chore(guacamole): retire legacy guac.iamworkin.lan IngressRoute+cert
Single-host routing via desktop.iamworkin.lan/guacamole has been
live-proven (curl → 200) and the Codex single-host-guacamole-wip
merge flipped RemoteDesktop.Web's GuacamolePublicUrl + defaults to
the new path. Nothing else in FlowerCore actively requires the
legacy guac.iamworkin.lan URL.
Removed from the guacamole app:
- IngressRoute `guacamole` matching Host(guac.iamworkin.lan)
- Middleware `guac-add-prefix` (only the legacy route referenced it)
- Certificate `guacamole-tls` (only covered guac.iamworkin.lan)
ArgoCD prune will delete the live resources on next sync. The
pfSense DNS override for guac.iamworkin.lan should be removed
via FlowerCore.DNS as a follow-up operator step — not managed by
this repo.
The new `guacamole-desktop-path` IngressRoute + `desktop-guacamole-path-tls`
Certificate (added in e65de29) handle all Guacamole traffic going
forward.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andrew Stoltz
@@ -399,50 +399,13 @@ spec:
|
||||
targetPort: 8080
|
||||
name: http
|
||||
---
|
||||
# Traefik addPrefix middleware
|
||||
# External URL guac.iamworkin.lan/ gets prefix /guacamole added
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: guac-add-prefix
|
||||
namespace: guacamole
|
||||
spec:
|
||||
addPrefix:
|
||||
prefix: /guacamole
|
||||
---
|
||||
# TLS Certificate via cert-manager
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: guacamole-tls
|
||||
namespace: guacamole
|
||||
spec:
|
||||
secretName: guacamole-tls
|
||||
issuerRef:
|
||||
name: step-ca-acme
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- guac.iamworkin.lan
|
||||
---
|
||||
# Traefik IngressRoute
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: guacamole
|
||||
namespace: guacamole
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`guac.iamworkin.lan`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: guac-add-prefix
|
||||
services:
|
||||
- name: guacamole
|
||||
port: 8080
|
||||
tls:
|
||||
secretName: guacamole-tls
|
||||
# Legacy guac.iamworkin.lan IngressRoute + add-prefix middleware +
|
||||
# TLS Certificate RETIRED 2026-04-24. Single-host routing via
|
||||
# desktop.iamworkin.lan/guacamole (below) has been live-proven and
|
||||
# RemoteDesktop.Web no longer emits URLs pointing at the legacy
|
||||
# subdomain. ArgoCD prune will delete the live resources on next
|
||||
# sync; pfSense DNS override for guac.iamworkin.lan should be
|
||||
# removed via FlowerCore.DNS in a follow-up operator step.
|
||||
---
|
||||
# Single-host Guacamole routing — matches RemoteDesktop.Web launch URLs
|
||||
# that embed Guacamole as a path-prefixed iframe on the primary desktop
|
||||
|
||||
Reference in New Issue
Block a user