support GCS gateway on vanilla helm chart (#13810)

These changes have been migrated from the previous chart: https://github.com/helm/charts/tree/master/stable/minio

Added `GCS` support for gateway mode in the helm chart.

Added a new GCS block under the gateway key to the house 
the GCS-specific variables.

The gateway-deployment template now sets the env var: GOOGLE_APPLICATION_CREDENTIALS as a path to the 
service-account-file.json

The service-account-file.json can be added to the MinIO 
the secret if an existingSecret is not specified.

helm/minio/templates/gateway-deployment.yaml

@@ -69,8 +69,18 @@ spec:
           command:
             - "/bin/sh"
             - "-ce"
+            {{- if eq .Values.gateway.type "nas" }}
             - "/usr/bin/docker-entrypoint.sh minio gateway nas {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }} "
+            {{- end }}
+            {{- if eq .Values.gateway.type "gcs" }}
+            - "/usr/bin/docker-entrypoint.sh minio gateway gcs {{ .Values.gateway.gcs.projectId }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }} "
+            {{- end }}
           volumeMounts:
+            {{- if eq .Values.gateway.type "gcs" }}
+            - name: minio-user
+              mountPath: "/tmp/gcs-credentials"
+              readOnly: true
+            {{- end }}
             {{- if .Values.persistence.enabled }}
             - name: export
               mountPath: {{ .Values.mountPath }}
@@ -95,6 +105,10 @@ spec:
                 secretKeyRef:
                   name: {{ template "minio.secretName" . }}
                   key: rootPassword
+            {{- if eq .Values.gateway.type "gcs" }}
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: "/tmp/gcs-credentials/service-account-file.json""
+            {{- end }}
             {{- if .Values.metrics.serviceMonitor.public }}
             - name: MINIO_PROMETHEUS_AUTH_TYPE
               value: "public"

helm/minio/templates/secrets.yaml

@@ -13,4 +13,7 @@ type: Opaque
 data:
   rootUser: {{ if .Values.rootUser }}{{ .Values.rootUser | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }}
   rootPassword: {{ if .Values.rootPassword }}{{ .Values.rootPassword | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }}
+  {{- if eq .Values.gateway.type "gcs" }}
+  service-account-file.json: {{ .Values.gateway.gcs.serviceAccountFile | b64enc }}
+  {{- end }}
 {{- end }}

helm/minio/values.yaml

@@ -28,12 +28,13 @@ mcImage:
   tag: RELEASE.2021-11-16T20-37-36Z
   pullPolicy: IfNotPresent
 
-## minio mode, i.e. standalone or distributed or gateway (nas)
+## minio mode, i.e. standalone or distributed or gateway (nas,gcs)
 ## Distributed MinIO ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide
 ## NAS Gateway MinIO ref: https://docs.min.io/docs/minio-gateway-for-nas.html
+## GCS Gateway MinIO ref: https://docs.min.io/docs/minio-gateway-for-gcs.html
 mode: distributed
 
-## NOTE: currently only "nas" gateway is supported.
+## NOTE: currently only "nas,gcs" gateways are supported.
 
 ## Additional labels to include with deployment or statefulset
 additionalLabels: []
@@ -105,8 +106,11 @@ pools: 1
 
 # Deploy if 'mode == gateway' - 4 replicas.
 gateway:
-  type: "nas" # currently only "nas" is supported.
+  type: "nas" # currently only "nas,gcs" are supported.
   replicas: 4
+  gcs:
+    serviceAccountFile: "" # credential JSON file of service account key (not required if using existing secret)
+    projectId: "" # Google cloud project id required
 
 ## TLS Settings for MinIO
 tls: