From 3a8aae9e2d9074e014254e81bb1e629a17b637cb Mon Sep 17 00:00:00 2001 From: Andrew Stoltz Date: Fri, 24 Apr 2026 01:14:25 -0500 Subject: [PATCH] chore(guacamole): retire legacy guac.iamworkin.lan IngressRoute+cert MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Single-host routing via desktop.iamworkin.lan/guacamole has been live-proven (curl → 200) and the Codex single-host-guacamole-wip merge flipped RemoteDesktop.Web's GuacamolePublicUrl + defaults to the new path. Nothing else in FlowerCore actively requires the legacy guac.iamworkin.lan URL. Removed from the guacamole app: - IngressRoute `guacamole` matching Host(guac.iamworkin.lan) - Middleware `guac-add-prefix` (only the legacy route referenced it) - Certificate `guacamole-tls` (only covered guac.iamworkin.lan) ArgoCD prune will delete the live resources on next sync. The pfSense DNS override for guac.iamworkin.lan should be removed via FlowerCore.DNS as a follow-up operator step — not managed by this repo. The new `guacamole-desktop-path` IngressRoute + `desktop-guacamole-path-tls` Certificate (added in e65de29) handle all Guacamole traffic going forward. Co-Authored-By: Claude Opus 4.7 (1M context) --- apps/guacamole/guacamole.yaml | 51 +++++------------------------------ 1 file changed, 7 insertions(+), 44 deletions(-) diff --git a/apps/guacamole/guacamole.yaml b/apps/guacamole/guacamole.yaml index da309ec..0593def 100644 --- a/apps/guacamole/guacamole.yaml +++ b/apps/guacamole/guacamole.yaml @@ -399,50 +399,13 @@ spec: targetPort: 8080 name: http --- -# Traefik addPrefix middleware -# External URL guac.iamworkin.lan/ gets prefix /guacamole added -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: guac-add-prefix - namespace: guacamole -spec: - addPrefix: - prefix: /guacamole ---- -# TLS Certificate via cert-manager -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: guacamole-tls - namespace: guacamole -spec: - secretName: guacamole-tls - issuerRef: - name: step-ca-acme - kind: ClusterIssuer - dnsNames: - - guac.iamworkin.lan ---- -# Traefik IngressRoute -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: guacamole - namespace: guacamole -spec: - entryPoints: - - websecure - routes: - - match: Host(`guac.iamworkin.lan`) - kind: Rule - middlewares: - - name: guac-add-prefix - services: - - name: guacamole - port: 8080 - tls: - secretName: guacamole-tls +# Legacy guac.iamworkin.lan IngressRoute + add-prefix middleware + +# TLS Certificate RETIRED 2026-04-24. Single-host routing via +# desktop.iamworkin.lan/guacamole (below) has been live-proven and +# RemoteDesktop.Web no longer emits URLs pointing at the legacy +# subdomain. ArgoCD prune will delete the live resources on next +# sync; pfSense DNS override for guac.iamworkin.lan should be +# removed via FlowerCore.DNS in a follow-up operator step. --- # Single-host Guacamole routing — matches RemoteDesktop.Web launch URLs # that embed Guacamole as a path-prefixed iframe on the primary desktop