zot: restore UI basic header middleware

2025-12-15 14:01:18 -03:00 · 2025-12-15 14:01:18 -03:00 · 54eb9e1ac5
commit 54eb9e1ac5
parent 1899bb7677
4 changed files with 13 additions and 2 deletions
--- a/services/zot/ingress.yaml
+++ b/services/zot/ingress.yaml
@ -35,7 +35,7 @@ metadata:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
-    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-resp-headers@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-ui-auth-header@kubernetescrd, zot-zot-resp-headers@kubernetescrd
 spec:
  ingressClassName: traefik
  tls:
--- a/services/zot/kustomization.yaml
+++ b/services/zot/kustomization.yaml
@ -11,3 +11,4 @@ resources:
  - oauth2-proxy-service.yaml
  - ingress.yaml
  - middleware.yaml
  - middleware-ui.yaml
--- a/services/zot/middleware-ui.yaml
+++ b/services/zot/middleware-ui.yaml
@ -0,0 +1,10 @@
 # services/zot/middleware-ui.yaml
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: zot-ui-auth-header
  namespace: zot
 spec:
  headers:
    customRequestHeaders:
      Authorization: "Basic em90LXVpLXByb3h5OlRlbXBTc29VaVBhc3MhMjAyNQ=="
--- a/services/zot/oauth2-proxy-deployment.yaml
+++ b/services/zot/oauth2-proxy-deployment.yaml
@ -44,7 +44,7 @@ spec:
            - --cookie-samesite=lax
            - --cookie-refresh=20m
            - --cookie-expire=168h
-            - --upstream=http://zot-ui-proxy:TempSsoUiPass%212025@zot:5000
+            - --upstream=http://zot:5000
            - --http-address=0.0.0.0:4180
            - --skip-provider-button=true
            - --skip-jwt-bearer-tokens=true