[installer]: add image pull secrets and custom image registry

[mrsimonemms]

Description

Add image pull secrets to Gitpod components

Limitations

1. This explicitly does not include pulling Gitpod workspace images from a private registry - just images declared by Kubernetes
2. An in-cluster container registry is not supported. You must also pull your images from the same container registry as you push workspace-images to

The limitations are related to the registry-facade only having a single .dockerconfigjson set to /mnt/pull-secret.json as the configmap only allows a single AuthCfg. This means that images such as docker-up and supervisor won't be downloaded if using a different repository. If we decide to support the above two limitations, the AuthCfg will need to accept an array of pull secrets.

Mirroring

For external image names, the convention of path/name is followed which will make it easier to mirror. This means that anything in docker.io is written out in full - eg, alpine becomes library/alpine. Any Gitpod images just have the given container registry replaced fully - eg, eu.gcr.io/gitpod-core-dev/build/agent-smith becomes mynewrepo.com/agent-smith

A simple bash script to mirror images to your own registry is contained in #6756

Related Issue(s)

Fixes #6979
Fixes #6989
Fixes #6990

How to test

I have a private container registry with the images in. Can share/demo when necessary

Release Notes

[installer]: add image pull secrets to gitpod components

Documentation

[codecov]

Codecov Report

Merging #6983 (036f7bc) into main (64539bf) will decrease coverage by 1.76%.
The diff coverage is 0.00%.

@@           Coverage Diff            @@
##            main   #6983      +/-   ##
========================================
- Coverage   7.52%   5.76%   -1.77%     
========================================
  Files         15      13       -2     
  Lines       1315    1162     -153     
========================================
- Hits          99      67      -32     
+ Misses      1213    1094     -119     
+ Partials       3       1       -2     

Flag	Coverage Δ
components-local-app-app-linux-amd64	?
components-local-app-app-linux-arm64	?
components-local-app-app-windows-386	?
components-local-app-app-windows-amd64	?
components-local-app-app-windows-arm64	?
installer-raw-app	5.76% <0.00%> (-0.08%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
installer/pkg/common/common.go	4.64% <0.00%> (-0.11%)	⬇️
installer/pkg/common/objects.go	0.00% <0.00%> (ø)
components/local-app/pkg/auth/pkce.go
components/local-app/pkg/auth/auth.go

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 64539bf...036f7bc. Read the comment docs.

[csweichel]

did not test this, but code lgtm

/lgtm

[roboquat]

LGTM label has been added.

Git tree hash: 57172b589fe24af9fdb3620b47085322b4cc3b9a

[geropl]

/lgtm

[roboquat]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csweichel, geropl

Associated issue: #6756

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• installer/OWNERS [csweichel]
• installer/pkg/components/agent-smith/OWNERS [csweichel]
• installer/pkg/components/blobserve/OWNERS [csweichel]
• installer/pkg/components/image-builder-mk3/OWNERS [csweichel]
• installer/pkg/components/proxy/OWNERS [geropl]
• installer/pkg/components/registry-facade/OWNERS [csweichel]
• installer/pkg/components/server/OWNERS [geropl]
• installer/pkg/components/ws-daemon/OWNERS [csweichel]
• installer/pkg/components/ws-manager-bridge/OWNERS [geropl]
• installer/pkg/components/ws-scheduler/OWNERS [csweichel]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment