Add option to switch to S3v2 driver for Container Registry storage

Summary

Add a beta option to switch to S3v2 storage driver for Container Registry. This allows customer to enable this option when they are ready to migrate from the deprecated S3v1 driver before AWS SDK v1 reaches end-of-life on July 31, 2025. Note that GitLab's s3_v2 support is Beta until 19.0 - see more details in Background.

Background

Details:

AWS SDK v1 will reach end-of-life on July 31, 2025, after which it will no longer receive security updates or support from AWS.
GitLab is transitioning from the S3v1 storage driver to the S3v2 driver for Container Registry storage.
AWS SDK v2 is not Beta, but GitLab's support for s3_v2 is in Beta
The S3v1 driver is being deprecated in GitLab 17.10 and will be removed in GitLab 19.0. As part of removal in 19.0, old configuration of s3 will start to work as s3_v2 as drop-in replacement

As such, between July 31, 2025 and 19.0 release customers on AWS SDK v1 version will be without security updates or support from AWS.

Migration details:

No downtime is expected when switching to the new 's3_v2' => { (unless user uses old v2 signature signing with custom config v4auth: false)
No limitations expected from the switch. Team performed extensive testing, however the general recommendation is to test the migration on non-production environment in case there are some edge cases that GitLab was not aware about

Implementation plan

Add Ansible variable that would allow to switch to v2:

Omnibus: in registry['storage'] from 's3' => { to 's3_v2' => {
Charts: in storage: secret from s3 to s3_v2 (confirmed)
Call out that this is Beta and customer need to follow GitLab recommendations of testing the switch

Documentation: https://docs.gitlab.com/administration/packages/container_registry/?tab=S3#configure-object-storage-for-linux-package-installations

Edited Apr 30, 2025 by Nailia Iskhakova