# # services/zot/middleware.yaml
# apiVersion: traefik.io/v1alpha1
# kind: Middleware
# metadata:
#   name: zot-headers
#   namespace: zot
# spec:
#   headers:
#     customRequestHeaders:
#       Docker-Distribution-Api-Version: "registry/2.0"

# ---

# apiVersion: traefik.io/v1alpha1
# kind: Middleware
# metadata:
#   name: zot-buffering
#   namespace: zot
# spec:
#   buffering:
#     # "0" here means "no limit" for Traefik's buffering middleware
#     maxRequestBodyBytes: 0
#     memRequestBodyBytes: 0
#     maxResponseBodyBytes: 0
#     memResponseBodyBytes: 0
#     retryExpression: "IsNetworkError() && Attempts() <= 2"

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: add-www-auth
  namespace: zot
spec:
  headers:
    customResponseHeaders:
      WWW-Authenticate: Basic realm="zot-registry"

---

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: zot-resp-headers
  namespace: zot
spec:
  headers:
    customResponseHeaders:
      Docker-Distribution-Api-Version: "registry/2.0"
      WWW-Authenticate: 'Basic realm="zot-registry"'
    accessControlAllowOriginList:
      - "*"
    accessControlAllowCredentials: true
    accessControlAllowHeaders:
      - Authorization
      - Content-Type
      - Docker-Distribution-Api-Version
      - X-Registry-Auth
    accessControlAllowMethods:
      - GET
      - HEAD
      - OPTIONS
      - POST
      - PUT
      - PATCH
      - DELETE