Merge pull request #196 from imgproxy/v1

V1

Author: dragonsmith

CHANGELOG.md

@@ -1,3 +1,12 @@
+## 1.0.0 (to be released)
+
+* default imgproxy version: v3.28.0
+* service account selecton bug fix
+
+### 🚨 Backward incompatible changes 🚨
+
+* Remove all environment-specific values in favor of customizable env variables at `.Values.env.*`
+
 ## 0.9.0 (2023-10-09)
 
 * Support imgproxy v3.20.0

Readme.md

@@ -2,8 +2,8 @@ apiVersion: v1
 description: A fast and secure standalone server for resizing and converting remote images. The main principles of imgproxy are simplicity, speed, and security.
 name: imgproxy
 icon: https://cdn.rawgit.com/imgproxy/imgproxy/master/logo.svg
-version: 0.9.0
-appVersion: 3.20.0
+version: 1.0.0
+appVersion: 3.24.1
 keywords:
   - imgproxy
   - image
@@ -25,7 +25,7 @@ annotations:
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: impgroxy
-      image: darthsim/imgproxy:v3.20.0
+      image: darthsim/imgproxy:v3.23.0
   artifacthub.io/license: MIT-open-group
   artifacthub.io/links: |
     - name: imgproxy-helm chart on Github

imgproxy/Chart.yaml

@@ -37,23 +37,31 @@ Template to generate secrets for a private Docker repository for K8s to use
 Template to decide if the serviceAccount must be built
 */}}
 {{- define "serviceAccount.enabled" }}
-{{- $awsIamRoleDefined := and .Values.features.aws.enabled .Values.features.aws.iamRoleName -}}
-{{- $customAnnotations := .Values.resources.serviceAccount.annotations -}}
-{{- $existingName := .Values.resources.serviceAccount.existingName -}}
-{{- not $existingName | and (or $awsIamRoleDefined $customAnnotations) -}}
+{{- with .Values.resources.serviceAccount -}}
+{{-   $useExistingName := (empty .existingName | not) -}}
+{{-   $useIamRole := (empty .aws.iamRoleName | and (empty .aws.accountId) | not) -}}
+{{-   $useAnnotations := (empty .annotations | not) -}}
+{{-   if (and $useExistingName $useAnnotations) -}}
+{{-     fail "Cannot add annotations to the external service account (check .resources.serviceAccount)" -}}
+{{-   end -}}
+{{-   if (and $useExistingName $useIamRole) -}}
+{{-     fail "Cannot add IAM Role authentication to the external service account (check .resources.serviceAccount)" -}}
+{{-   end -}}
+{{-   (not $useExistingName | and (or $useAnnotations $useIamRole)) }}
+{{- end }}
 {{- end }}
 
 {{/*
 Template to generate service account annotation for AWS IAM Role
 https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
 */}}
 {{- define "aws.iamRoleAnnotation" }}
-{{- with .Values.features.aws -}}
-{{- $id := required "features.aws.accountId" .accountId -}}
-{{- $role := required "features.aws.iamRoleName" .iamRoleName -}}
+{{- with .Values.resources.serviceAccount.aws -}}
+{{- $id := required "resources.serviceAccount.aws.accountId" .accountId -}}
+{{- $role := required "resources.serviceAccount.aws.iamRoleName" .iamRoleName -}}
 {{- $value := printf "arn:aws:iam::%s:role/%s" $id $role -}}
 {{- printf "eks.amazonaws.com/role-arn: %s" (quote $value) }}
-{{- end }}
+{{- end -}}
 {{- end -}}
 
 {{/* Name of the priority class */}}
@@ -106,7 +114,7 @@ https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.ht
 
 {{/* Combine ingress path from server.pathPrefix and ingress.pathSuffix */}}
 {{- define "imgproxy.ingressPath" -}}
-{{- $prefix := ($.Values.features.server.pathPrefix | default "" | trimSuffix "/") -}}
+{{- $prefix := ($.Values.env.IMGPROXY_PATH_PREFIX | default "" | trimSuffix "/") -}}
 {{- $suffix := ($.Values.resources.ingress.pathSuffix | default "" | trimPrefix "/") -}}
 {{- printf "%s/%s" $prefix $suffix -}}
 {{- end -}}

imgproxy/README.md

@@ -70,7 +70,7 @@ spec:
       {{- end }}
       {{- if $.Values.resources.serviceAccount.existingName }}
       serviceAccountName: {{ $.Values.resources.serviceAccount.existingName | quote }}
-      {{- else if (include "serviceAccount.enabled" $) }}
+      {{- else if (include "serviceAccount.enabled" $ | eq "true") }}
       serviceAccountName: "{{ template "imgproxy.fullname" $ }}-service-account"
       {{- end }}
       {{- if .Values.persistence.enabled }}
@@ -117,20 +117,20 @@ spec:
             - containerPort: 8080
               name: http
               protocol: TCP
-            {{- if .Values.features.prometheus.enabled }}
-            - containerPort: 8081
+            {{- with .Values.env.IMGPROXY_PROMETHEUS_BIND }}
+            - containerPort: {{ mustRegexSplit ":" . -1 | mustLast | int }}
               name: metrics
               protocol: TCP
             {{- end }}
           readinessProbe:
             httpGet:
-              path: {{ .Values.features.server.pathPrefix }}/health
+              path: {{ .Values.env.IMGPROXY_PATH_PREFIX }}/health
               port: 8080
               scheme: HTTP
-              {{- if .Values.features.security.secret }}
+              {{- if .Values.env.IMGPROXY_SECRET }}
               httpHeaders:
               - name: Authorization
-                value: Bearer {{ .Values.features.security.secret }}
+                value: Bearer {{ .Values.env.IMGPROXY_SECRET }}
               {{- end }}
             {{- with .Values.resources.deployment.readinessProbe }}
             initialDelaySeconds: {{ .initialDelaySeconds | default 10 }}
@@ -140,13 +140,13 @@ spec:
             {{- end }}
           livenessProbe:
             httpGet:
-              path: {{ .Values.features.server.pathPrefix }}/health
+              path: {{ .Values.env.IMGPROXY_PATH_PREFIX }}/health
               port: 8080
               scheme: HTTP
-              {{- if .Values.features.security.secret }}
+              {{- if .Values.env.IMGPROXY_SECRET }}
               httpHeaders:
                 - name: Authorization
-                  value: Bearer {{ .Values.features.security.secret }}
+                  value: Bearer {{ .Values.env.IMGPROXY_SECRET }}
               {{- end }}
             {{- with .Values.resources.deployment.livenessProbe }}
             initialDelaySeconds: {{ .initialDelaySeconds | default 50 }}