titan-iac/services/zot/middleware.yaml

# services/zot/middleware.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: zot-resp-headers
  namespace: zot
spec:
  headers:
    customResponseHeaders:
      Docker-Distribution-Api-Version: "registry/2.0"
    accessControlAllowOriginList:
      - "*"
    accessControlAllowCredentials: true
    accessControlAllowHeaders:
      - Authorization
      - Content-Type
      - Docker-Distribution-Api-Version
      - X-Registry-Auth
    accessControlAllowMethods:
      - GET
      - HEAD
      - OPTIONS
      - POST
      - PUT
      - PATCH
      - DELETE

---

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: zot-login-redirect
  namespace: zot
spec:
  redirectRegex:
    regex: "^/$"
    replacement: "https://registry.bstein.dev/auth/login?provider=oidc&callback_ui=https://registry.bstein.dev/home"
    permanent: true