diff --git a/deploy/quadlet/README.md b/deploy/quadlet/README.md index cf7c790..d7e58ba 100644 --- a/deploy/quadlet/README.md +++ b/deploy/quadlet/README.md @@ -82,6 +82,7 @@ Default workflow mode uses user services (`systemctl --user`) and rootless Podma - `SYSTEMD_SCOPE=user` - `PODMAN_USE_SUDO=false` - quadlet target: `~/.config/containers/systemd/kubeviz.container` +- user unit target in quadlet should be `WantedBy=default.target` So no root sudo is required for normal deploy runs. diff --git a/deploy/quadlet/kubeviz-traefik.container b/deploy/quadlet/kubeviz-traefik.container index 6de0640..4517730 100644 --- a/deploy/quadlet/kubeviz-traefik.container +++ b/deploy/quadlet/kubeviz-traefik.container @@ -6,10 +6,10 @@ Wants=network-online.target [Container] ContainerName=kubeviz Image=localhost/kubeviz:prod -Pull=always +Pull=never # Attach to the same user-defined network as Traefik. -Network=edge +Network=traefik Environment=TZ=Europe/Berlin Environment=ADDR=:8080 @@ -35,7 +35,7 @@ Label=traefik.http.routers.kubeviz.middlewares=kubeviz-sec-headers,kubeviz-auth Label=traefik.http.services.kubeviz.loadbalancer.server.port=8080 Label=traefik.docker.network=traefik Label=traefik.http.middlewares.kubeviz-sec-headers.headers.customResponseHeaders.Content-Security-Policy=default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self'; script-src-elem 'self' 'unsafe-inline'; connect-src 'self' wss: https:; font-src 'self' data:; worker-src 'self' blob:; -Label="traefik.http.middlewares.auth.basicauth.users=smb:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" +Label="traefik.http.middlewares.kubeviz-auth.basicauth.users=smb:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" [Service] Restart=always RestartSec=3 @@ -43,4 +43,4 @@ TimeoutStartSec=90 TimeoutStopSec=20 [Install] -WantedBy=multi-user.target +WantedBy=default.target diff --git a/scripts/deploy-with-podman.sh b/scripts/deploy-with-podman.sh index cdf00ed..a78280c 100755 --- a/scripts/deploy-with-podman.sh +++ b/scripts/deploy-with-podman.sh @@ -41,6 +41,9 @@ else if [ -z "${XDG_RUNTIME_DIR:-}" ]; then export XDG_RUNTIME_DIR="/run/user/$(id -u)" fi + if [ -z "${DBUS_SESSION_BUS_ADDRESS:-}" ]; then + export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus" + fi fi if [ -n "${REGISTRY_AUTH_FILE:-}" ] && [ -f "${REGISTRY_AUTH_FILE}" ]; then @@ -63,6 +66,7 @@ fi SOURCE_IMAGE="${IMAGE_REPO}:ci-${BUILD_ID}" RELEASE_IMAGE="${IMAGE_REPO}:${IMAGE_TAG}" +QUADLET_IMAGE="${QUADLET_IMAGE:-${RELEASE_IMAGE}}" echo "Building ${SOURCE_IMAGE}" "${PODMAN_CMD[@]}" build --pull=always -t "${SOURCE_IMAGE}" . @@ -79,9 +83,17 @@ if [ "${INSTALL_QUADLET}" = "true" ]; then if [ "${SYSTEMD_SCOPE}" = "system" ]; then sudo mkdir -p "${QUADLET_TARGET_DIR}" sudo cp "${QUADLET_SRC}" "${QUADLET_TARGET_DIR}/kubeviz.container" + sudo sed -i \ + -e "s#^Image=.*#Image=${QUADLET_IMAGE}#" \ + -e "s#^Pull=.*#Pull=never#" \ + "${QUADLET_TARGET_DIR}/kubeviz.container" else mkdir -p "${QUADLET_TARGET_DIR}" cp "${QUADLET_SRC}" "${QUADLET_TARGET_DIR}/kubeviz.container" + sed -i \ + -e "s#^Image=.*#Image=${QUADLET_IMAGE}#" \ + -e "s#^Pull=.*#Pull=never#" \ + "${QUADLET_TARGET_DIR}/kubeviz.container" fi fi @@ -89,6 +101,15 @@ echo "Reloading ${SYSTEMD_SCOPE} systemd and restarting ${SERVICE_NAME}" "${SYSTEMCTL_CMD[@]}" daemon-reload "${SYSTEMCTL_CMD[@]}" enable --now "${SERVICE_NAME}" "${SYSTEMCTL_CMD[@]}" restart "${SERVICE_NAME}" -"${SYSTEMCTL_CMD[@]}" is-active --quiet "${SERVICE_NAME}" +if ! "${SYSTEMCTL_CMD[@]}" is-active --quiet "${SERVICE_NAME}"; then + echo "Service ${SERVICE_NAME} is not active. Showing diagnostics..." + "${SYSTEMCTL_CMD[@]}" status "${SERVICE_NAME}" || true + if [ "${SYSTEMD_SCOPE}" = "system" ]; then + sudo journalctl -u "${SERVICE_NAME}" -n 200 --no-pager || true + else + journalctl --user -u "${SERVICE_NAME}" -n 200 --no-pager || true + fi + exit 1 +fi echo "Deployment successful: ${RELEASE_IMAGE}"