetches from upstream, caches it, then returns.

Security Model

Network access only (no authentication). Defense is the Tailscale ACL boundary.

forgejo - Container build CI
Cluster - Registry consumer

BlumeOps Docs

Explorer

Zot

Zot

Quick Reference

Namespace Convention

Pull-Through Cache

Security Model

Graph View

Table of Contents

Backlinks

BlumeOps Docs

Explorer

Zot

Zot

Quick Reference

Namespace Convention

Pull-Through Cache

Security Model

Related

Graph View

Table of Contents

Backlinks