[installer]: allow use of external container registry

[mrsimonemms]

Description

Configure external container registry

Related Issue(s)

Fixes #6565

How to test

Get create container registry in GCP and get a service account key

To create secret:

kubectl create secret docker-registry \
  registry-secret \
  --docker-server=gcr.io/<projectId>/gitpod \
  --docker-username=_json_key \
  --docker-password="$(cat /path/to/credentials.json)"

Then change the config to:

containerRegistry:
  inCluster: false
  external:
    url: gcr.io/<projectId>/gitpod
    certificate:
      kind: secret
      name: registry-secret

Deploy the changes and create a workspace

Release Notes

Allow use of external container registry

Documentation

[mrsimonemms]

FYI, this section has been rearranged to make the registry proxy conditional

[codecov]

Codecov Report

Merging #6621 (ce04c18) into main (64f4da8) will decrease coverage by 27.28%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main   #6621       +/-   ##
==========================================
- Coverage   33.29%   6.00%   -27.29%     
==========================================
  Files          48      12       -36     
  Lines        8678    1116     -7562     
==========================================
- Hits         2889      67     -2822     
+ Misses       5551    1048     -4503     
+ Partials      238       1      -237     

Flag	Coverage Δ
components-blobserve-app	?
components-blobserve-lib	?
components-image-builder-mk3-app	?
components-local-app-app-darwin-amd64	?
components-local-app-app-darwin-arm64	?
components-local-app-app-linux-amd64	?
components-local-app-app-linux-arm64	?
components-local-app-app-windows-386	?
components-local-app-app-windows-amd64	?
components-local-app-app-windows-arm64	?
components-registry-facade-api-go-lib	?
components-registry-facade-app	?
components-registry-facade-lib	?
components-ws-manager-app	?
components-ws-proxy-app	?
components-ws-proxy-lib	?
installer-raw-app	6.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ents/image-builder-mk3/pkg/orchestrator/metrics.go
...onents/registry-facade/pkg/registry/layersource.go
components/ws-proxy/pkg/proxy/pass.go
components/ws-manager/pkg/manager/imagespec.go
components/blobserve/pkg/blobserve/refstore.go
components/ws-proxy/pkg/proxy/proxy.go
components/ws-manager/pkg/manager/probe.go
components/ws-manager/pkg/manager/manager.go
components/ws-proxy/pkg/proxy/infoprovider.go
components/blobserve/pkg/blobserve/blobserve.go
... and 26 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 64f4da8...ce04c18. Read the comment docs.

[mrsimonemms]

/assign @csweichel

[csweichel]

Found a few minor things that would need fixing.

Is there an issue for introducing the secret validation checks?

[mrsimonemms]

Is there an issue for introducing the secret validation checks?

Yes - #6627

[csweichel]

LGTM

[roboquat]

LGTM label has been added.

Git tree hash: f0d88d09fc558ec8a4bfce3ed5358fe36e23f1d8

[roboquat]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csweichel

Associated issue: #6565

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• installer/OWNERS [csweichel]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment