Editing website images using Thumbor
Thumbor
Thumbor is a convenient tool you can use to prepare images for websites, e.g., to create thumbnails for video previews. Thumbor supports image caching. This allows you to reduce labor costs for your website support.
In the example below, images are posted to a website and edited using Thumbor. The edit includes resizing and adding a watermark. To upload images faster, a CDN is configured for the website using Yandex Cloud CDN.
To edit images using Thumbor and enable the CDN:
If you no longer need the resources you created, delete them.
Getting started
Prepare the infrastructure
-
-
Service account for resources with the
k8s.clusters.agent
andvpc.publicAdmin
roles for the folder where the Managed Service for Kubernetes cluster is created. This service account will be used to create resources for the Managed Service for Kubernetes cluster. -
Service account for nodes with the container-registry.images.puller role for the folder with the Docker image registry. The nodes will pull Docker images from the registry on behalf of this account.
You can use the same service account for both operations.
-
thumbor-sa
service account for Thumbor.
-
-
Create security groups for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Create a Managed Service for Kubernetes cluster and a node group in any suitable configuration. When creating them, specify the security groups prepared in advance.
-
Create a bucket in Yandex Object Storage.
-
Grant the
thumbor-sa
service account theREAD
permission for the bucket.
-
If you do not have Terraform yet, install it.
-
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
-
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it
. -
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
-
Download the k8s-for-thumbor.tf
configuration file to the same working directory.This file describes:
-
Network.
-
Subnet.
-
Service accounts for different services:
- For Managed Service for Kubernetes cluster and node group.
- For Thumbor.
- To create Object Storage buckets.
-
Managed Service for Kubernetes cluster.
-
Node group.
-
Security groups which contain rules required for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Static access key for bucket creation.
-
Bucket.
-
-
In
k8s-for-thumbor.tf
, specify:- Folder ID.
- Kubernetes version for the Managed Service for Kubernetes cluster and node groups.
-
Make sure the Terraform configuration file is correct using this command:
terraform validate
If the file contains any errors, Terraform will point them out.
-
Create an infrastructure:
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console
. -
Install additional dependencies
-
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name
or--folder-id
parameter. -
Install kubectl
and configure it to work with the created cluster.
Add a certificate to Certificate Manager
Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.
The certificate must be located in the same folder as your CDN resource.
For a Let's Encrypt® certificate, have your rights checked for the domain specified in the certificate.
Install Thumbor
-
Create a static access key for the
thumbor-sa
service account and save it to thesa-key.json
file:yc iam access-key create --service-account-name thumbor-sa \ --format json > sa-key.json
-
Install Thumbor with the following parameters:
- Namespace:
thumbor
. - Application name:
thumbor
. - Bucket name: Bucket to which you uploaded your images.
- Object Storage static access key: Contents of the
sa-key.json
file. - Unsigned URLs: Allowed.
- Namespace:
Prepare images for Thumbor testing
-
Download images:
-
Upload the images to the bucket:
ManuallyTerraform- In the management console
, select the folder to upload an object to. - Select Object Storage.
- Click the bucket name.
- Click Upload.
- In the window that opens, select the required files and click Open.
- Click Upload.
- Refresh the page.
In the management console, information about the number of objects in a bucket and the used space is updated with a few minutes' delay.
You can only upload objects to a bucket after you create it. Therefore, a separate configuration file is used for uploading images.
-
Download the
images-for-thumbor.tf
configuration file to the working directory containing the k8s-for-thumbor.tf file. This file describes Object Storage objects, i.e., downloaded images to be uploaded to the bucket. -
Specify relative or absolute paths to the images in the
images-for-thumbor.tf
file. For example, if your images are stored in the same directory as the configuration files, specify:poster_rodents_bunnysize.jpg
poster_bunny_bunnysize.jpg
cc.xlarge.png
-
Run the
terraform init
command in the directory with the configuration files. This command initializes the provider specified in the configuration files and enables you to use the provider resources and data sources. -
Make sure the Terraform configuration file is correct using this command:
terraform validate
If the file contains any errors, Terraform will point them out.
-
Start image upload to the bucket:
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console
. -
- In the management console
Configure the CDN
-
Activate a CDN provider for your folder:
yc cdn provider activate --type=gcore --folder-id=<folder_ID>
-
Get the CDN provider's domain name:
yc cdn resource get-provider-cname
Result example:
cname: cl-msa87*****.edgecdn.ru folder_id: b1g86q4m5vej********
The domain name is specified in the
cname
parameter. -
Configure a CNAME record for your domain:
-
Go to your domain's DNS settings on the site of your DNS hosting provider.
-
Prepare a CNAME record so that it points to the previously copied address on the
.edgecdn.ru
domain. For example, if the website domain name iscdn.example.com
, create a CNAME record or replace an existing one forcdn
:cdn CNAME cl-msa87*****.edgecdn.ru.
-
-
Get Thumbor's external IP address:
kubectl -n thumbor get svc thumbor \ -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
-
Create an origin group in Cloud CDN:
yc cdn origin-group create \ --name thumbor \ --origin source=<Thumbor_IP_address>,enabled=true
Result example:
id: "123***" folder_id: b1g86q4m5vej******** name: thumbor use_next: true origins: - id: "234****" origin_group_id: "345***" source: cdn.example.com enabled: true
This will get you the origin group ID in the
origin_group_id
parameter. You will need this ID in the next step. -
Create a CDN resource and connect the origin group to it:
yc cdn resource create \ --cname <resource_domain_name> \ --origin-group-id=<origin_group_ID> \ --origin-protocol=https \ --ignore-query-string \ --cert-manager-ssl-cert-id <certificate_ID> \ --forward-host-header
Resource domain name example:
cdn.example.com
Result example:
id: bc855oumelrq******** folder_id: b1g86q4m5vej******** cname: cdn.example.com created_at: "2022-01-15T15:13:42.827643Z" updated_at: "2022-01-15T15:13:42.827671Z" active: true options: edge_cache_settings: enabled: true default_value: "345600" query_params_options: ignore_query_string: enabled: true value: true host_options: forward_host_header: enabled: true value: true stale: enabled: true value: - error - updating origin_group_id: "345***" origin_group_name: thumbor origin_protocol: HTTPS ssl_certificate: type: CM status: CREATING
It takes 15 to 30 minutes to connect a CDN resource.
Check the result
Open your website at the URL:
https://<resource_domain_name>/unsafe/300x400/filters:watermark(cc.xlarge.png,10,-10,80,20)/poster_bunny_bunnysize.jpg
https://<resource_domain_name>/unsafe/600x800/filters:watermark(cc.xlarge.png,10,-10,80,20)/poster_bunny_bunnysize.jpg
https://<resource_domain_name>/unsafe/400x300/filters:watermark(cc.xlarge.png,-10,10,80,15)/poster_rodents_bunnysize.jpg
https://<resource_domain_name>/unsafe/800x600/filters:watermark(cc.xlarge.png,-10,10,80,15)/poster_rodents_bunnysize.jpg
You will see the prepared images of different sizes. Each image carries a Creative Commons
Note
Delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:
Delete:
- CDN resource.
- CDN origin group.
- Node group.
- Managed Service for Kubernetes cluster.
- Public static IP if you reserved one for the cluster.
- Service accounts.
- Buckets and objects in them.
-
In the terminal window, go to the directory containing the infrastructure plan.
-
Delete the
images-for-thumbor.tf
configuration file. To delete a bucket, first delete the objects in it. -
Check if the changes are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
-
Delete the
k8s-for-thumbor.tf
configuration file. -
Make sure the Terraform configuration files are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the resources described in the
k8s-for-thumbor.tf
configuration file will be deleted. -