Cannot connect to Chrome headless

[BloodyIron]

Is there an existing issue for this?

• [X] Yes, I have searched the existing issues and none of them match my problem.

Product Variant

Self-Hosted

Current Behavior

When I get to a page where Reactive Resume tries to render with Chrome, it shows the loading animations, but never displays anything. I get the below log outputs

Reactive Resume container output:

[Nest] 131 - 02/18/2024, 2:26:34 PM LOG [StorageService] Successfully connected to the storage service.
[Nest] 131 - 02/18/2024, 2:26:34 PM LOG [NestApplication] Nest application successfully started +29ms
[Nest] 131 - 02/18/2024, 2:26:34 PM LOG [Bootstrap] 🚀 Server is up and running on port 80
[Nest] 131 - 02/18/2024, 2:26:43 PM LOG [PrinterService] Retrying to generate preview of resume #clspi8t50000155nu0e4n2dnx, attempt #1
[Nest] 131 - 02/18/2024, 2:26:46 PM LOG [PrinterService] Retrying to generate preview of resume #clspi8t50000155nu0e4n2dnx, attempt #2
[Nest] 131 - 02/18/2024, 2:26:51 PM LOG [PrinterService] Retrying to generate preview of resume #clspi8t50000155nu0e4n2dnx, attempt #3
[Nest] 131 - 02/18/2024, 2:26:58 PM ERROR Error: net::ERR_CONNECTION_REFUSED at https://REDACTED.com/artboard/preview

Chrome container output:

2024-02-18T14:26:18.207Z browserless:server Using configuration:
2024-02-18T14:26:18.222Z browserless:server {
CONNECTION_TIMEOUT: 300000,
MAX_CONCURRENT_SESSIONS: 10,
QUEUE_LENGTH: 10,
SINGLE_RUN: false,
CHROME_REFRESH_TIME: 1800000,
KEEP_ALIVE: false,
DEFAULT_BLOCK_ADS: false,
DEFAULT_HEADLESS: 'new',
DEFAULT_LAUNCH_ARGS: [],
DEFAULT_IGNORE_DEFAULT_ARGS: false,
DEFAULT_IGNORE_HTTPS_ERRORS: false,
DEFAULT_DUMPIO: false,
DEFAULT_STEALTH: false,
DEFAULT_USER_DATA_DIR: undefined,
PREBOOT_CHROME: false,
PREBOOT_QUANTITY: 0,
PRINT_GET_STARTED_LINKS: true,
PRINT_NETWORK_INFO: true,
DEBUG: 'browserless*',
DISABLED_FEATURES: [],
ENABLE_CORS: false,
ENABLE_API_GET: false,
TOKEN: 'TOKEN-REDACTED-LOLOL',
ENABLE_HEAP_DUMP: false,
ALLOW_FILE_PROTOCOL: false,
DISABLE_AUTO_SET_DOWNLOAD_BEHAVIOR: false,
FUNCTION_BUILT_INS: [ 'url' ],
FUNCTION_ENV_VARS: [],
FUNCTION_ENABLE_INCOGNITO_MODE: false,
FUNCTION_EXTERNALS: [ 'lighthouse', 'node-pdftk', 'sharp' ],
WORKSPACE_DIR: '/usr/src/app/workspace',
WORKSPACE_DELETE_EXPIRED: false,
WORKSPACE_EXPIRE_DAYS: 30,
FAILED_HEALTH_URL: null,
QUEUE_ALERT_URL: null,
REJECT_ALERT_URL: null,
TIMEOUT_ALERT_URL: null,
ERROR_ALERT_URL: null,
SESSION_CHECK_FAIL_URL: null,
PRE_REQUEST_HEALTH_CHECK: false,
EXIT_ON_HEALTH_FAILURE: false,
MAX_CPU_PERCENT: 99,
MAX_MEMORY_PERCENT: 99,
METRICS_JSON_PATH: null,
HOST: '0.0.0.0',
PORT: 3000,
SOCKET_CLOSE_METHOD: 'http',
PROXY_URL: undefined,
MAX_PAYLOAD_SIZE: '5mb'
}
2024-02-18T14:26:18.227Z browserless:server
Running on port 3000
Localhost ws:localhost:3000
Local network ws:IP.LO.LO.L:3000
2024-02-18T14:26:18.228Z browserless:server
Get started at https://www.browserless.io/docs/start
Get a license at https://www.browserless.io/sign-up?type=commercial
Get support at https://www.browserless.io/contact
Happy coding!
2024-02-18T14:26:38.965Z browserless:job DG7U67GMEIZMRK9JMS41GIIGWY2E7VJ7: /?token=TOKEN-REDACTED-LOLOL: Inbound WebSocket request.
2024-02-18T14:26:39.015Z browserless:hardware Checking overload status: CPU 7% Memory 45%
2024-02-18T14:26:39.024Z browserless:job DG7U67GMEIZMRK9JMS41GIIGWY2E7VJ7: Adding new job to queue.
2024-02-18T14:26:39.026Z browserless:server Starting new job
2024-02-18T14:26:39.027Z browserless:system Generating fresh chrome browser
2024-02-18T14:26:39.032Z browserless:job DG7U67GMEIZMRK9JMS41GIIGWY2E7VJ7: Getting browser.
2024-02-18T14:26:39.038Z browserless:chrome-helper Launching Chrome with args: {
"args": [
"--no-sandbox",
"--enable-logging",
"--v1=1",
"--disable-dev-shm-usage",
"--no-first-run",
"--remote-debugging-port=37697",
"--user-data-dir=/tmp/browserless-data-dir-7U8sqF"
],
"blockAds": false,
"dumpio": false,
"headless": "new",
"stealth": false,
"ignoreDefaultArgs": false,
"ignoreHTTPSErrors": false,
"pauseOnConnect": false,
"playwright": false,
"userDataDir": "/tmp/browserless-data-dir-7U8sqF",
"meta": {
"protocol": null,
"slashes": null,
"auth": null,
"host": null,
"port": null,
"hostname": null,
"hash": null,
"search": "?token=TOKEN-REDACTED-LOLOL",
"query": {
"token": "TOKEN-REDACTED-LOLOL"
},
"pathname": "/",
"path": "/?token=TOKEN-REDACTED-LOLOL",
"href": "/?token=TOKEN-REDACTED-LOLOL"
},
"executablePath": "/usr/bin/google-chrome",
"handleSIGINT": false,
"handleSIGTERM": false,
"handleSIGHUP": false
}
2024-02-18T14:26:43.434Z browserless:chrome-helper Chrome PID: 25
2024-02-18T14:26:43.441Z browserless:chrome-helper Finding prior pages
2024-02-18T14:26:43.503Z browserless:chrome-helper Found 1 pages
2024-02-18T14:26:43.505Z browserless:chrome-helper Setting up page Unknown
2024-02-18T14:26:43.505Z browserless:chrome-helper Injecting download dir "/usr/src/app/workspace"
2024-02-18T14:26:43.506Z browserless:system Chrome launched 4477ms
2024-02-18T14:26:43.506Z browserless:system Got chrome instance
2024-02-18T14:26:43.507Z browserless:job DG7U67GMEIZMRK9JMS41GIIGWY2E7VJ7: Starting session.
2024-02-18T14:26:43.507Z browserless:job DG7U67GMEIZMRK9JMS41GIIGWY2E7VJ7: Proxying request to /devtools/browser route: ws://127.0.0.1:37697/devtools/browser/81a3ea37-70ff-455f-94e0-7ef26e7f59da.
2024-02-18T14:26:43.521Z browserless:chrome-helper Setting up file:// protocol request rejection
2024-02-18T14:26:43.705Z browserless:chrome-helper Setting up page Unknown
2024-02-18T14:26:43.705Z browserless:chrome-helper Injecting download dir "/usr/src/app/workspace"
2024-02-18T14:26:43.710Z browserless:chrome-helper Setting up file:// protocol request rejection
2024-02-18T14:26:45.549Z browserless:job 59KAZCELQBKQVGEG6MJ82LB6LZPG3MOC: /?token=TOKEN-REDACTED-LOLOL: Inbound WebSocket request.
2024-02-18T14:26:45.559Z browserless:hardware Checking overload status: CPU 16% Memory 45%
2024-02-18T14:26:45.559Z browserless:job 59KAZCELQBKQVGEG6MJ82LB6LZPG3MOC: Adding new job to queue.
2024-02-18T14:26:45.559Z browserless:server Starting new job
2024-02-18T14:26:45.559Z browserless:system Generating fresh chrome browser
2024-02-18T14:26:45.560Z browserless:job 59KAZCELQBKQVGEG6MJ82LB6LZPG3MOC: Getting browser.
2024-02-18T14:26:45.560Z browserless:chrome-helper Launching Chrome with args: {
"args": [
"--no-sandbox",
"--enable-logging",
"--v1=1",
"--disable-dev-shm-usage",
"--no-first-run",
"--remote-debugging-port=39951",
"--user-data-dir=/tmp/browserless-data-dir-HkT4d2"
],
"blockAds": false,
"dumpio": false,
"headless": "new",
"stealth": false,
"ignoreDefaultArgs": false,
"ignoreHTTPSErrors": false,
"pauseOnConnect": false,
"playwright": false,
"userDataDir": "/tmp/browserless-data-dir-HkT4d2",
"meta": {
"protocol": null,
"slashes": null,
"auth": null,
"host": null,
"port": null,
"hostname": null,
"hash": null,
"search": "?token=TOKEN-REDACTED-LOLOL",
"query": {
"token": "TOKEN-REDACTED-LOLOL"
},
"pathname": "/",
"path": "/?token=TOKEN-REDACTED-LOLOL",
"href": "/?token=TOKEN-REDACTED-LOLOL"
},
"executablePath": "/usr/bin/google-chrome",
"handleSIGINT": false,
"handleSIGTERM": false,
"handleSIGHUP": false
}
2024-02-18T14:26:46.045Z browserless:chrome-helper Chrome PID: 132
2024-02-18T14:26:46.046Z browserless:chrome-helper Finding prior pages
2024-02-18T14:26:46.067Z browserless:chrome-helper Found 1 pages
2024-02-18T14:26:46.067Z browserless:chrome-helper Setting up page Unknown
2024-02-18T14:26:46.067Z browserless:chrome-helper Injecting download dir "/usr/src/app/workspace"
2024-02-18T14:26:46.068Z browserless:system Chrome launched 509ms
2024-02-18T14:26:46.068Z browserless:system Got chrome instance
2024-02-18T14:26:46.068Z browserless:job 59KAZCELQBKQVGEG6MJ82LB6LZPG3MOC: Starting session.
2024-02-18T14:26:46.068Z browserless:job 59KAZCELQBKQVGEG6MJ82LB6LZPG3MOC: Proxying request to /devtools/browser route: ws://127.0.0.1:39951/devtools/browser/a555f667-c5ee-4abd-9e64-009b3f63c6c9.
2024-02-18T14:26:46.071Z browserless:chrome-helper Setting up file:// protocol request rejection
2024-02-18T14:26:46.173Z browserless:chrome-helper Setting up page Unknown
2024-02-18T14:26:46.173Z browserless:chrome-helper Injecting download dir "/usr/src/app/workspace"
2024-02-18T14:26:46.174Z browserless:chrome-helper Setting up file:// protocol request rejection
2024-02-18T14:26:49.719Z browserless:job BGN45URB509C3T65EPQ9VEH6DZJZTWOH: /?token=TOKEN-REDACTED-LOLOL: Inbound WebSocket request.
2024-02-18T14:26:49.743Z browserless:hardware Checking overload status: CPU 12% Memory 46%
2024-02-18T14:26:49.744Z browserless:job BGN45URB509C3T65EPQ9VEH6DZJZTWOH: Adding new job to queue.
2024-02-18T14:26:49.745Z browserless:server Starting new job
2024-02-18T14:26:49.745Z browserless:system Generating fresh chrome browser
2024-02-18T14:26:49.746Z browserless:job BGN45URB509C3T65EPQ9VEH6DZJZTWOH: Getting browser.
2024-02-18T14:26:49.748Z browserless:chrome-helper Launching Chrome with args: {
"args": [
"--no-sandbox",
"--enable-logging",
"--v1=1",
"--disable-dev-shm-usage",
"--no-first-run",
"--remote-debugging-port=44615",
"--user-data-dir=/tmp/browserless-data-dir-HaS7XF"
],
"blockAds": false,
"dumpio": false,
"headless": "new",
"stealth": false,
"ignoreDefaultArgs": false,
"ignoreHTTPSErrors": false,
"pauseOnConnect": false,
"playwright": false,
"userDataDir": "/tmp/browserless-data-dir-HaS7XF",
"meta": {
"protocol": null,
"slashes": null,
"auth": null,
"host": null,
"port": null,
"hostname": null,
"hash": null,
"search": "?token=TOKEN-REDACTED-LOLOL",
"query": {
"token": "TOKEN-REDACTED-LOLOL"
},
"pathname": "/",
"path": "/?token=TOKEN-REDACTED-LOLOL",
"href": "/?token=TOKEN-REDACTED-LOLOL"
},
"executablePath": "/usr/bin/google-chrome",
"handleSIGINT": false,
"handleSIGTERM": false,
"handleSIGHUP": false
}
2024-02-18T14:26:50.826Z browserless:chrome-helper Chrome PID: 242
2024-02-18T14:26:50.827Z browserless:chrome-helper Finding prior pages
2024-02-18T14:26:50.852Z browserless:chrome-helper Found 1 pages
2024-02-18T14:26:50.853Z browserless:chrome-helper Setting up page Unknown
2024-02-18T14:26:50.853Z browserless:chrome-helper Injecting download dir "/usr/src/app/workspace"
2024-02-18T14:26:50.854Z browserless:system Chrome launched 1109ms
2024-02-18T14:26:50.854Z browserless:system Got chrome instance
2024-02-18T14:26:50.854Z browserless:job BGN45URB509C3T65EPQ9VEH6DZJZTWOH: Starting session.
2024-02-18T14:26:50.854Z browserless:job BGN45URB509C3T65EPQ9VEH6DZJZTWOH: Proxying request to /devtools/browser route: ws://127.0.0.1:44615/devtools/browser/0379c9f1-14eb-4f3a-b1fe-7ecd8d357b33.
2024-02-18T14:26:50.860Z browserless:chrome-helper Setting up file:// protocol request rejection
2024-02-18T14:26:50.954Z browserless:chrome-helper Setting up page Unknown
2024-02-18T14:26:50.954Z browserless:chrome-helper Injecting download dir "/usr/src/app/workspace"
2024-02-18T14:26:50.956Z browserless:chrome-helper Setting up file:// protocol request rejection
2024-02-18T14:26:57.745Z browserless:job 3O525XRATXK4EFYVRK1FRJKZEEM5TYZO: /?token=TOKEN-REDACTED-LOLOL: Inbound WebSocket request.
2024-02-18T14:26:57.753Z browserless:hardware Checking overload status: CPU 11% Memory 46%
2024-02-18T14:26:57.754Z browserless:job 3O525XRATXK4EFYVRK1FRJKZEEM5TYZO: Adding new job to queue.
2024-02-18T14:26:57.754Z browserless:server Starting new job
2024-02-18T14:26:57.754Z browserless:system Generating fresh chrome browser
2024-02-18T14:26:57.754Z browserless:job 3O525XRATXK4EFYVRK1FRJKZEEM5TYZO: Getting browser.
2024-02-18T14:26:57.755Z browserless:chrome-helper Launching Chrome with args: {
"args": [
"--no-sandbox",
"--enable-logging",
"--v1=1",
"--disable-dev-shm-usage",
"--no-first-run",
"--remote-debugging-port=42939",
"--user-data-dir=/tmp/browserless-data-dir-JFYcX9"
],
"blockAds": false,
"dumpio": false,
"headless": "new",
"stealth": false,
"ignoreDefaultArgs": false,
"ignoreHTTPSErrors": false,
"pauseOnConnect": false,
"playwright": false,
"userDataDir": "/tmp/browserless-data-dir-JFYcX9",
"meta": {
"protocol": null,
"slashes": null,
"auth": null,
"host": null,
"port": null,
"hostname": null,
"hash": null,
"search": "?token=TOKEN-REDACTED-LOLOL",
"query": {
"token": "TOKEN-REDACTED-LOLOL"
},
"pathname": "/",
"path": "/?token=TOKEN-REDACTED-LOLOL",
"href": "/?token=TOKEN-REDACTED-LOLOL"
},
"executablePath": "/usr/bin/google-chrome",
"handleSIGINT": false,
"handleSIGTERM": false,
"handleSIGHUP": false
}
2024-02-18T14:26:58.280Z browserless:chrome-helper Chrome PID: 350
2024-02-18T14:26:58.281Z browserless:chrome-helper Finding prior pages
2024-02-18T14:26:58.325Z browserless:chrome-helper Found 1 pages
2024-02-18T14:26:58.325Z browserless:chrome-helper Setting up page Unknown
2024-02-18T14:26:58.325Z browserless:chrome-helper Injecting download dir "/usr/src/app/workspace"
2024-02-18T14:26:58.326Z browserless:system Chrome launched 572ms
2024-02-18T14:26:58.326Z browserless:system Got chrome instance
2024-02-18T14:26:58.326Z browserless:job 3O525XRATXK4EFYVRK1FRJKZEEM5TYZO: Starting session.
2024-02-18T14:26:58.327Z browserless:job 3O525XRATXK4EFYVRK1FRJKZEEM5TYZO: Proxying request to /devtools/browser route: ws://127.0.0.1:42939/devtools/browser/0cc90a4d-2601-4731-8e0a-b8a82e1f2b05.
2024-02-18T14:26:58.332Z browserless:chrome-helper Setting up file:// protocol request rejection
2024-02-18T14:26:58.408Z browserless:chrome-helper Setting up page Unknown
2024-02-18T14:26:58.409Z browserless:chrome-helper Injecting download dir "/usr/src/app/workspace"
2024-02-18T14:26:58.410Z browserless:chrome-helper Setting up file:// protocol request rejection

Expected Behavior

To actually get resume previews and file generation

Steps To Reproduce

This is my kubernetes deployment:

kind: Deployment
apiVersion: apps/v1
metadata:
  name: reactive-resume
  namespace: LOL-REDACTED-NAMESPACE
  labels:
    app: reactive-resume
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: reactive-resume
  template:
    metadata:
      labels:
        app: reactive-resume
    spec:
      containers:
      - name: reactive-resume
        image: amruthpillai/reactive-resume:latest
        env:
        - name: PORT
          value: "80"
        - name: NODE_ENV
          value: "production"
        - name: ACCESS_TOKEN_SECRET
          value: "REDACTED-ACCESS-TOKEN-LOL"
        - name: REFRESH_TOKEN_SECRET
          value: "REDACTED-REFRESH-TOKEN-LOL"
        - name: PUBLIC_URL
          value: "https://REDACTED.com"
        - name: STORAGE_URL
          value: "https://REDACTED.com/default/"
        - name: CHROME_TOKEN
          value: "TOKEN-REDACTED-LOLOL" #openssl rand -hex 32
        - name: CHROME_URL
          value: "ws://localhost:3000"
        - name: DATABASE_URL
          value: "postgresql://resumeuser:resumepass@localhost:5432/resume"
        - name: REDIS_URL
          value: "redis://default:redispass@localhost:6379"
        - name: STORAGE_ENDPOINT
          value: "localhost"
        - name: STORAGE_PORT
          value: "9000"
        - name: STORAGE_REGION
          value: "us-east-1"
        - name: STORAGE_BUCKET
          value: "default"
        - name: STORAGE_ACCESS_KEY
          value: "minioadmin"
        - name: STORAGE_SECRET_KEY
          value: "miniopass"
        - name: STORAGE_USE_SSL
          value: "false"
        - name: MAIL_FROM
          value: "no@REDACTED.com"
        - name: SMTP_URL
          value: "smtp://USER:PASSWORD@REDACTED-MTA.com:587"
        - name: DISABLE_EMAIL_AUTH
          value: "false"
        - name: VITE_DISABLE_SIGNUPS
          value: "true"
        imagePullPolicy: Always
        ports:
        - name: http
          containerPort: 80
      - name: reactive-resume-db
        image: postgres:16
        env:
        - name: POSTGRES_DB
          value: "resume"
        - name: POSTGRES_USER
          value: "resumeuser"
        - name: POSTGRES_PASSWORD
          value: "resumepass"
        imagePullPolicy: Always
        volumeMounts:
        - mountPath: /var/lib/postgresql/data
          name: pvc-smb-reactive-resume-db
      - name: reactive-resume-s3
        image: minio/minio:latest
        args:
        - server
        - /data
        env:
        - name: MINIO_ROOT_USER
          value: "minioadmin"
        - name: MINIO_ROOT_PASSWORD
          value: "miniopass"
        ports:
        - name: s3
          containerPort: 9000
        imagePullPolicy: Always
        volumeMounts:
        - mountPath: /data
          name: pvc-smb-reactive-resume-s3
      - name: reactive-resume-redis
        image: redis:7
        env:
        - name: TZ
          value: "REDACTED"
        imagePullPolicy: Always
        volumeMounts:
        - mountPath: /data
          name: pvc-smb-reactive-resume-redis
      - name: reactive-resume-chrome
        #image: browserless/chrome:1.61.0-puppeteer-21.4.1
        image: browserless/chrome:latest
        env:
        - name: TOKEN
          value: "TOKEN-REDACTED-LOLOL" #openssl rand -hex 32
#        - name: PREBOOT_CHROME
#          value: "true"
#        - name: KEEP_ALIVE
#          value: "true"
        - name: CONNECTION_TIMEOUT
          value: "300000"
        - name: EXIT_ON_HEALTH_FAILURE
          value: "false"
        - name: PRE_REQUEST_HEALTH_CHECK
          value: "false"
        imagePullPolicy: Always
#      dnsPolicy: ClusterFirst
      dnsPolicy: "None"
      dnsConfig:
        nameservers:
          - 127.0.0.53
          #- 10.43.0.10 #VERY TEMPORARY!!! 
          #- 10.0.0.1
        searches:
          - svc.cluster.local
          - cluster.local
          - localdomain
        options:
          - name: nodots
            value: "1"
      restartPolicy: Always
      hostAliases:
      - ip: "IP.LO.LO.L"
        hostnames:
        - "REDACTED-MTA.com"
      - ip: "127.0.0.1"
        hostnames:
        - "REDACTED.com"
      volumes:
      - name: pvc-smb-reactive-resume-db
        persistentVolumeClaim:
          claimName: pvc-smb-reactive-resume-db
      - name: pvc-smb-reactive-resume-s3
        persistentVolumeClaim:
          claimName: pvc-smb-reactive-resume-s3
      - name: pvc-smb-reactive-resume-redis
        persistentVolumeClaim:
          claimName: pvc-smb-reactive-resume-redis
---
PV/PVC stuff REDACTED
---
kind: Service
apiVersion: v1
metadata:
  name: reactive-resume-web
  namespace: LOL-REDACTED-NAMESPACE
  labels:
    app: reactive-resume
spec:
  ports:
    - name: http
      port: 80
      targetPort: http
  selector:
    app: reactive-resume
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: reactive-resume
  namespace: LOL-REDACTED-NAMESPACE
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
      - REDACTED.com
    secretName: REDACTED-tls
  rules:
  - host: REDACTED.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: reactive-resume-web
            port:
              number: 80
---
kind: Service
apiVersion: v1
metadata:
  name: reactive-resume-s3
  namespace: LOL-REDACTED-NAMESPACE
  labels:
    app: reactive-resume
spec:
  ports:
    - name: s3
      port: 9000
      targetPort: 9000
  selector:
    app: reactive-resume
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: reactive-resume-s3
  namespace: LOL-REDACTED-NAMESPACE
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
      - REDACTED.com
    secretName: REDACTED-tls
  rules:
  - host: REDACTED.com
    http:
      paths:
      - path: /default/
        pathType: Prefix
        backend:
          service:
            name: reactive-resume-s3
            port:
              number: 9000
---

What browsers are you seeing the problem on?

Chrome

What template are you using?

None

Anything else?

This looks like it might be the first kubernetes deployment example on the internet. Hi future people! Hope this helps! But I'm still stuck right now, hah.

[BloodyIron]

I'm so close to getting this running, really need the last inch help with the headless Chrome, any insights appreciated! Thanks! :D

[JaredLai]

I'm having the same issue using the basic template and just using localhost as the ip

[ArielLahiany]

Have you managed to get this working? I'm facing the same problem.

[lulrai]

Just as a courtesy since this issue helped me, here is my k8s setup that works correctly for the most part. I have external postgres cluster running so I don't have that included here:

Deployment/services:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: rx-resume
  namespace: ...
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: rx-resume
  template:
    metadata:
      labels:
        app: rx-resume
    spec:
      containers:
      - name: rx-resume
        image: amruthpillai/reactive-resume:v4.1.8
        ports:
        - containerPort: 3010
        env:
        - name: PORT
          value: "3010"
        - name: PUBLIC_URL
          value: "https://..."
        - name: CHROME_TOKEN
          value: "..."
        - name: CHROME_URL
          value: "ws://localhost:3000"
        - name: DATABASE_URL
          value: "postgresql://..."
        - name: MAIL_FROM
          value: "example@example.com"
        - name: SMTP_URL
          value: "smtp://...:587"
        - name: DISABLE_SIGNUPS
          value: "false"
        - name: DISABLE_EMAIL_AUTH
          value: "false"
        - name: STORAGE_ENDPOINT
          value: "localhost"
        - name: STORAGE_REGION
          value: "us-east-1"
        - name: STORAGE_BUCKET
          value: "default"
        - name: STORAGE_ACCESS_KEY
          value: "..."
        - name: STORAGE_SECRET_KEY
          value: "..."
        - name: STORAGE_USE_SSL
          value: "false"
        - name: SKIP_BUCKET_CHECK
          value: "false"
        - name: STORAGE_PORT
          value: "9000"
        - name: STORAGE_URL
          value: "https://.../default"
        - name: ACCESS_TOKEN_SECRET
          value: "..."
        - name: REFRESH_TOKEN_SECRET
          value: "..."
        resources:
          limits:
            cpu: 1000m
            memory: 2048Mi
          requests:
            cpu: 1000m
            memory: 2048Mi

      - name: rx-chrome
        image: ghcr.io/browserless/chromium:latest
        ports:
        - containerPort: 3000
        env:
        - name: TIMEOUT
          value: "300000"
        - name: CONCURRENT
          value: "10"
        - name: TOKEN
          value: "..."
        - name: EXIT_ON_HEALTH_FAILURE
          value: "false"
        - name: PRE_REQUEST_HEALTH_CHECK
          value: "false"
        resources:
          limits:
            cpu: 2000m
            memory: 4096Mi
          requests:
            cpu: 2000m
            memory: 4096Mi

      - name: rx-resume-s3
        image: minio/minio:latest
        args:
        - server
        - /data
        env:
        - name: MINIO_ROOT_USER
          value: "..."
        - name: MINIO_ROOT_PASSWORD
          value: "..."
        ports:
        - name: s3
          containerPort: 9000
        imagePullPolicy: Always
        volumeMounts:
        - mountPath: /data
          name: assets-storage
        resources:
          limits:
            cpu: 1000m
            memory: 2048Mi
          requests:
            cpu: 1000m
            memory: 2048Mi

      volumes:
      - name: assets-storage
        persistentVolumeClaim:
          claimName: assets-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: rx-resume
  namespace: tools
spec:
  ports:
  - port: 3010
    targetPort: 3010
  selector:
    app: rx-resume
---
apiVersion: v1
kind: Service
metadata:
  name: rx-resume-s3
  namespace: tools
spec:
  ports:
  - port: 9000
    targetPort: 9000
  selector:
    app: rx-resume
---
apiVersion: v1
kind: Service
metadata:
  name: rx-resume-s3-dashboard
  namespace: tools
spec:
  ports:
  - port: 44253
    targetPort: 44253
  selector:
    app: rx-resume

PVC:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: assets-pvc
  namespace: tools
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: longhorn

Ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rx-resume-ingress
  namespace: tools
  annotations:
    nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
    nginx.ingress.kubernetes.io/auth-tls-secret: tools/cloudflare-tls-secret
    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
    nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
spec:
  ingressClassName: nginx
  rules:
    - host: ...
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: rx-resume
                port:
                  number: 3010
  tls:
    - hosts:
        - ...
      secretName: cloudflare-origin-server
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rx-minio-ingress
  namespace: tools
  annotations:
    nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
    nginx.ingress.kubernetes.io/auth-tls-secret: tools/cloudflare-tls-secret
    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
    nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
spec:
  ingressClassName: nginx
  rules:
    - host: ...
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: rx-resume-s3
                port:
                  number: 9000
  tls:
    - hosts:
        - ...
      secretName: cloudflare-origin-server
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rx-minio-dashboard-ingress
  namespace: tools
  annotations:
    nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
    nginx.ingress.kubernetes.io/auth-tls-secret: tools/cloudflare-tls-secret
    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
    nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
spec:
  ingressClassName: nginx
  rules:
    - host: ...
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: rx-resume-s3-dashboard
                port:
                  number: 44253
  tls:
    - hosts:
        - ...
      secretName: cloudflare-origin-server