diff --git a/.github/workflows/chart-docs.yaml b/.github/workflows/chart-docs.yaml
index ebc2069..651661f 100644
--- a/.github/workflows/chart-docs.yaml
+++ b/.github/workflows/chart-docs.yaml
@@ -21,7 +21,7 @@ jobs:
- name: Generate Helm Documentation
id: helmdocs
- run: docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:v1.11.0
+ run: docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:v1.12.0
- uses: stefanzweifel/git-auto-commit-action@v4
with:
diff --git a/README.md b/README.md
index fc5dab5..65b9005 100644
--- a/README.md
+++ b/README.md
@@ -1,16 +1,21 @@
+# Thumbor Helm Chart
+
## ⚠️ Warning
+
This project is still under development. At the moment, we don't recommend usage in production.
## 🌈 Goal
+
This project aims to provide easy-to-use Helm charts for [Thumbor](https://github.com/thumbor/thumbor) and its components.
Currently, the only Helm chart available is for a vanilla Thumbor deployment.
## ⚙️ Usage
+
```bash
helm repo add thumbor https://thumbor.github.io/helm
helm install thumbor thumbor/thumbor
```
You can find the chart documentation under the chart folder:
-- [Thumbor](https://github.com/thumbor/helm/tree/main/charts/thumbor)
+- [Thumbor](https://github.com/thumbor/helm/tree/main/charts/thumbor)
diff --git a/charts/thumbor/Chart.lock b/charts/thumbor/Chart.lock
index f56d9d8..e2b4dc9 100644
--- a/charts/thumbor/Chart.lock
+++ b/charts/thumbor/Chart.lock
@@ -1,9 +1,9 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
- version: 2.2.1
+ version: 2.15.1
- name: redis
repository: https://charts.bitnami.com/bitnami
- version: 17.3.14
-digest: sha256:5202ce038c813cc0d94a3d72fd59dd855852f55040002a5fae51115c81a00893
-generated: "2022-12-12T01:28:53.673294+01:00"
+ version: 17.3.18
+digest: sha256:f381af6391f3102a77eb1c03c37f22bda229ff17daa5644f4a5dd2a9a9902305
+generated: "2024-02-14T12:14:13.356461414+01:00"
diff --git a/charts/thumbor/Chart.yaml b/charts/thumbor/Chart.yaml
index 2b0036d..5eddaaf 100644
--- a/charts/thumbor/Chart.yaml
+++ b/charts/thumbor/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: thumbor
description: Thumbor(https://github.com/thumbor/thumbor) Helm chart.
type: application
-version: 0.1.0
+version: 1.0.4
appVersion: "7.1.1"
home: http://www.thumbor.org/
sources:
@@ -18,4 +18,4 @@ dependencies:
- name: redis
version: 17.3.x
repository: https://charts.bitnami.com/bitnami
- condition: thumbor_config.queued_detector.enable_redis
+ condition: remotecv.installRedis
diff --git a/charts/thumbor/README.md b/charts/thumbor/README.md
index 6f74ff8..d20fa49 100644
--- a/charts/thumbor/README.md
+++ b/charts/thumbor/README.md
@@ -1,6 +1,6 @@
# thumbor
-  
+  
Thumbor(https://github.com/thumbor/thumbor) Helm chart.
@@ -46,7 +46,7 @@ helm install thumbor thumbor/thumbor
{}
- |
+ define affinities for the thumbor pod |
| autoscaling.enabled |
@@ -55,7 +55,7 @@ helm install thumbor thumbor/thumbor
false
- |
+ enable autoscaling via the HorizontalPodAutoscaler for the thumbor deployment Your Cluster needs to support this! |
| autoscaling.maxReplicas |
@@ -84,6 +84,15 @@ false
|
+
+ | env |
+ object |
+
+{}
+
+ |
+ environment variables for the thumbor pod |
+
| fullnameOverride |
string |
@@ -100,7 +109,7 @@ false
"IfNotPresent"
- |
+ override pullPolicy for thumbor image |
| image.repository |
@@ -109,7 +118,7 @@ false
"ghcr.io/thumbor/thumbor"
- |
+ Overrides the image |
| image.tag |
@@ -118,7 +127,7 @@ false
"7-py-3.10"
- |
+ Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets |
@@ -127,7 +136,7 @@ false
[]
- |
+ if the used image is not public |
| ingress.annotations |
@@ -136,7 +145,7 @@ false
{}
- |
+ ingress annotations |
| ingress.className |
@@ -145,7 +154,7 @@ false
""
- |
+ specify ingress class or leave blank for the default ingress class |
| ingress.enabled |
@@ -154,7 +163,7 @@ false
false
- |
+ enable ingress |
| ingress.hosts[0].host |
@@ -181,7 +190,7 @@ false
"ImplementationSpecific"
- |
+ if errors occure use Prefix |
| ingress.tls |
@@ -208,7 +217,7 @@ false
{}
- |
+ deploy thumbor to a specific node |
| podAnnotations |
@@ -217,7 +226,7 @@ false
{}
- |
+ optional pod Annotations |
| podSecurityContext |
@@ -226,7 +235,7 @@ false
{}
- |
+ optional podSecurityContext settings |
| redis.image.registry |
@@ -255,6 +264,15 @@ false
|
+
+ | redis.replica.replicaCount |
+ int |
+
+0
+
+ |
+ increase this option if you need replicas |
+
| remotecv.affinity |
object |
@@ -262,7 +280,7 @@ false
{}
- |
+ define affinities for the thumbor remotecv pod |
| remotecv.autoscaling.enabled |
@@ -271,7 +289,7 @@ false
false
- |
+ enable autoscaling via the HorizontalPodAutoscaler for the remotecv deployment Your Cluster needs to support this! |
| remotecv.autoscaling.maxReplicas |
@@ -297,6 +315,69 @@ false
80
+ |
+ |
+
+
+ | remotecv.enabled |
+ bool |
+
+true
+
+ |
+ |
+
+
+ | remotecv.env.HTTP_SERVER_PORT |
+ string |
+
+"8080"
+
+ |
+ |
+
+
+ | remotecv.env.REDIS_HOST |
+ string |
+
+"thumbor-redis-master"
+
+ |
+ |
+
+
+ | remotecv.env.REDIS_PASSWORD.valueFrom.secretKeyRef.key |
+ string |
+
+"redis-password"
+
+ |
+ |
+
+
+ | remotecv.env.REDIS_PASSWORD.valueFrom.secretKeyRef.name |
+ string |
+
+"thumbor-redis"
+
+ |
+ |
+
+
+ | remotecv.env.REDIS_PORT |
+ string |
+
+"6379"
+
+ |
+ |
+
+
+ | remotecv.env.WITH_HEALTHCHECK |
+ string |
+
+"1"
+
|
|
@@ -316,7 +397,7 @@ false
"ghcr.io/thumbor/remotecv"
- |
+ Overrides the remotecv image |
| remotecv.image.tag |
@@ -325,7 +406,16 @@ false
"3-py-3.11"
- |
+ Overrides the image tag whose default is the chart appVersion. |
+
+
+ | remotecv.installRedis |
+ bool |
+
+true
+
+ |
+ set this to false if you want to use an already existing redis server |
| remotecv.nodeSelector |
@@ -334,7 +424,7 @@ false
{}
- |
+ deploy thumbor remotecv to a specific node |
| remotecv.podAnnotations |
@@ -343,7 +433,7 @@ false
{}
- |
+ add podAnnotations tho the thumbor remotecv pod |
| remotecv.replicaCount |
@@ -352,7 +442,7 @@ false
1
- |
+ how many remotecv pod do you want |
| remotecv.resources |
@@ -370,7 +460,7 @@ false
[]
- |
+ define tolerations for the thumbor remotecv pod |
| replicaCount |
@@ -379,7 +469,7 @@ false
1
- |
+ how many thumbor pods should be deployed |
| resources |
@@ -397,7 +487,7 @@ false
{}
- |
+ securityContext for the thumbor container |
| service.port |
@@ -406,7 +496,7 @@ false
80
- |
+ Thumbor service port thumbor uses container Port 80 |
| service.type |
@@ -415,7 +505,7 @@ false
"ClusterIP"
- |
+ Thumbor service type |
| serviceAccount.annotations |
@@ -424,16 +514,16 @@ false
{}
- |
+ Annotations to add to the service account |
| serviceAccount.create |
bool |
-true
+false
|
- |
+ Specifies whether a service account should be created |
| serviceAccount.name |
@@ -442,43 +532,25 @@ true
""
- |
+ The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
- | thumbor_config.content |
+ thumbor_config |
string |
"AUTO_WEBP = True\n"
|
- |
+ configuration file for thumbor |
- | thumbor_config.queued_detector.enable_redis |
- bool |
-
-true
-
- |
- |
-
-
- | thumbor_config.queued_detector.enabled |
- bool |
-
-true
-
- |
- |
-
-
- | thumbor_config_existing_secret |
+ thumbor_existing_secret |
string |
""
|
- |
+ if you have already an secret with the thumbor key |
| thumbor_key.manage |
@@ -496,10 +568,10 @@ true
[]
- |
+ define tolerations for the thumbor pod |
----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/charts/thumbor/templates/_helpers.tpl b/charts/thumbor/templates/_helpers.tpl
index 88c7f94..92e422e 100644
--- a/charts/thumbor/templates/_helpers.tpl
+++ b/charts/thumbor/templates/_helpers.tpl
@@ -54,9 +54,34 @@
Create the name of the service account to use
*/}}
{{- define "thumbor.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "common.names.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
+ {{- if .Values.serviceAccount.create -}}
+ {{- default (include "common.names.fullname" .) .Values.serviceAccount.name -}}
+ {{- else -}}
+ {{- default "default" .Values.serviceAccount.name -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Convert Key:Value to correct env var format
+*/}}
+{{- define "thumbor.envVars" -}}
+ # create a empty resulsts list
+ {{- $result := list -}}
+ # loop over .Values.env with $key and $value
+ {{- range $key, $value := . -}}
+ # If value is a map it probably will be valueFrom
+ {{- if kindIs "map" $value -}}
+ # make sure it is realy a valueFrom a secret
+ {{- if hasKey $value "valueFrom" -}}
+ # append results list with the corret valueFrom format
+ {{- $result = append $result (dict "name" $key "valueFrom" $value.valueFrom) -}}
+ {{- end -}}
+ {{- else -}}
+ # if it is not a map, convert the value to string and append the results
+ # with the expected env var dict
+ {{- $result = append $result (dict "name" $key "value" ($value | toString)) -}}
+ {{- end -}}
+ {{- end -}}
+ # return result array as yaml dict under the key 'env'
+ {{- toYaml (dict "env" $result) | nindent 0 -}}
+{{- end -}}
diff --git a/charts/thumbor/templates/configmap.yaml b/charts/thumbor/templates/configmap.yaml
new file mode 100644
index 0000000..cb800db
--- /dev/null
+++ b/charts/thumbor/templates/configmap.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.thumbor_config }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ thumbor.conf: |-
+ {{- include "common.tplvalues.render" (dict "value" .Values.thumbor_config "context" $) | nindent 4 }}
+{{- end }}
diff --git a/charts/thumbor/templates/remotecv-deployment.yaml b/charts/thumbor/templates/remotecv-deployment.yaml
index 394d665..e922fb2 100644
--- a/charts/thumbor/templates/remotecv-deployment.yaml
+++ b/charts/thumbor/templates/remotecv-deployment.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.thumbor_config.queued_detector.enabled }}
+{{- if .Values.remotecv.enabled }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
@@ -35,17 +35,47 @@ spec:
serviceAccountName: {{ include "thumbor.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
+ {{- with .Values.remotecv.env }}
+ initContainers:
+ - name: wait-for-redis
+ image: busybox
+ command:
+ - /bin/sh
+ - -c
+ - >
+ COUNT=0;
+ while [ $(echo -e "AUTH $REDIS_PASSWORD\r\nPING\r\n" | nc $REDIS_HOST $REDIS_PORT | grep -c "PONG") -ne 1 ]; do
+ if [[ $COUNT -ge 10 ]]; then
+ echo "Waited to long restarting POD";
+ exit 1;
+ fi
+
+ echo "Waiting for Redis...";
+ sleep 1;
+ COUNT=$((COUNT+1))
+ done
+ env:
+ {{- get (fromYaml (include "thumbor.envVars" .)) "env" | toYaml | nindent 12 -}}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.remotecv.image.repository }}:{{ .Values.remotecv.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.remotecv.image.pullPolicy }}
+ # workaround, because normal env are not correctly read
+ # @see https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#use-environment-variables-to-define-arguments
args:
- - --host=thumbor-redis-master
- - --port=6379
- - --with-healthcheck
- - --server-port=8080
+ - "--host=$(REDIS_HOST)"
+ - "--port=$(REDIS_PORT)"
+ - "--with-healthcheck"
+ - "--server-port=$(HTTP_SERVER_PORT)"
+ - "--password=$(REDIS_PASSWORD)"
+ - "-l=warning"
+ {{- with .Values.remotecv.env }}
+ env:
+ {{- get (fromYaml (include "thumbor.envVars" .)) "env" | toYaml | nindent 12 -}}
+ {{- end }}
ports:
- name: http
containerPort: 8080
diff --git a/charts/thumbor/templates/secret.yaml b/charts/thumbor/templates/secret.yaml
index c7a9bcb..7bd2ba2 100644
--- a/charts/thumbor/templates/secret.yaml
+++ b/charts/thumbor/templates/secret.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.thumbor_config .Values.thumbor_key.manage }}
+{{- if .Values.thumbor_key.manage }}
apiVersion: v1
kind: Secret
metadata:
@@ -9,11 +9,5 @@ metadata:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
data:
- {{- if .Values.thumbor_config }}
- thumbor.conf: |-
- {{- include "common.tplvalues.render" (dict "value" .Values.thumbor_config.content "context" $) | b64enc | nindent 4 }}
- {{- end }}
- {{- if .Values.thumbor_key.manage }}
thumbor.key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "thumbor.key" "providedValues" (list "thumbor_key.content" ) "context" $) }}
- {{- end }}
{{- end }}
diff --git a/charts/thumbor/templates/thumbor-deployment.yaml b/charts/thumbor/templates/thumbor-deployment.yaml
index e77ebce..fdb0bfe 100644
--- a/charts/thumbor/templates/thumbor-deployment.yaml
+++ b/charts/thumbor/templates/thumbor-deployment.yaml
@@ -30,7 +30,7 @@ spec:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
{{- end }}
spec:
- {{- include "common.images.renderPullSecrets" (dict "value" .Values.image "context" $) | nindent 6 }}
+ {{- include "common.images.renderPullSecrets" (dict "value" .Values.image "context" $) | nindent 6 -}}
serviceAccountName: {{ include "thumbor.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -42,10 +42,16 @@ spec:
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- --conf=/conf/thumbor/thumbor.conf
+ {{- if .Values.thumbor_key.manage }}
- --keyfile=/conf/thumbor/thumbor.key
+ {{- end }}
- --use-environment=true
- -d
- - -l=debug
+ - -l=warning
+ {{- with .Values.env }}
+ env:
+ {{- get (fromYaml (include "thumbor.envVars" .)) "env" | toYaml | nindent 12 -}}
+ {{- end }}
ports:
- name: http
containerPort: 8888
@@ -61,8 +67,16 @@ spec:
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
+ {{- if .Values.thumbor_config }}
- name: thumbor-config
- mountPath: /conf/thumbor
+ mountPath: /conf/thumbor/thumbor.conf
+ subPath: thumbor.conf
+ {{- end }}
+ {{- if .Values.thumbor_key.manage }}
+ - name: thumbor-key
+ mountPath: /conf/thumbor/thumbor.key
+ subPath: thumbor.key
+ {{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@@ -75,7 +89,16 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{ if or .Values.thumbor_config .Values.thumbor_key.manage -}}
volumes:
+ {{- if .Values.thumbor_config }}
- name: thumbor-config
+ configMap:
+ name: {{ include "common.names.fullname" . }}
+ {{- end }}
+ {{- if .Values.thumbor_key.manage }}
+ - name: thumbor-key
secret:
- secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.thumbor_config_existing_secret "defaultNameSuffix" "" "context" $) }}
+ secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.thumbor_existing_secret "defaultNameSuffix" "" "context" $) }}
+ {{- end }}
+ {{- end -}}
diff --git a/charts/thumbor/values.yaml b/charts/thumbor/values.yaml
index 4ae8690..a9512a3 100644
--- a/charts/thumbor/values.yaml
+++ b/charts/thumbor/values.yaml
@@ -1,33 +1,46 @@
+# -- how many thumbor pods should be deployed
replicaCount: 1
image:
- # Overrides the image
+ # -- Overrides the image
repository: ghcr.io/thumbor/thumbor
+ # -- override pullPolicy for thumbor image
pullPolicy: IfNotPresent
- # Overrides the image tag whose default is the chart appVersion.
+ # -- Overrides the image tag whose default is the chart appVersion.
tag: "7-py-3.10"
+# -- if the used image is not public
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
- # Specifies whether a service account should be created
- create: true
- # Annotations to add to the service account
+ # -- Specifies whether a service account should be created
+ create: false
+ # -- Annotations to add to the service account
annotations: {}
- # The name of the service account to use.
+ # -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
+# -- optional pod Annotations
podAnnotations: {}
-podSecurityContext:
- {}
+# -- optional podSecurityContext settings
+podSecurityContext: {}
# fsGroup: 2000
-securityContext:
- {}
+# -- environment variables for the thumbor pod
+env: {}
+ # SOME_KEY: SOME_VALUE
+ # SOME_PASSWORD:
+ # valueFrom:
+ # secretKeyRef:
+ # name: mysecret
+ # key: password
+
+# -- securityContext for the thumbor container
+securityContext: {}
# capabilities:
# drop:
# - ALL
@@ -35,29 +48,34 @@ securityContext:
# runAsNonRoot: true
# runAsUser: 1000
+# Thumbor service
service:
+ # -- Thumbor service type
type: ClusterIP
+ # -- Thumbor service port thumbor uses container Port 80
port: 80
ingress:
+ # -- enable ingress
enabled: false
+ # -- specify ingress class or leave blank for the default ingress class
className: ""
- annotations:
- {}
+ # -- ingress annotations
+ annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
+ # -- if errors occure use Prefix
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
-resources:
- {}
+resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
@@ -66,27 +84,29 @@ resources:
# memory: 128Mi
autoscaling:
+ # -- enable autoscaling via the HorizontalPodAutoscaler for the thumbor deployment
+ # Your Cluster needs to support this!
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
+# -- deploy thumbor to a specific node
nodeSelector: {}
+# -- define tolerations for the thumbor pod
tolerations: []
+# -- define affinities for the thumbor pod
affinity: {}
-thumbor_config:
- queued_detector:
- enabled: true
- enable_redis: true
-
- content: |
+# -- configuration file for thumbor
+thumbor_config: |
AUTO_WEBP = True
-thumbor_config_existing_secret: ""
+# -- if you have already an secret with the thumbor key
+thumbor_existing_secret: ""
thumbor_key:
manage: true
@@ -96,32 +116,64 @@ redis:
registry: docker.io
repository: redis
tag: "7.0"
+ replica:
+ # -- increase this option if you need replicas
+ replicaCount: 0
remotecv:
+ enabled: true
+
+ # -- set this to false if you want to use an already existing redis server
+ installRedis: true
+
+ # -- how many remotecv pod do you want
replicaCount: 1
+ # -- add podAnnotations tho the thumbor remotecv pod
podAnnotations: {}
+ env:
+ HTTP_SERVER_PORT: "8080"
+ WITH_HEALTHCHECK: "1"
+ # this value needs to be adjusted,
+ # if the release is not called thumbor
+ REDIS_HOST: "thumbor-redis-master"
+ REDIS_PORT: "6379"
+ REDIS_PASSWORD:
+ valueFrom:
+ secretKeyRef:
+ # this value also needs to be adjusted
+ # if the release name changes
+ name: thumbor-redis
+ key: redis-password
+
autoscaling:
+ # -- enable autoscaling via the HorizontalPodAutoscaler for the remotecv deployment
+ # Your Cluster needs to support this!
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
+
image:
- # Overrides the image
+ # -- Overrides the remotecv image
repository: ghcr.io/thumbor/remotecv
pullPolicy: IfNotPresent
- # Overrides the image tag whose default is the chart appVersion.
+ # -- Overrides the image tag whose default is the chart appVersion.
tag: "3-py-3.11"
- resources:
- {}
+ resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
+ # -- deploy thumbor remotecv to a specific node
nodeSelector: {}
- affinity: {}
+
+ # -- define tolerations for the thumbor remotecv pod
tolerations: []
+
+ # -- define affinities for the thumbor remotecv pod
+ affinity: {}