sync regenerated providers.tf + upstream changes

- Terragrunt-regenerated providers.tf across stacks (vault_root_token variable removed from root generate block) - Upstream monitoring/openclaw/CLAUDE.md changes from rebase
2026-03-22 02:56:04 +02:00 · 2026-03-22 02:56:04 +02:00 · 1c13af142d
commit 1c13af142d
parent 1bf8676a6d
28 changed files with 336 additions and 132 deletions
--- a/stacks/openclaw/main.tf
+++ b/stacks/openclaw/main.tf
@ -330,6 +330,17 @@ resource "kubernetes_deployment" "openclaw" {
      spec {
        service_account_name = kubernetes_service_account.openclaw.metadata[0].name

+        # Init 0: fix /workspace ownership so node user can write
+        init_container {
+          name    = "fix-workspace-perms"
+          image   = "busybox:1.37"
+          command = ["sh", "-c", "chown 1000:1000 /workspace"]
+          volume_mount {
+            name       = "workspace"
+            mount_path = "/workspace"
+          }
+        }
+
        # Init 1: copy openclaw.json from ConfigMap into writable NFS home
        init_container {
          name    = "copy-config"
@ -472,6 +483,25 @@ resource "kubernetes_deployment" "openclaw" {
          }
        }

+        # Sidecar: playwright-mcp — headless browser for agents
+        container {
+          name  = "playwright-mcp"
+          image = "docker.io/viktorbarzin/playwright-mcp:v1"
+          args  = ["--headless", "--browser", "chromium", "--no-sandbox", "--port", "3000", "--host", "0.0.0.0"]
+          port {
+            container_port = 3000
+          }
+          resources {
+            requests = {
+              cpu    = "50m"
+              memory = "256Mi"
+            }
+            limits = {
+              memory = "512Mi"
+            }
+          }
+        }
+
        # Sidecar: modelrelay — auto-routes to fastest healthy free model
        container {
          name  = "modelrelay"