원클릭으로 Manus에서 모든 스킬 실행

zot-registry

스타0

포크0

업데이트2026년 2월 12일 15:09

OCI registry operations — image inspection, push troubleshooting, multi-arch manifests, pull secret verification. Use when: You need to inspect images in the registry, troubleshoot "manifest invalid" errors, debug ImagePullBackOff caused by registry issues, verify pull secrets, or check if a new image was pushed after CI. Don't use when: The pod is crashing for non-image reasons (use pod-troubleshooting). Don't use for Flux reconciliation failures (use flux-debugging). Don't use for CI build failures before the push step (use ci-diagnosis). Don't use for deploying changes end-to-end (use gitops-deploy). Outputs: Image manifest details, tag listings, digest verification, pull secret validation results, or push troubleshooting diagnosis.

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

Manus에서 실행

출처

rajsinghtech

rajsinghtech/openclaw-workspace

GitHub 저장소 열기 Creator 저장소 보기

다운로드

Manus에서 실행

Zot Registry

Registry: oci.killinit.cc

Routing

Use This Skill When

Checking if an image exists or was recently pushed
Debugging "manifest invalid" errors after a push
Pod has ImagePullBackOff and you suspect registry/auth issues
Verifying pull secrets are correct
Inspecting image layers, digests, or multi-arch manifests
Someone asks "is the latest image pushed?" or "what version is running?"

Don't Use This Skill When

Pod is crashing (CrashLoopBackOff, OOMKilled) → use pod-troubleshooting
Flux can't reconcile → use flux-debugging
CI workflow failed during build (before push) → use ci-diagnosis
You need to deploy end-to-end → use gitops-deploy
Storage/PVC issues → use storage-ops
You're reviewing code changes → use code-review

Critical: Push Method

Zot rejects manifests from docker push, crane push, and buildx --push. The only working push method is:

skopeo copy docker-archive:<file>.tar docker://oci.killinit.cc/<repo>/<image>:<tag>

This is handled automatically by CI workflows. Never change the push method.

⚠️ If someone suggests using docker push or crane push — stop them. It will produce a "manifest invalid" error and the image won't be usable.

Image Inspection

# Check if an image exists and view its manifest
crane manifest oci.killinit.cc/openclaw/openclaw:latest | jq .
crane manifest oci.killinit.cc/openclaw/workspace:latest | jq .

# Get the digest
crane digest oci.killinit.cc/openclaw/openclaw:latest
crane digest oci.killinit.cc/openclaw/workspace:latest

# List tags
crane ls oci.killinit.cc/openclaw/openclaw
crane ls oci.killinit.cc/openclaw/workspace

# Full inspect (config + layers)
skopeo inspect docker://oci.killinit.cc/openclaw/openclaw:latest

Multi-Arch Manifests

Per-arch images are pushed individually, then combined:

# After pushing amd64 and arm64 images separately via skopeo:
crane index append \
  --manifest oci.killinit.cc/openclaw/openclaw:<sha>-amd64 \
  --manifest oci.killinit.cc/openclaw/openclaw:<sha>-arm64 \
  --tag oci.killinit.cc/openclaw/openclaw:<sha> \
  --tag oci.killinit.cc/openclaw/openclaw:latest

Authentication

# Login (credentials from Zot secrets)
crane auth login oci.killinit.cc -u <username> -p <password>

# Skopeo uses --creds or --authfile
skopeo inspect docker://oci.killinit.cc/openclaw/openclaw:latest --creds user:pass

In-cluster, pull credentials come from the zot-pull-secret imagePullSecret:

# Verify pull secret
kubectl get secret zot-pull-secret -n openclaw -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq .

Troubleshooting

"manifest invalid" on Push

Cause: Using docker push or crane push instead of skopeo copy docker-archive:. Fix: Only push via skopeo copy docker-archive:<file>.tar docker://oci.killinit.cc/... Prevention: This is enforced in CI. Never modify the push step in GitHub Actions.

ImagePullBackOff in Cluster

# Check pod events
kubectl describe pod -l app.kubernetes.io/name=openclaw -n openclaw | grep -A3 "Failed"

# Verify the image tag exists
crane ls oci.killinit.cc/openclaw/openclaw

# Verify pull secret is correct
kubectl get secret zot-pull-secret -n openclaw -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq '.auths'

# Test pull manually
skopeo inspect docker://oci.killinit.cc/openclaw/openclaw:latest

Stale Image After CI

Kubernetes caches :latest tags. Force a re-pull:

kubectl rollout restart deployment openclaw -n openclaw

The workspace ImageVolume uses pullPolicy: Always, so it re-pulls on every pod start.

Image Exists but Wrong Architecture

# Check what architectures are in the manifest
crane manifest oci.killinit.cc/openclaw/openclaw:latest | jq '.manifests[]? | {platform, digest}'

# If single-arch, check which one
skopeo inspect docker://oci.killinit.cc/openclaw/openclaw:latest | jq '.Architecture'

Security Notes

Pull secrets contain registry credentials — never log them in plain text
Image digests are the only tamper-proof references — use digests for security-critical verification
CI workflows have write access to the registry via GitHub secrets — review workflow changes carefully

Artifact Handoff

Write image inspection results to /tmp/outputs/registry-check.md when diagnosing complex multi-image or multi-arch issues.

이 저장소의 다른 Skills

같은 저장소

code-review

rajsinghtech/openclaw-workspace

Structured PR review — security scan, correctness, consistency, style. Covers diff analysis, comment posting via gh, and priority-based finding reports. Use when: A PR needs review, someone asks for code feedback, or changes need security/correctness validation before merge. Also use for pre-commit review of your own changes. Don't use when: The issue is a runtime pod failure (use pod-troubleshooting), a Flux reconciliation error (use flux-debugging), or a CI build failure (use ci-diagnosis). Don't use for architecture-level design discussions (use architecture-design instead). Outputs: Review comment posted on the PR via `gh pr review`, or a structured findings report grouped by severity (Critical/High/Medium/Low).

2026-02-200

openspec-workflow

rajsinghtech/openclaw-workspace

Spec-driven development workflow — proposals, requirements, design docs, task breakdowns, and implementation using the OpenSpec framework. Use when: Starting a new feature or change that needs planning, someone says "I want to build X", creating proposals or specs, breaking down requirements into tasks, or transitioning from planning to implementation. Don't use when: Debugging or troubleshooting (use appropriate troubleshooting skill). Don't use for Kubernetes manifest changes (use pr-workflow). Don't use for reviewing existing code (use code-review). Outputs: OpenSpec change folder with proposal.md, specs/, design.md, and tasks.md. Implementation follows directly from tasks.md.

2026-02-200

session-review

rajsinghtech/openclaw-workspace

Analyze agent sessions for tool failures, retry patterns, knowledge gaps, context limits, and config drift. Use when: Running periodic session reviews (cron), investigating agent reliability issues, looking for recurring failure patterns, or identifying workspace improvements from real usage. This is the primary skill for Robert's review cron job. Don't use when: You're making changes to fix issues (use workspace-improvement for that). Don't use for live debugging of a current issue (use the appropriate troubleshooting skill). Don't use for code review of PRs (use code-review). Outputs: Session analysis report with categorized findings (tool failures, retries, knowledge gaps, config drift), severity ratings, and proposed fixes. Written to /tmp/outputs/session-review.md for handoff.

2026-02-200

cluster-context

rajsinghtech/openclaw-workspace

OpenClaw pod architecture, volumes, networking, secrets, and provider configuration reference. Use when: Debugging container, mount, networking, or credential issues. Also use when you need to understand pod structure, check which providers are configured, verify volume mounts, or inspect secrets configuration. Don't use when: Debugging pod crashes (use pod-troubleshooting). Don't use for Flux issues (use flux-debugging). Don't use for deploying changes (use gitops-deploy). This is a reference skill, not a diagnostic workflow. Outputs: Architecture reference information. No artifacts — this skill provides context for other skills to use.

2026-02-200

gitops-deploy

rajsinghtech/openclaw-workspace

End-to-end deployment workflow — commit, CI, Flux reconcile, pod restart, verify. Includes ConfigMap changes, Flux postBuild escaping, and SOPS secret management. Use when: You need to deploy changes to the OpenClaw pod — config updates, workspace changes, image rebuilds, or secret rotations. Also use when someone asks "how do I deploy this?" or "push this change live." Don't use when: You're debugging why a deployment failed (use flux-debugging or pod-troubleshooting). Don't use for changes to kubernetes-manifests repo (Dyson's pr-workflow handles that). Don't use for registry/image inspection (use zot-registry). Outputs: Deployed changes verified in the running pod. Confirmation includes CI status, Flux reconciliation state, pod status, and startup logs.

2026-02-200

openclaw-docs-lookup-morty

rajsinghtech/openclaw-workspace

Look up OpenClaw documentation via web_fetch for config validation and verification. Use when: You need to verify a config key, understand OpenClaw configuration options, or check documentation for Kubernetes-specific settings before making changes. Don't use when: The answer is already in CONFIG.md, AGENTS.md, TOOLS.md in your workspace.

2026-02-200

name	Zot Registry
description	OCI registry operations — image inspection, push troubleshooting, multi-arch manifests, pull secret verification. Use when: You need to inspect images in the registry, troubleshoot "manifest invalid" errors, debug ImagePullBackOff caused by registry issues, verify pull secrets, or check if a new image was pushed after CI. Don't use when: The pod is crashing for non-image reasons (use pod-troubleshooting). Don't use for Flux reconciliation failures (use flux-debugging). Don't use for CI build failures before the push step (use ci-diagnosis). Don't use for deploying changes end-to-end (use gitops-deploy). Outputs: Image manifest details, tag listings, digest verification, pull secret validation results, or push troubleshooting diagnosis.
requires	["kubectl","crane","skopeo"]

Zot Registry

Registry: oci.killinit.cc

Routing

Use This Skill When

Checking if an image exists or was recently pushed
Debugging "manifest invalid" errors after a push
Pod has ImagePullBackOff and you suspect registry/auth issues
Verifying pull secrets are correct
Inspecting image layers, digests, or multi-arch manifests
Someone asks "is the latest image pushed?" or "what version is running?"

Don't Use This Skill When

Pod is crashing (CrashLoopBackOff, OOMKilled) → use pod-troubleshooting
Flux can't reconcile → use flux-debugging
CI workflow failed during build (before push) → use ci-diagnosis
You need to deploy end-to-end → use gitops-deploy
Storage/PVC issues → use storage-ops
You're reviewing code changes → use code-review

Critical: Push Method

Zot rejects manifests from docker push, crane push, and buildx --push. The only working push method is:

skopeo copy docker-archive:<file>.tar docker://oci.killinit.cc/<repo>/<image>:<tag>

This is handled automatically by CI workflows. Never change the push method.

⚠️ If someone suggests using docker push or crane push — stop them. It will produce a "manifest invalid" error and the image won't be usable.

Image Inspection

# Check if an image exists and view its manifest
crane manifest oci.killinit.cc/openclaw/openclaw:latest | jq .
crane manifest oci.killinit.cc/openclaw/workspace:latest | jq .

# Get the digest
crane digest oci.killinit.cc/openclaw/openclaw:latest
crane digest oci.killinit.cc/openclaw/workspace:latest

# List tags
crane ls oci.killinit.cc/openclaw/openclaw
crane ls oci.killinit.cc/openclaw/workspace

# Full inspect (config + layers)
skopeo inspect docker://oci.killinit.cc/openclaw/openclaw:latest

Multi-Arch Manifests

Per-arch images are pushed individually, then combined:

# After pushing amd64 and arm64 images separately via skopeo:
crane index append \
  --manifest oci.killinit.cc/openclaw/openclaw:<sha>-amd64 \
  --manifest oci.killinit.cc/openclaw/openclaw:<sha>-arm64 \
  --tag oci.killinit.cc/openclaw/openclaw:<sha> \
  --tag oci.killinit.cc/openclaw/openclaw:latest

Authentication

# Login (credentials from Zot secrets)
crane auth login oci.killinit.cc -u <username> -p <password>

# Skopeo uses --creds or --authfile
skopeo inspect docker://oci.killinit.cc/openclaw/openclaw:latest --creds user:pass

In-cluster, pull credentials come from the zot-pull-secret imagePullSecret:

# Verify pull secret
kubectl get secret zot-pull-secret -n openclaw -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq .

Troubleshooting

"manifest invalid" on Push

ImagePullBackOff in Cluster

# Check pod events
kubectl describe pod -l app.kubernetes.io/name=openclaw -n openclaw | grep -A3 "Failed"

# Verify the image tag exists
crane ls oci.killinit.cc/openclaw/openclaw

# Verify pull secret is correct
kubectl get secret zot-pull-secret -n openclaw -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq '.auths'

# Test pull manually
skopeo inspect docker://oci.killinit.cc/openclaw/openclaw:latest

Stale Image After CI

Kubernetes caches :latest tags. Force a re-pull:

kubectl rollout restart deployment openclaw -n openclaw

The workspace ImageVolume uses pullPolicy: Always, so it re-pulls on every pod start.

Image Exists but Wrong Architecture

# Check what architectures are in the manifest
crane manifest oci.killinit.cc/openclaw/openclaw:latest | jq '.manifests[]? | {platform, digest}'

# If single-arch, check which one
skopeo inspect docker://oci.killinit.cc/openclaw/openclaw:latest | jq '.Architecture'

Security Notes

Pull secrets contain registry credentials — never log them in plain text
Image digests are the only tamper-proof references — use digests for security-critical verification
CI workflows have write access to the registry via GitHub secrets — review workflow changes carefully

Artifact Handoff

Write image inspection results to /tmp/outputs/registry-check.md when diagnosing complex multi-image or multi-arch issues.