zot middleware add

services/zot/configmap.yaml

@@ -23,19 +23,12 @@ data:
         },
         "accessControl": {
           "repositories": {
-            "pegasus/**": {
+            "**": {
               "policies": [
                 { "users": ["bstein"], "actions": ["read", "create", "update", "delete"] }
               ],
               "defaultPolicy": [],
               "anonymousPolicy": []
-            },
-            "**": {
-              "policies": [
-                { "users": ["bstein"], "actions": ["read", "create", "update", "delete"] }
-              ],
-              "defaultPolicy": ["read"],
-              "anonymousPolicy": ["read"]
             }
           },
           "adminPolicy": {

services/zot/ingress.yaml

@@ -11,6 +11,7 @@ metadata:
     # traefik.ingress.kubernetes.io/router.tls.options: zot-h1only@kubernetescrd
     # traefik.ingress.kubernetes.io/router.middlewares: zot-zot-headers@kubernetescrd,zot-zot-buffering@kubernetescrd
     traefik.ingress.kubernetes.io/router.middlewares: zot-add-www-auth@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-resp-headers@kubernetescrd
 spec:
   ingressClassName: traefik
   tls:

services/zot/middleware.yaml

@@ -34,3 +34,33 @@ spec:
   headers:
     customResponseHeaders:
       WWW-Authenticate: Basic realm="zot-registry"
+
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: zot-resp-headers
+  namespace: zot
+spec:
+  headers:
+    customResponseHeaders:
+      Docker-Distribution-Api-Version: "registry/2.0"
+      WWW-Authenticate: 'Basic realm="zot-registry"'
+    accessControlAllowOriginList:
+      - "*"
+    accessControlAllowCredentials: true
+    accessControlAllowHeaders:
+      - Authorization
+      - Content-Type
+      - Docker-Distribution-Api-Version
+      - X-Registry-Auth
+    accessControlAllowMethods:
+      - GET
+      - HEAD
+      - OPTIONS
+      - POST
+      - PUT
+      - PATCH
+      - DELETE
+