# services/zot/config.map
apiVersion: v1
kind: ConfigMap
metadata:
  name: zot-config
  namespace: zot
data:
  config.json: |
    {
      "storage": {
        "rootDirectory": "/var/lib/registry",
        "dedupe": true,
        "gc": true,
        "gcDelay": "1h",
        "gcInterval": "1h"
      },
      "http": {
        "address": "0.0.0.0",
        "port": "5000",
        "realm": "zot-registry",
        "compat": ["docker2s2"],
        "auth": {
          "openid": {
            "providers": {
              "oidc": {
                "issuer": "https://sso.bstein.dev/realms/atlas",
                "clientID": "oauth2-proxy",
                "clientSecret": "__CLIENT_SECRET__",
                "scopes": ["openid", "profile", "email", "groups"]
              }
            }
          }
        },
        "externalUrl": "https://registry.bstein.dev",
        "accessControl": {
          "repositories": {
            "**": {
              "policies": [],
              "defaultPolicy": [
                { "actions": ["read", "create", "update", "delete"] }
              ],
              "anonymousPolicy": [
                { "actions": ["read", "create", "update", "delete"] }
              ]
            }
          },
          "adminPolicy": {
            "groups": ["admin"],
            "actions": ["read", "create", "update", "delete"]
          }
        }
      },
      "log": { "level": "debug" },
      "extensions": {
        "ui": { "enable": true },
        "search": { "enable": true },
        "metrics": { "enable": true }
      }
    }