zot: move basic auth to oauth2-proxy upstream

2025-12-15 13:53:53 -03:00 · 2025-12-15 13:53:53 -03:00 · 1899bb7677
commit 1899bb7677
parent 0416493f49
4 changed files with 2 additions and 13 deletions
--- a/services/zot/ingress.yaml
+++ b/services/zot/ingress.yaml
@ -35,7 +35,7 @@ metadata:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
-    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-ui-auth-header@kubernetescrd, zot-zot-resp-headers@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-resp-headers@kubernetescrd
 spec:
  ingressClassName: traefik
  tls:
--- a/services/zot/kustomization.yaml
+++ b/services/zot/kustomization.yaml
@ -11,4 +11,3 @@ resources:
  - oauth2-proxy-service.yaml
  - ingress.yaml
  - middleware.yaml
-  - middleware-ui.yaml
--- a/services/zot/middleware-ui.yaml
+++ b/services/zot/middleware-ui.yaml
@ -1,10 +0,0 @@
-# services/zot/middleware-ui.yaml
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: zot-ui-auth-header
-  namespace: zot
-spec:
-  headers:
-    customRequestHeaders:
-      Authorization: "Basic em90LXVpLXByb3h5OlRlbXBTc29VaVBhc3MhMjAyNQ=="
--- a/services/zot/oauth2-proxy-deployment.yaml
+++ b/services/zot/oauth2-proxy-deployment.yaml
@ -44,7 +44,7 @@ spec:
            - --cookie-samesite=lax
            - --cookie-refresh=20m
            - --cookie-expire=168h
-            - --upstream=http://zot:5000
+            - --upstream=http://zot-ui-proxy:TempSsoUiPass%212025@zot:5000
            - --http-address=0.0.0.0:4180
            - --skip-provider-button=true
            - --skip-jwt-bearer-tokens=true