[Installer]: configure minio to act as gateway to azure blob storage

[mrsimonemms]

Description

• Refactor Minio component to make it easier to distinguish in-cluster and each gateway configuration
• Add Azure config
• Validate the Azure blob storage secret

Related Issue(s)

Fixes gitpod-io/gitpod-microsoft-aks-guide#6

How to test

Create Azure storage account and create a secret:

kubectl create secret generic az-storage-token \
      --from-literal=accountName="${STORAGE_ACCOUNT_NAME}" \
      --from-literal=accountKey="${STORAGE_ACCOUNT_KEY}" \
      --dry-run=client -o yaml | \
      kubectl replace --force -f -

Now update the config:

objectStorage:
  inCluster: false
  azure:
    certificate:
      kind: secret
      name: az-storage-token

Release Notes

Configure Azure blob storage for installer

Documentation

[codecov]

Codecov Report

Merging #6745 (0186808) into main (cb7e182) will decrease coverage by 12.83%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main   #6745       +/-   ##
==========================================
- Coverage   19.04%   6.21%   -12.84%     
==========================================
  Files           2      12       +10     
  Lines         168    1078      +910     
==========================================
+ Hits           32      67       +35     
- Misses        134    1010      +876     
+ Partials        2       1        -1     

Flag	Coverage Δ
components-local-app-app-linux-amd64	?
components-local-app-app-linux-arm64	?
components-local-app-app-windows-386	?
components-local-app-app-windows-amd64	?
components-local-app-app-windows-arm64	?
installer-raw-app	6.21% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
installer/pkg/common/storage.go	0.00% <0.00%> (ø)
components/local-app/pkg/auth/auth.go
components/local-app/pkg/auth/pkce.go
installer/pkg/common/display.go	0.00% <0.00%> (ø)
installer/pkg/components/ws-manager/configmap.go	29.71% <0.00%> (ø)
installer/pkg/components/ws-manager/rolebinding.go	0.00% <0.00%> (ø)
installer/pkg/common/render.go	0.00% <0.00%> (ø)
...components/ws-manager/unpriviledged-rolebinding.go	0.00% <0.00%> (ø)
installer/pkg/components/ws-manager/role.go	0.00% <0.00%> (ø)
... and 5 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cb7e182...0186808. Read the comment docs.

[mrsimonemms]

/assign @csweichel

[csweichel]

are all useMinio cases internal storage only?

[mrsimonemms]

Minio can be in two states - internal storage and gateway to external. Because the interface is the same, we don't actually need to know how we're doing it, just that we are doing it.

This is how it seems to work with Helm (so what I've replicated in Installer), that the storage is either GCP or Minio, regardless of whether Minio is internal or gateway.

In the future (#6777), there will be an additional "if s3" in the useMinio function. As there are two places where we need to know if we're using Minio (and not how we're using it), it seemed sensible to have a function to work it out

[csweichel]

That makes a total sense. I was just a tad confused by the comment in this line.

[csweichel]

/lgtm

[roboquat]

LGTM label has been added.

Git tree hash: d24040b39f5180fba3d77746c14c6d43aa7e1919

[roboquat]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csweichel

Associated issue: #6

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• installer/OWNERS [csweichel]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment