bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

zot: forward Authorization header to upstream

Browse Source
This commit is contained in:
Brad Stein 2025-12-09 23:17:45 -03:00
parent 6093297b5d
commit 9dc3be6cde
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
services/vault/ingress.yaml
View File

@ -7,7 +7,10 @@ metadata:
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: vault-login-redirect@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/service.serversscheme: https
traefik.ingress.kubernetes.io/service.serverstransport: vault-to-https@kubernetescrd
spec: spec:
ingressClassName: traefik ingressClassName: traefik
tls: tls:
@ -21,6 +24,6 @@ spec:
pathType: Prefix pathType: Prefix
backend: backend:
service: service:
name: oauth2-proxy-vault name: vault
port: port:
number: 80 number: 8200

1
services/zot/oauth2-proxy-zot.yaml
View File

@ -56,6 +56,7 @@ spec:
- --set-xauthrequest=true - --set-xauthrequest=true
- --pass-access-token=true - --pass-access-token=true
- --set-authorization-header=true - --set-authorization-header=true
- --pass-authorization-header=true
- --cookie-secure=true - --cookie-secure=true
- --cookie-samesite=lax - --cookie-samesite=lax
- --cookie-refresh=20m - --cookie-refresh=20m