zot icon indicating copy to clipboard operation
zot copied to clipboard
verified publisher icon project-zot

[Feat]: add support for systemd socket activation

Open rgl opened this issue 1 year ago • 5 comments

Is your feature request related to a problem? Please describe.

I would like to configure zot to use a privileged port like 80 or 443 without granting it the CAP_NET_BIND_SERVICE capability.

Describe the solution you'd like

Would like to configure Zot to use systemd Socket Activation.

For more information, please see:

  • https://0pointer.de/blog/projects/socket-activated-containers.html
  • https://www.sobyte.net/post/2022-01/systemd-socket-activation/

Describe alternatives you've considered

No response

Additional context

No response

rgl avatar Jan 24 '24 18:01 rgl

@rgl thanks for filing this issue. Do you want to give a shot at a PR? https://github.com/project-zot/zot/blob/main/examples/zot.service

rchincha avatar Jan 24 '24 19:01 rchincha

I can!

Just so we are on the same page, this means that I will modify the following code, OK?

https://github.com/project-zot/zot/blob/v2.0.0/pkg/api/controller.go#L145-L168

rgl avatar Jan 24 '24 19:01 rgl

@rgl would also just add another zot.socket-service file with [Socket] directive?

rchincha avatar Jan 24 '24 22:01 rchincha

@rchincha the PR is at https://github.com/project-zot/zot/pull/2186.

please be aware that I've updated the go.mod too, which I'm unsure if should be included in the PR. please advice in the PR issue.

rgl avatar Jan 26 '24 08:01 rgl