This commit is contained in:
@@ -78,12 +78,21 @@ For private base images (for example `dhi.io/golang:*`), ensure the runner user
|
||||
|
||||
The deploy script forwards `REGISTRY_AUTH_FILE` to `sudo podman` automatically.
|
||||
|
||||
Default workflow mode uses user services (`systemctl --user`) and rootless Podman:
|
||||
- `SYSTEMD_SCOPE=user`
|
||||
- `PODMAN_USE_SUDO=false`
|
||||
- quadlet target: `~/.config/containers/systemd/kubeviz.container`
|
||||
|
||||
So no root sudo is required for normal deploy runs.
|
||||
|
||||
Required sudo permissions for the Gitea runner user (example):
|
||||
|
||||
```text
|
||||
gitea-runner ALL=(root) NOPASSWD:/usr/bin/podman build *,/usr/bin/podman tag *,/usr/bin/systemctl restart kubeviz.service,/usr/bin/systemctl is-active kubeviz.service
|
||||
```
|
||||
|
||||
Only needed when you switch to `SYSTEMD_SCOPE=system` or `PODMAN_USE_SUDO=true`.
|
||||
|
||||
The user must be the one that executes the Gitea Actions runner service (often `gitea-runner`).
|
||||
Check it with:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user