browsertrix/chart/app-templates/profilebrowser.yaml

---
apiVersion: v1
kind: Pod
metadata:
  name: browser-{{ id }}
  namespace: {{ namespace }}
  labels:
    browser: {{ id }}
    role: browser

spec:
  hostname: browser-{{ id }}
  subdomain: browser

  securityContext:
    runAsNonRoot: true
    runAsUser: {{ crawler_uid}}
    runAsGroup: {{ crawler_gid}}
    fsGroup: {{ crawler_fsgroup }}
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true

  volumes:
    - name: crawler-workdir
      emptyDir:
        sizeLimit: {{ profile_browser_workdir_size }}

  {% if priorityClassName %}
  priorityClassName: {{ priorityClassName }}
  {% endif %}

  restartPolicy: OnFailure

{% if crawler_node_type %}
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          - matchExpressions:
            - key: nodeType
              operator: In
              values:
                - "{{ crawler_node_type }}"
{% endif %}

  tolerations:
    - key: nodeType
      operator: Equal
      value: crawling
      effect: NoSchedule
    - key: node.kubernetes.io/not-ready
      operator: Exists
      tolerationSeconds: 300
      effect: NoExecute
    - key: node.kubernetes.io/unreachable
      operator: Exists
      effect: NoExecute
      tolerationSeconds: 300

  containers:
    - name: browser
      image: {{ crawler_image }}
      imagePullPolicy: {{ crawler_image_pull_policy }}
      command:
        - create-login-profile
        - --interactive
        - --filename
        - /tmp/profile.tar.gz
        - --url
        - {{ url }}
      {%- if profile_filename %}
        - --profile
        - "@{{ profile_filename }}"
      {%- endif %}

      volumeMounts:
        - name: crawler-workdir
          mountPath: /tmp

      envFrom:
        - secretRef:
            name: {{ storage_secret }}

      env:
        - name: HOME
          value: /tmp/home

        - name: STORE_PATH
          value: {{ storage_path }}

        - name: VNC_PASS
          value: {{ vnc_password }}

      {% if crawler_socks_proxy_host %}
        - name: CHROME_FLAGS
          value: "--proxy-server=socks5://{{ crawler_socks_proxy_host }}:{{ crawler_socks_proxy_port | default('9050') }}"
      {% endif %}

      resources:
        limits:
          memory: "{{ profile_memory }}"

        requests:
          cpu: "{{ profile_cpu }}"
          memory: "{{ profile_memory }}"