From 1899bb767777dff5fb46fe0a00d92a9a8d616f64 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Mon, 15 Dec 2025 13:53:53 -0300
Subject: [PATCH] zot: move basic auth to oauth2-proxy upstream

---
 services/zot/ingress.yaml                 |  2 +-
 services/zot/kustomization.yaml           |  1 -
 services/zot/middleware-ui.yaml           | 10 ----------
 services/zot/oauth2-proxy-deployment.yaml |  2 +-
 4 files changed, 2 insertions(+), 13 deletions(-)
 delete mode 100644 services/zot/middleware-ui.yaml

diff --git a/services/zot/ingress.yaml b/services/zot/ingress.yaml
index 86747c6..6c23709 100644
--- a/services/zot/ingress.yaml
+++ b/services/zot/ingress.yaml
@@ -35,7 +35,7 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
-    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-ui-auth-header@kubernetescrd, zot-zot-resp-headers@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-resp-headers@kubernetescrd
 spec:
   ingressClassName: traefik
   tls:
diff --git a/services/zot/kustomization.yaml b/services/zot/kustomization.yaml
index 0795b7e..22d76ae 100644
--- a/services/zot/kustomization.yaml
+++ b/services/zot/kustomization.yaml
@@ -11,4 +11,3 @@ resources:
   - oauth2-proxy-service.yaml
   - ingress.yaml
   - middleware.yaml
-  - middleware-ui.yaml
diff --git a/services/zot/middleware-ui.yaml b/services/zot/middleware-ui.yaml
deleted file mode 100644
index 7feaf53..0000000
--- a/services/zot/middleware-ui.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-# services/zot/middleware-ui.yaml
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: zot-ui-auth-header
-  namespace: zot
-spec:
-  headers:
-    customRequestHeaders:
-      Authorization: "Basic em90LXVpLXByb3h5OlRlbXBTc29VaVBhc3MhMjAyNQ=="
diff --git a/services/zot/oauth2-proxy-deployment.yaml b/services/zot/oauth2-proxy-deployment.yaml
index b071f9a..f3eef52 100644
--- a/services/zot/oauth2-proxy-deployment.yaml
+++ b/services/zot/oauth2-proxy-deployment.yaml
@@ -44,7 +44,7 @@ spec:
             - --cookie-samesite=lax
             - --cookie-refresh=20m
             - --cookie-expire=168h
-            - --upstream=http://zot:5000
+            - --upstream=http://zot-ui-proxy:TempSsoUiPass%212025@zot:5000
             - --http-address=0.0.0.0:4180
             - --skip-provider-button=true
             - --skip-jwt-bearer-tokens=true