From 54eb9e1ac513a44037621bfa2a3744d9aa25f388 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Mon, 15 Dec 2025 14:01:18 -0300
Subject: [PATCH] zot: restore UI basic header middleware

---
 services/zot/ingress.yaml                 |  2 +-
 services/zot/kustomization.yaml           |  1 +
 services/zot/middleware-ui.yaml           | 10 ++++++++++
 services/zot/oauth2-proxy-deployment.yaml |  2 +-
 4 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 services/zot/middleware-ui.yaml

diff --git a/services/zot/ingress.yaml b/services/zot/ingress.yaml
index 6c23709..86747c6 100644
--- a/services/zot/ingress.yaml
+++ b/services/zot/ingress.yaml
@@ -35,7 +35,7 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
-    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-resp-headers@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-ui-auth-header@kubernetescrd, zot-zot-resp-headers@kubernetescrd
 spec:
   ingressClassName: traefik
   tls:
diff --git a/services/zot/kustomization.yaml b/services/zot/kustomization.yaml
index 22d76ae..0795b7e 100644
--- a/services/zot/kustomization.yaml
+++ b/services/zot/kustomization.yaml
@@ -11,3 +11,4 @@ resources:
   - oauth2-proxy-service.yaml
   - ingress.yaml
   - middleware.yaml
+  - middleware-ui.yaml
diff --git a/services/zot/middleware-ui.yaml b/services/zot/middleware-ui.yaml
new file mode 100644
index 0000000..7feaf53
--- /dev/null
+++ b/services/zot/middleware-ui.yaml
@@ -0,0 +1,10 @@
+# services/zot/middleware-ui.yaml
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: zot-ui-auth-header
+  namespace: zot
+spec:
+  headers:
+    customRequestHeaders:
+      Authorization: "Basic em90LXVpLXByb3h5OlRlbXBTc29VaVBhc3MhMjAyNQ=="
diff --git a/services/zot/oauth2-proxy-deployment.yaml b/services/zot/oauth2-proxy-deployment.yaml
index f3eef52..b071f9a 100644
--- a/services/zot/oauth2-proxy-deployment.yaml
+++ b/services/zot/oauth2-proxy-deployment.yaml
@@ -44,7 +44,7 @@ spec:
             - --cookie-samesite=lax
             - --cookie-refresh=20m
             - --cookie-expire=168h
-            - --upstream=http://zot-ui-proxy:TempSsoUiPass%212025@zot:5000
+            - --upstream=http://zot:5000
             - --http-address=0.0.0.0:4180
             - --skip-provider-button=true
             - --skip-jwt-bearer-tokens=true