zot middleware add

2025-09-09 01:43:13 -05:00 · 2025-09-09 01:43:13 -05:00 · 6efe79819f
commit 6efe79819f
parent 33d07dcf5c
4 changed files with 13 additions and 2 deletions
--- a/services/zot/configmap.yaml
+++ b/services/zot/configmap.yaml
@ -23,7 +23,7 @@ data:
        },
        "accessControl": {
          "repositories": {
-            "pegasus": {
+            "pegasus/**": {
              "policies": [
                { "users": ["bstein"], "actions": ["read", "create", "update", "delete"] }
              ],
--- a/services/zot/ingress.yaml
+++ b/services/zot/ingress.yaml
@ -10,6 +10,7 @@ metadata:
    traefik.ingress.kubernetes.io/router.tls: "true"
    # traefik.ingress.kubernetes.io/router.tls.options: zot-h1only@kubernetescrd
    # traefik.ingress.kubernetes.io/router.middlewares: zot-zot-headers@kubernetescrd,zot-zot-buffering@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: zot-add-www-auth@kubernetescrd
 spec:
  ingressClassName: traefik
  tls:
--- a/services/zot/kustomization.yaml
+++ b/services/zot/kustomization.yaml
@ -8,5 +8,5 @@ resources:
  - configmap.yaml
  - service.yaml
  - ingress.yaml
-  # - middleware.yaml
+  - middleware.yaml
  # - tlsoptions.yaml
--- a/services/zot/middleware.yaml
+++ b/services/zot/middleware.yaml
@ -24,3 +24,13 @@
 #     maxResponseBodyBytes: 0
 #     memResponseBodyBytes: 0
 #     retryExpression: "IsNetworkError() && Attempts() <= 2"
+
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: add-www-auth
+  namespace: zot
+spec:
+  headers:
+    customResponseHeaders:
+      WWW-Authenticate: Basic realm="zot-registry"