feat(storage): finish initial basic implementation

- support both s3 & file storage backends
- support imgproxy to scale images
- manually tested with MinIO & local storage
- fixed service discovery issue in APIGatey reconciler not detecting
  service changes
- refactored defaults and env variable code to make it manageable again
- add repo link to docs

config/dev/kustomization.yaml

@@ -2,9 +2,17 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
+  - https://github.com/cert-manager/cert-manager/releases/download/v1.16.3/cert-manager.yaml
+  - https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.25.0/cnpg-1.25.0.yaml
+  - resources/minio.yaml
   - ../default
 
 patches:
   - path: manager_dev_settings.yaml
     target:
       kind: Deployment
+      labelSelector: app.kubernetes.io/name=supabase-operator
+  - path: manager_dev_settings.yaml
+    target:
+      kind: Deployment
+      labelSelector: app.kubernetes.io/name=control-plane

config/dev/minio-operator.yaml

@@ -0,0 +1,3 @@
+- op: replace
+  path: /spec/replicas
+  value: 1

config/dev/resources/minio.yaml

@@ -0,0 +1,52 @@
+# Deploys a new Namespace for the MinIO Pod
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: minio-dev
+  labels:
+    name: minio-dev
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app.kubernetes.io/name: minio
+    app.kubernetes.io/managed-by: tilt
+  name: minio
+  namespace: minio-dev # Change this value to match the namespace metadata.name
+spec:
+  containers:
+    - name: minio
+      image: quay.io/minio/minio:latest
+      command:
+        - /bin/bash
+        - -c
+      env:
+        - name: MINIO_ROOT_USER
+          value: minio
+        - name: MINIO_ROOT_PASSWORD
+          value: 1n1t-R00t!
+      args:
+        - minio server /data --console-address :9090 --json
+      volumeMounts:
+        - mountPath: /data
+          name: localvolume # Corresponds to the `spec.volumes` Persistent Volume
+  volumes:
+    - name: localvolume
+      hostPath: # MinIO generally recommends using locally-attached volumes
+        path: /mnt/disk1/data # Specify a path to a local drive or volume on the Kubernetes worker node
+        type: DirectoryOrCreate # The path to the last directory must exist
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: minio
+  namespace: minio-dev
+spec:
+  selector:
+    app.kubernetes.io/name: minio
+    app.kubernetes.io/managed-by: tilt
+  ports:
+    - protocol: TCP
+      port: 9000
+      targetPort: 9000

config/samples/storage_file_backend.yaml

@@ -0,0 +1,35 @@
+apiVersion: supabase.k8s.icb4dc0.de/v1alpha1
+kind: Storage
+metadata:
+  labels:
+    app.kubernetes.io/name: supabase-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: storage-sample
+spec:
+  api:
+    fileBackend:
+      path: /tmp
+    db:
+      host: cluster-example-rw.supabase-demo.svc
+      dbName: app
+      dbCredentialsRef:
+        # will be created by Core resource operator if not present
+        # just make sure the secret name is either based on the name of the core resource or explicitly set
+        # format <core-resource-name>-db-creds-supabase-storage-admin
+        secretName: core-sample-db-creds-supabase-storage-admin
+    enableImageTransformation: true
+    jwtAuth:
+      # will be created by Core resource operator if not present
+      # just make sure the secret name is either based on the name of the core resource or explicitly set
+      secretName: core-sample-jwt
+    workloadTemplate:
+      workload:
+        volumeMounts:
+          - name: storage-temp
+            mountPath: /tmp
+      additionalVolumes:
+        - name: storage-temp
+          emtpyDir:
+            sizeLimit: 500Mi
+  imageProxy:
+    enable: true

config/samples/supabase_v1alpha1_storage.yaml

@@ -1,3 +1,12 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: storage-s3-credentials
+stringData:
+  accessKeyId: FPxTAFL7NaubjPgIGBo3
+  secretAccessKey: 7F437pPe84QcoocD3MWdAIVBU3oXonhVHxK645tm
+---
 apiVersion: supabase.k8s.icb4dc0.de/v1alpha1
 kind: Storage
 metadata:
@@ -6,17 +15,27 @@ metadata:
     app.kubernetes.io/managed-by: kustomize
   name: storage-sample
 spec:
-  backendType: file
-  db:
-    host: cluster-example-rw.supabase-demo.svc
-    dbName: app
-    dbCredentialsRef:
+  api:
+    s3Backend:
+      endpoint: http://minio.minio-dev.svc:9000
+      region: us-east-1
+      forcePathStyle: true
+      bucket: test
+      credentialsSecretRef:
+        secretName: storage-s3-credentials
+    s3Protocol: {}
+    db:
+      host: cluster-example-rw.supabase-demo.svc
+      dbName: app
+      dbCredentialsRef:
+        # will be created by Core resource operator if not present
+        # just make sure the secret name is either based on the name of the core resource or explicitly set
+        # format <core-resource-name>-db-creds-supabase-storage-admin
+        secretName: core-sample-db-creds-supabase-storage-admin
+    enableImageTransformation: true
+    jwtAuth:
       # will be created by Core resource operator if not present
       # just make sure the secret name is either based on the name of the core resource or explicitly set
-      # format <core-resource-name>-db-creds-supabase-storage-admin
-      secretName: core-sample-db-creds-supabase-storage-admin
-  enableImageTransformation: true
-  jwtAuth:
-    # will be created by Core resource operator if not present
-    # just make sure the secret name is either based on the name of the core resource or explicitly set
-    secretName: core-sample-jwt
+      secretName: core-sample-jwt
+  imageProxy:
+    enable: true