zot troubleshooting

services/zot/configmap.yaml

@@ -17,7 +17,7 @@ data:
       "http": {
         "address": "0.0.0.0",
         "port": "5000",
-        "auth": { "htpasswd": { "path": "/etc/zot/htpasswd" } },
+        "auth": { "htpasswd": { "path": "/etc/zot/htpasswd", "realm": "zot-registry" } },
         "accessControl": {
           "repositories": {
             "**": {
@@ -34,7 +34,7 @@ data:
           }
         }
       },
-      "log": { "level": "info" },
+      "log": { "level": "debug" },
       "extensions": {
         "ui":      { "enable": true },
         "search":  { "enable": true },

services/zot/ingress.yaml

@@ -8,6 +8,7 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt-prod
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.tls.options: zot-h1only@kubernetescrd
     traefik.ingress.kubernetes.io/router.middlewares: zot-zot-headers@kubernetescrd,zot-zot-buffering@kubernetescrd
 spec:
   ingressClassName: traefik

services/zot/kustomization.yaml

@@ -9,4 +9,5 @@ resources:
   - service.yaml
   - ingress.yaml
   - middleware.yaml
+  - tlsoptions.yaml
   

services/zot/middleware.yaml

@@ -1,4 +1,4 @@
-# services/zot/middlewares.yaml
+# services/zot/middleware.yaml
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:

services/zot/tlsoptions.yaml

@@ -0,0 +1,9 @@
+# services/zot/tlsoptions.yaml
+apiVersion: traefik.io/v1alpha1
+kind: TLSOption
+metadata:
+  name: h1only
+  namespace: zot
+spec:
+  alpnProtocols:
+    - http/1.1