FIX(zot): add session keys for consistent cookie handling

- Add ExternalSecret for session hashKey and blockKey - Mount session keys from Vault - Configure sessionDriver with key files - Fix securecookie validation error in multi-replica setup
2026-01-10 03:00:53 +09:00
parent e1850865fb
commit b7eb527782
2 changed files with 36 additions and 1 deletions
--- a/zot/manifests/secret.yaml
+++ b/zot/manifests/secret.yaml
@@ -47,3 +47,26 @@ spec:
    remoteRef:
      key: zot
      property: OIDC_CLIENT_SECRET
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: zot-session-secret
+  namespace: zot
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: zot-session-keys
+    creationPolicy: Owner
+  data:
+  - secretKey: hashKey
+    remoteRef:
+      key: zot
+      property: SESSION_HASH_KEY
+  - secretKey: blockKey
+    remoteRef:
+      key: zot
+      property: SESSION_BLOCK_KEY