Next Try

deploy/quadlet/README.md

@@ -82,6 +82,7 @@ Default workflow mode uses user services (`systemctl --user`) and rootless Podma
 - `SYSTEMD_SCOPE=user`
 - `PODMAN_USE_SUDO=false`
 - quadlet target: `~/.config/containers/systemd/kubeviz.container`
+- user unit target in quadlet should be `WantedBy=default.target`
 
 So no root sudo is required for normal deploy runs.
 

deploy/quadlet/kubeviz-traefik.container

@@ -6,10 +6,10 @@ Wants=network-online.target
 [Container]
 ContainerName=kubeviz
 Image=localhost/kubeviz:prod
-Pull=always
+Pull=never
 
 # Attach to the same user-defined network as Traefik.
-Network=edge
+Network=traefik
 
 Environment=TZ=Europe/Berlin
 Environment=ADDR=:8080
@@ -35,7 +35,7 @@ Label=traefik.http.routers.kubeviz.middlewares=kubeviz-sec-headers,kubeviz-auth
 Label=traefik.http.services.kubeviz.loadbalancer.server.port=8080
 Label=traefik.docker.network=traefik
 Label=traefik.http.middlewares.kubeviz-sec-headers.headers.customResponseHeaders.Content-Security-Policy=default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self'; script-src-elem 'self' 'unsafe-inline'; connect-src 'self' wss: https:; font-src 'self' data:; worker-src 'self' blob:;
-Label="traefik.http.middlewares.auth.basicauth.users=smb:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
+Label="traefik.http.middlewares.kubeviz-auth.basicauth.users=smb:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
 [Service]
 Restart=always
 RestartSec=3
@@ -43,4 +43,4 @@ TimeoutStartSec=90
 TimeoutStopSec=20
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=default.target

scripts/deploy-with-podman.sh

@@ -41,6 +41,9 @@ else
   if [ -z "${XDG_RUNTIME_DIR:-}" ]; then
     export XDG_RUNTIME_DIR="/run/user/$(id -u)"
   fi
+  if [ -z "${DBUS_SESSION_BUS_ADDRESS:-}" ]; then
+    export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
+  fi
 fi
 
 if [ -n "${REGISTRY_AUTH_FILE:-}" ] && [ -f "${REGISTRY_AUTH_FILE}" ]; then
@@ -63,6 +66,7 @@ fi
 
 SOURCE_IMAGE="${IMAGE_REPO}:ci-${BUILD_ID}"
 RELEASE_IMAGE="${IMAGE_REPO}:${IMAGE_TAG}"
+QUADLET_IMAGE="${QUADLET_IMAGE:-${RELEASE_IMAGE}}"
 
 echo "Building ${SOURCE_IMAGE}"
 "${PODMAN_CMD[@]}" build --pull=always -t "${SOURCE_IMAGE}" .
@@ -79,9 +83,17 @@ if [ "${INSTALL_QUADLET}" = "true" ]; then
   if [ "${SYSTEMD_SCOPE}" = "system" ]; then
     sudo mkdir -p "${QUADLET_TARGET_DIR}"
     sudo cp "${QUADLET_SRC}" "${QUADLET_TARGET_DIR}/kubeviz.container"
+    sudo sed -i \
+      -e "s#^Image=.*#Image=${QUADLET_IMAGE}#" \
+      -e "s#^Pull=.*#Pull=never#" \
+      "${QUADLET_TARGET_DIR}/kubeviz.container"
   else
     mkdir -p "${QUADLET_TARGET_DIR}"
     cp "${QUADLET_SRC}" "${QUADLET_TARGET_DIR}/kubeviz.container"
+    sed -i \
+      -e "s#^Image=.*#Image=${QUADLET_IMAGE}#" \
+      -e "s#^Pull=.*#Pull=never#" \
+      "${QUADLET_TARGET_DIR}/kubeviz.container"
   fi
 fi
 
@@ -89,6 +101,15 @@ echo "Reloading ${SYSTEMD_SCOPE} systemd and restarting ${SERVICE_NAME}"
 "${SYSTEMCTL_CMD[@]}" daemon-reload
 "${SYSTEMCTL_CMD[@]}" enable --now "${SERVICE_NAME}"
 "${SYSTEMCTL_CMD[@]}" restart "${SERVICE_NAME}"
-"${SYSTEMCTL_CMD[@]}" is-active --quiet "${SERVICE_NAME}"
+if ! "${SYSTEMCTL_CMD[@]}" is-active --quiet "${SERVICE_NAME}"; then
+  echo "Service ${SERVICE_NAME} is not active. Showing diagnostics..."
+  "${SYSTEMCTL_CMD[@]}" status "${SERVICE_NAME}" || true
+  if [ "${SYSTEMD_SCOPE}" = "system" ]; then
+    sudo journalctl -u "${SERVICE_NAME}" -n 200 --no-pager || true
+  else
+    journalctl --user -u "${SERVICE_NAME}" -n 200 --no-pager || true
+  fi
+  exit 1
+fi
 
 echo "Deployment successful: ${RELEASE_IMAGE}"