zot ui: send basic creds from oauth2-proxy, remove traefik header

services/zot/ingress.yaml

@@ -35,7 +35,7 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
-    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-ui-auth-header@kubernetescrd, zot-zot-resp-headers@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-resp-headers@kubernetescrd
 spec:
   ingressClassName: traefik
   tls:

services/zot/kustomization.yaml

@@ -11,4 +11,3 @@ resources:
   - oauth2-proxy-service.yaml
   - ingress.yaml
   - middleware.yaml
-  - middleware-ui.yaml

services/zot/middleware-ui.yaml

@@ -1,10 +0,0 @@
-# services/zot/middleware-ui.yaml
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: zot-ui-auth-header
-  namespace: zot
-spec:
-  headers:
-    customRequestHeaders:
-      Authorization: "Basic em90LXVpLXByb3h5OlRlbXBTc29VaVBhc3MhMjAyNQ=="

services/zot/oauth2-proxy-deployment.yaml

@@ -44,7 +44,7 @@ spec:
             - --cookie-samesite=lax
             - --cookie-refresh=20m
             - --cookie-expire=168h
-            - --upstream=http://zot:5000
+            - --upstream=http://zot-ui-proxy:TempSsoUiPass%212025@zot:5000
             - --http-address=0.0.0.0:4180
             - --skip-provider-button=true
             - --skip-jwt-bearer-tokens=true