From c74b43fe3b3fc07f18810d8b32961433aa8e808a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rade=20Martinovi=C4=87?= <rocky_mm@yahoo.com>
Date: Fri, 1 Dec 2023 16:49:49 +0100
Subject: [PATCH] #1883 return pre-authenticated configuration to
 location-snippet

Necessary for the Ingress-Nginx Controller
---
 deployment/helm/ditto/templates/nginx-ingress.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/deployment/helm/ditto/templates/nginx-ingress.yaml b/deployment/helm/ditto/templates/nginx-ingress.yaml
index bfbba243a7..2e906d7b9f 100644
--- a/deployment/helm/ditto/templates/nginx-ingress.yaml
+++ b/deployment/helm/ditto/templates/nginx-ingress.yaml
@@ -132,6 +132,11 @@ data:
     # ignore X-Original-URI in the request
     proxy_hide_header X-Original-URI;
 
+
+    # set ditto-specific forwarded headers - needed in the location for registry.k8s.io/ingress-nginx/controller
+    proxy_set_header        X-Forwarded-User              $remote_user;
+    proxy_set_header        x-ditto-pre-authenticated     "nginx:$remote_user";
+
   proxy-connect-timeout: "10" # seconds, default: 60
   # timeouts are configured slightly higher than gateway read-timeout of 60 seconds
   proxy-send-timeout: "70" # seconds, default: 60