# services/zot/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: zot-cli
  namespace: zot
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-resp-headers@kubernetescrd
spec:
  ingressClassName: traefik
  tls:
    - hosts: [ "cli.registry.bstein.dev" ]
      secretName: cli-registry-bstein-dev-tls
  rules:
    - host: cli.registry.bstein.dev
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: zot
                port:
                  number: 5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: zot-ui
  namespace: zot
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.middlewares: zot-zot-ui-auth-header@kubernetescrd, zot-zot-resp-headers@kubernetescrd
spec:
  ingressClassName: traefik
  tls:
    - hosts: [ "web.registry.bstein.dev" ]
      secretName: web-registry-bstein-dev-tls
  rules:
    - host: web.registry.bstein.dev
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: zot-oauth2-proxy
                port:
                  number: 80