kots: Support s3 backend with incluster registry

Currently, There seems to be a configuration issue, around
s3 backend, and docker registry. The s3 option is available
when `incluster` is disabled, which is confusing as s3
backend is supported when `incluster` registry is enabled.

This PR fixes that by having this configured correctly.

Signed-off-by: Tarun Pothulapati <[email protected]>

Author: Pothulapati

install/kots/manifests/gitpod-installer-job.yaml

@@ -139,12 +139,12 @@ spec:
                 yq e -i ".containerRegistry.external.url = \"{{repl ConfigOption "reg_url" }}\"" "${CONFIG_FILE}"
                 yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}"
                 yq e -i ".containerRegistry.external.certificate.name = \"container-registry\"" "${CONFIG_FILE}"
-
-                if [ '{{repl ConfigOptionEquals "reg_s3storage" "1" }}' = "true" ];
+              else
+                if [ '{{repl ConfigOptionEquals "reg_incluster_storage" "s3" }}' = "true" ];
                 then
                   echo "Gitpod: configuring container registry S3 backend"
 
-                  yq e -i ".containerRegistry.s3storage.bucket = \"{{repl ConfigOption "reg_bucketname" }}\"" "${CONFIG_FILE}"
+                  yq e -i ".containerRegistry.s3storage.bucket = \"{{repl ConfigOption "reg_incluster_storage_s3_bucketname" }}\"" "${CONFIG_FILE}"
                   yq e -i ".containerRegistry.s3storage.certificate.kind = \"secret\"" "${CONFIG_FILE}"
                   yq e -i ".containerRegistry.s3storage.certificate.name = \"container-registry-s3-backend\"" "${CONFIG_FILE}"
                 fi

install/kots/manifests/gitpod-registry-s3-backend.yaml

@@ -9,7 +9,7 @@ metadata:
     app: gitpod
     component: gitpod-installer
   annotations:
-    kots.io/when: '{{repl and (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
+    kots.io/when: '{{repl and (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_incluster_storage" "s3") }}'
 data:
-  s3AccessKey: '{{repl ConfigOption "reg_accesskey" | Base64Encode }}'
-  s3SecretKey: '{{repl ConfigOption "reg_secretkey" | Base64Encode }}'
+  s3AccessKey: '{{repl ConfigOption "reg_incluster_storage_s3_accesskey" | Base64Encode }}'
+  s3SecretKey: '{{repl ConfigOption "reg_incluster_storage_s3_secretkey" | Base64Encode }}'

install/kots/manifests/kots-config.yaml

@@ -33,6 +33,39 @@ spec:
           help_text: You may either use an in-cluster container registry or configure your own external container registry for better performance. This container registry must be accessible from your Kubernetes cluster.
           recommended: false
 
+        - name: reg_incluster_storage
+          title: In-cluster Storage provider
+          type: select_one
+          when: '{{repl (ConfigOptionEquals "reg_incluster" "1") }}'
+          default: none
+          help_text: You may configure your Docker registry to use an external storage backend. This setting is recommended for AWS users instead of using Elastic Container Registry.
+          items:
+            - name: none
+              title: None
+            - name: s3
+              title: S3
+
+        - name: reg_incluster_storage_s3_bucketname
+          title: S3 bucket name
+          type: text
+          required: true
+          when: '{{repl (ConfigOptionEquals "reg_incluster_storage" "s3") }}'
+          help_text: The name of the bucket to act as your S3 storage backend.
+
+        - name: reg_incluster_storage_s3_accesskey
+          title: S3 access key
+          type: text
+          required: true
+          when: '{{repl (ConfigOptionEquals "reg_incluster_storage" "s3") }}'
+          help_text: The access key to use for authentication of your S3 storage backend.
+
+        - name: reg_incluster_storage_s3_secretkey
+          title: S3 secret key
+          type: password
+          when: '{{repl (ConfigOptionEquals "reg_incluster_storage" "s3") }}'
+          required: true
+          help_text: The secret key to use for authentication of your S3 storage backend.
+
         - name: reg_url
           title: Container registry URL
           type: text
@@ -60,34 +93,6 @@ spec:
           required: true
           help_text: The password for your container registry.
 
-        - name: reg_s3storage
-          title: Use S3 storage for your container registry
-          type: bool
-          default: "0"
-          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}'
-          help_text: If using AWS as your container registry, you must configure an S3 storage backend.
-
-        - name: reg_bucketname
-          title: S3 bucket name
-          type: text
-          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
-          required: true
-          help_text: The name of the bucket to act as your S3 storage backend.
-
-        - name: reg_accesskey
-          title: S3 access key
-          type: text
-          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
-          required: true
-          help_text: The access key to use for authentication of your S3 storage backend.
-
-        - name: reg_secretkey
-          title: S3 secret key
-          type: password
-          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
-          required: true
-          help_text: The secret key to use for authentication of your S3 storage backend.
-
     - name: database
       title: Database
       description: Gitpod requires an instance of MySQL 5.7 for data storage. This can either be an in-cluster or external database.