--- apiVersion: v1 kind: Pod metadata: name: browser-{{ id }} namespace: {{ namespace }} labels: browser: {{ id }} role: browser network-policy: limit-crawler-egress spec: hostname: browser-{{ id }} subdomain: browser securityContext: runAsNonRoot: true runAsUser: {{ crawler_uid}} runAsGroup: {{ crawler_gid}} fsGroup: {{ crawler_fsgroup }} allowPrivilegeEscalation: false readOnlyRootFilesystem: true volumes: - name: crawler-workdir emptyDir: sizeLimit: {{ profile_browser_workdir_size }} {% if priorityClassName %} priorityClassName: {{ priorityClassName }} {% endif %} restartPolicy: OnFailure {% if crawler_node_type %} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: nodeType operator: In values: - "{{ crawler_node_type }}" {% endif %} tolerations: - key: nodeType operator: Equal value: crawling effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 effect: NoExecute - key: node.kubernetes.io/unreachable operator: Exists effect: NoExecute tolerationSeconds: 300 containers: - name: browser image: {{ crawler_image }} imagePullPolicy: {{ crawler_image_pull_policy }} command: - create-login-profile - --interactive - --filename - /tmp/profile.tar.gz - --url - {{ url }} {%- if profile_filename %} - --profile - "@{{ profile_filename }}" {%- endif %} volumeMounts: - name: crawler-workdir mountPath: /tmp/home envFrom: - secretRef: name: {{ storage_secret }} env: - name: HOME value: /tmp/home - name: STORE_PATH value: {{ storage_path }} - name: VNC_PASS value: {{ vnc_password }} {% if crawler_socks_proxy_host %} - name: CHROME_FLAGS value: "--proxy-server=socks5://{{ crawler_socks_proxy_host }}:{{ crawler_socks_proxy_port | default('9050') }}" {% endif %} resources: limits: memory: "{{ profile_memory }}" requests: cpu: "{{ profile_cpu }}" memory: "{{ profile_memory }}"