titan-iac/services/zot/configmap.yaml

# services/zot/config.map
apiVersion: v1
kind: ConfigMap
metadata:
  name: zot-config
  namespace: zot
data:
  config.json: |
    {
      "storage": {
        "rootDirectory": "/var/lib/registry",
        "dedupe": true,
        "gc": true,
        "gcDelay": "1h",
        "gcInterval": "1h"
      },
      "http": {
        "address": "0.0.0.0",
        "port": "5000",
        "realm": "zot-registry",
        "compat": ["docker2s2"],
        "auth": {
          "openid": {
            "providers": {
              "oidc": {
                "issuer": "https://sso.bstein.dev/realms/atlas",
                "clientID": "oauth2-proxy",
                "clientSecret": "__CLIENT_SECRET__",
                "scopes": ["openid", "profile", "email", "groups"]
              }
            }
          }
        },
        "externalUrl": "https://registry.bstein.dev",
        "accessControl": {
          "repositories": {
            "**": {
              "policies": [],
              "defaultPolicy": [
                { "actions": ["read", "create", "update", "delete"] }
              ],
              "anonymousPolicy": [
                { "actions": ["read", "create", "update", "delete"] }
              ]
            }
          },
          "adminPolicy": {
            "groups": ["admin"],
            "actions": ["read", "create", "update", "delete"]
          }
        }
      },
      "log": { "level": "debug" },
      "extensions": {
        "ui": { "enable": true },
        "search": { "enable": true },
        "metrics": { "enable": true }
      }
    }
give my zot user permissions 2025-08-13 20:37:20 -05:00			`# services/zot/config.map`
zot fixes 2025-08-13 17:21:23 -05:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: zot-config`
			`namespace: zot`
			`data:`
			`config.json: \|`
			`{`
zot ui 2025-08-13 19:57:26 -05:00			`"storage": {`
			`"rootDirectory": "/var/lib/registry",`
			`"dedupe": true,`
			`"gc": true,`
			`"gcDelay": "1h",`
give my zot user permissions 2025-08-13 20:37:20 -05:00			`"gcInterval": "1h"`
zot ui 2025-08-13 19:57:26 -05:00			`},`
zot fixes 2025-08-13 17:21:23 -05:00			`"http": {`
			`"address": "0.0.0.0",`
			`"port": "5000",`
zot configmap update 2025-09-08 23:08:32 -05:00			`"realm": "zot-registry",`
zot fix 2025-09-15 01:03:32 -05:00			`"compat": ["docker2s2"],`
zot configmap update 2025-09-08 23:08:32 -05:00			`"auth": {`
sso: fix vault OIDC bootstrap and render zot oidc config 2025-12-08 23:23:21 -03:00			`"openid": {`
zot: fix oidc provider map shape 2025-12-08 23:36:19 -03:00			`"providers": {`
zot: use generic oidc provider key 2025-12-09 01:29:05 -03:00			`"oidc": {`
sso: fix vault OIDC bootstrap and render zot oidc config 2025-12-08 23:23:21 -03:00			`"issuer": "https://sso.bstein.dev/realms/atlas",`
zot: align oidc client to oauth2-proxy; add vault redirect 2025-12-09 20:49:25 -03:00			`"clientID": "oauth2-proxy",`
sso: fix vault OIDC bootstrap and render zot oidc config 2025-12-08 23:23:21 -03:00			`"clientSecret": "__CLIENT_SECRET__",`
zot: fix oidc config keys 2025-12-09 01:15:53 -03:00			`"scopes": ["openid", "profile", "email", "groups"]`
sso: fix vault OIDC bootstrap and render zot oidc config 2025-12-08 23:23:21 -03:00			`}`
zot: fix oidc provider map shape 2025-12-08 23:36:19 -03:00			`}`
sso: fix vault OIDC bootstrap and render zot oidc config 2025-12-08 23:23:21 -03:00			`}`
zot configmap update 2025-09-08 23:08:32 -05:00			`},`
sso: fix vault OIDC bootstrap and render zot oidc config 2025-12-08 23:23:21 -03:00			`"externalUrl": "https://registry.bstein.dev",`
zot fixes 2025-08-13 17:21:23 -05:00			`"accessControl": {`
zot fixes, worker requirement 2025-08-13 18:09:28 -05:00			`"repositories": {`
zot middleware add 2025-09-09 11:27:42 -05:00			`"**": {`
zot: temporarily bypass sso and allow open access 2025-12-11 01:50:25 -03:00			`"policies": [],`
			`"defaultPolicy": [`
			`{ "actions": ["read", "create", "update", "delete"] }`
zot simplification 2025-09-09 01:16:33 -05:00			`],`
zot: temporarily bypass sso and allow open access 2025-12-11 01:50:25 -03:00			`"anonymousPolicy": [`
			`{ "actions": ["read", "create", "update", "delete"] }`
			`]`
zot fixes 2025-08-13 17:21:23 -05:00			`}`
give my zot user permissions 2025-08-13 20:37:20 -05:00			`},`
			`"adminPolicy": {`
sso: fix vault OIDC bootstrap and render zot oidc config 2025-12-08 23:23:21 -03:00			`"groups": ["admin"],`
give my zot user permissions 2025-08-13 20:37:20 -05:00			`"actions": ["read", "create", "update", "delete"]`
zot fixes, worker requirement 2025-08-13 18:09:28 -05:00			`}`
zot fixes 2025-08-13 17:21:23 -05:00			`}`
zot ui 2025-08-13 19:57:26 -05:00			`},`
vault: ingress via oauth2-proxy with redirect 2025-12-10 02:56:11 -03:00			`"log": { "level": "debug" },`
zot ui 2025-08-13 19:57:26 -05:00			`"extensions": {`
zot configmap update 2025-09-08 23:08:32 -05:00			`"ui": { "enable": true },`
			`"search": { "enable": true },`
give my zot user permissions 2025-08-13 20:37:20 -05:00			`"metrics": { "enable": true }`
zot fixes, worker requirement 2025-08-13 18:09:28 -05:00			`}`
zot fixes 2025-08-13 17:21:23 -05:00			`}`