From 5bfeffe31f102bd503025ba3b3bef956b2f0964f Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Mon, 15 Sep 2025 01:03:32 -0500 Subject: [PATCH] zot fix --- services/zot/configmap.yaml | 3 ++- services/zot/ingress.yaml | 3 --- services/zot/kustomization.yaml | 1 - services/zot/middleware.yaml | 42 +-------------------------------- services/zot/tlsoptions.yaml | 9 ------- 5 files changed, 3 insertions(+), 55 deletions(-) delete mode 100644 services/zot/tlsoptions.yaml diff --git a/services/zot/configmap.yaml b/services/zot/configmap.yaml index 3bc6c31..0261fc1 100644 --- a/services/zot/configmap.yaml +++ b/services/zot/configmap.yaml @@ -18,6 +18,7 @@ data: "address": "0.0.0.0", "port": "5000", "realm": "zot-registry", + "compat": ["docker2s2"], "auth": { "htpasswd": { "path": "/etc/zot/htpasswd" } }, @@ -37,7 +38,7 @@ data: } } }, - "log": { "level": "debug" }, + "log": { "level": "info" }, "extensions": { "ui": { "enable": true }, "search": { "enable": true }, diff --git a/services/zot/ingress.yaml b/services/zot/ingress.yaml index 6c946fb..3425535 100644 --- a/services/zot/ingress.yaml +++ b/services/zot/ingress.yaml @@ -8,9 +8,6 @@ metadata: cert-manager.io/cluster-issuer: letsencrypt-prod traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" - # traefik.ingress.kubernetes.io/router.tls.options: zot-h1only@kubernetescrd - # traefik.ingress.kubernetes.io/router.middlewares: zot-zot-headers@kubernetescrd,zot-zot-buffering@kubernetescrd - traefik.ingress.kubernetes.io/router.middlewares: zot-add-www-auth@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: zot-zot-resp-headers@kubernetescrd spec: ingressClassName: traefik diff --git a/services/zot/kustomization.yaml b/services/zot/kustomization.yaml index b59b721..73a097c 100644 --- a/services/zot/kustomization.yaml +++ b/services/zot/kustomization.yaml @@ -9,4 +9,3 @@ resources: - service.yaml - ingress.yaml - middleware.yaml - # - tlsoptions.yaml diff --git a/services/zot/middleware.yaml b/services/zot/middleware.yaml index 8a47c0a..166b070 100644 --- a/services/zot/middleware.yaml +++ b/services/zot/middleware.yaml @@ -1,42 +1,4 @@ -# # services/zot/middleware.yaml -# apiVersion: traefik.io/v1alpha1 -# kind: Middleware -# metadata: -# name: zot-headers -# namespace: zot -# spec: -# headers: -# customRequestHeaders: -# Docker-Distribution-Api-Version: "registry/2.0" - -# --- - -# apiVersion: traefik.io/v1alpha1 -# kind: Middleware -# metadata: -# name: zot-buffering -# namespace: zot -# spec: -# buffering: -# # "0" here means "no limit" for Traefik's buffering middleware -# maxRequestBodyBytes: 0 -# memRequestBodyBytes: 0 -# maxResponseBodyBytes: 0 -# memResponseBodyBytes: 0 -# retryExpression: "IsNetworkError() && Attempts() <= 2" - -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: add-www-auth - namespace: zot -spec: - headers: - customResponseHeaders: - WWW-Authenticate: Basic realm="zot-registry" - ---- - +# services/zot/middleware.yaml apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: @@ -46,7 +8,6 @@ spec: headers: customResponseHeaders: Docker-Distribution-Api-Version: "registry/2.0" - WWW-Authenticate: 'Basic realm="zot-registry"' accessControlAllowOriginList: - "*" accessControlAllowCredentials: true @@ -63,4 +24,3 @@ spec: - PUT - PATCH - DELETE - diff --git a/services/zot/tlsoptions.yaml b/services/zot/tlsoptions.yaml deleted file mode 100644 index 7a13d8a..0000000 --- a/services/zot/tlsoptions.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# # services/zot/tlsoptions.yaml -# apiVersion: traefik.io/v1alpha1 -# kind: TLSOption -# metadata: -# name: h1only -# namespace: zot -# spec: -# alpnProtocols: -# - http/1.1 \ No newline at end of file