zot: forward Authorization header to upstream

2025-12-09 23:17:45 -03:00 · 2025-12-09 23:17:45 -03:00 · 9dc3be6cde
commit 9dc3be6cde
parent 6093297b5d
2 changed files with 6 additions and 2 deletions
--- a/services/vault/ingress.yaml
+++ b/services/vault/ingress.yaml
@ -7,7 +7,10 @@ metadata:
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: vault-login-redirect@kubernetescrd
    traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/service.serversscheme: https
+    traefik.ingress.kubernetes.io/service.serverstransport: vault-to-https@kubernetescrd
 spec:
  ingressClassName: traefik
  tls:
@ -21,6 +24,6 @@ spec:
            pathType: Prefix
            backend:
              service:
-                name: oauth2-proxy-vault
+                name: vault
                port:
-                  number: 80
+                  number: 8200
--- a/services/zot/oauth2-proxy-zot.yaml
+++ b/services/zot/oauth2-proxy-zot.yaml
@ -56,6 +56,7 @@ spec:
            - --set-xauthrequest=true
            - --pass-access-token=true
            - --set-authorization-header=true
+            - --pass-authorization-header=true
            - --cookie-secure=true
            - --cookie-samesite=lax
            - --cookie-refresh=20m