From 46d94f6052580f13b59840b6377c90477d447db1 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Wed, 13 Aug 2025 17:21:23 -0500
Subject: [PATCH] zot fixes

---
 .../flux-system/kustomization-zot.yaml        |  2 +
 services/zot/config.json                      | 24 --------
 services/zot/configmap.yaml                   | 32 +++++++++++
 services/zot/deployment.yaml                  | 55 +++++++++++--------
 services/zot/kustomization.yaml               | 10 +---
 services/zot/pvc.yaml                         |  1 +
 6 files changed, 69 insertions(+), 55 deletions(-)
 delete mode 100644 services/zot/config.json
 create mode 100644 services/zot/configmap.yaml

diff --git a/infrastructure/flux-system/kustomization-zot.yaml b/infrastructure/flux-system/kustomization-zot.yaml
index e79d4bc..f3007e6 100644
--- a/infrastructure/flux-system/kustomization-zot.yaml
+++ b/infrastructure/flux-system/kustomization-zot.yaml
@@ -14,3 +14,5 @@ spec:
     name: flux-system
     namespace: flux-system
   wait: true
+  dependsOn:
+    - name: core 
diff --git a/services/zot/config.json b/services/zot/config.json
deleted file mode 100644
index 54390b7..0000000
--- a/services/zot/config.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  "storage": { "rootDirectory": "/var/lib/registry" },
-  "log": { "level": "info" },
-  "http": {
-    "address": "0.0.0.0",
-    "port": "5000",
-    "auth": {
-      "htpasswd": { "path": "/etc/zot/htpasswd" }
-    },
-    "accessControl": {
-      "repositories": {
-        "**": {
-          "anonymousPolicy": ["read"],
-          "policies": [
-            {
-              "users": ["bstein"],
-              "actions": ["create", "update", "delete"]
-            }
-          ]
-        }
-      }
-    }
-  }
-}
diff --git a/services/zot/configmap.yaml b/services/zot/configmap.yaml
new file mode 100644
index 0000000..8394796
--- /dev/null
+++ b/services/zot/configmap.yaml
@@ -0,0 +1,32 @@
+# services/zot/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: zot-config
+  namespace: zot
+data:
+  config.json: |
+    {
+      "storage": { "rootDirectory": "/var/lib/registry" },
+      "http": {
+        "address": "0.0.0.0",
+        "port": "5000",
+        "auth": {
+          "htpasswd": {
+            "path": "/etc/zot/htpasswd",
+            "realm": "zot"
+          }
+        },
+        "accessControl": {
+          "repositories": [
+            {
+              "pattern": "**",
+              "policies": [
+                { "users": ["*"], "actions": ["read"] }
+              ]
+            }
+          ]
+        }
+      },
+      "log": { "level": "info" }
+    }
diff --git a/services/zot/deployment.yaml b/services/zot/deployment.yaml
index a749a5d..4ea2dcd 100644
--- a/services/zot/deployment.yaml
+++ b/services/zot/deployment.yaml
@@ -17,41 +17,50 @@ spec:
         kubernetes.io/arch: arm64
       containers:
         - name: zot
-          image: ghcr.io/project-zot/zot-linux-arm64:v2.1.7
+          image: ghcr.io/project-zot/zot-linux-arm64:latest
+          imagePullPolicy: IfNotPresent
           args: ["serve", "/etc/zot/config.json"]
           ports:
-            - name: http
-              containerPort: 5000
+            - { name: http, containerPort: 5000 }
           volumeMounts:
+            - name: cfg
+              mountPath: /etc/zot/config.json
+              subPath: config.json
+              readOnly: true
+            - name: htpasswd
+              mountPath: /etc/zot/htpasswd
+              subPath: htpasswd
+              readOnly: true
             - name: zot-data
               mountPath: /var/lib/registry
-            - name: cfg
-              mountPath: /etc/zot
           readinessProbe:
-            tcpSocket: { port: 5000 }
+            httpGet:
+              path: /v2/
+              port: http
             initialDelaySeconds: 5
             periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /v2/
+              port: http
+            initialDelaySeconds: 15
+            periodSeconds: 20
           resources:
             requests:
-              cpu: "50m"
-              memory: "64Mi"
-            limits:
-              memory: "256Mi"
+              cpu: 50m
+              memory: 64Mi
       volumes:
+        - name: cfg
+          configMap:
+            name: zot-config
+            items:
+              - key: config.json
+                path: config.json
+        - name: htpasswd
+          secret:
+            secretName: zot-htpasswd
         - name: zot-data
           persistentVolumeClaim:
             claimName: zot-data
-        - name: cfg
-          projected:
-            sources:
-              - configMap:
-                  name: zot-config
-                  items:
-                    - key: config.json
-                      path: config.json
-              - secret:
-                  name: zot-htpasswd
-                  items:
-                    - key: htpasswd
-                      path: htpasswd
+
 
diff --git a/services/zot/kustomization.yaml b/services/zot/kustomization.yaml
index 302212b..080c45f 100644
--- a/services/zot/kustomization.yaml
+++ b/services/zot/kustomization.yaml
@@ -5,13 +5,7 @@ resources:
   - namespace.yaml
   - pvc.yaml
   - deployment.yaml
+  - configmap.yaml
   - service.yaml
   - ingress.yaml
-
-configMapGenerator:
-  - name: zot-config
-    files:
-      - config.json=config.json
-
-generatorOptions:
-  disableNameSuffixHash: true
+  
\ No newline at end of file
diff --git a/services/zot/pvc.yaml b/services/zot/pvc.yaml
index dbafb76..b3af86c 100644
--- a/services/zot/pvc.yaml
+++ b/services/zot/pvc.yaml
@@ -10,3 +10,4 @@ spec:
   resources:
     requests:
       storage: 25Gi
+  storageClassName: asteria