chore(guacamole): retire legacy guac.iamworkin.lan IngressRoute+cert
Single-host routing via desktop.iamworkin.lan/guacamole has been
live-proven (curl → 200) and the Codex single-host-guacamole-wip
merge flipped RemoteDesktop.Web's GuacamolePublicUrl + defaults to
the new path. Nothing else in FlowerCore actively requires the
legacy guac.iamworkin.lan URL.
Removed from the guacamole app:
- IngressRoute `guacamole` matching Host(guac.iamworkin.lan)
- Middleware `guac-add-prefix` (only the legacy route referenced it)
- Certificate `guacamole-tls` (only covered guac.iamworkin.lan)
ArgoCD prune will delete the live resources on next sync. The
pfSense DNS override for guac.iamworkin.lan should be removed
via FlowerCore.DNS as a follow-up operator step — not managed by
this repo.
The new `guacamole-desktop-path` IngressRoute + `desktop-guacamole-path-tls`
Certificate (added in e65de29) handle all Guacamole traffic going
forward.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andrew Stoltz
@@ -399,50 +399,13 @@ spec:
|
|||||||
targetPort: 8080
|
targetPort: 8080
|
||||||
name: http
|
name: http
|
||||||
---
|
---
|
||||||
# Traefik addPrefix middleware
|
# Legacy guac.iamworkin.lan IngressRoute + add-prefix middleware +
|
||||||
# External URL guac.iamworkin.lan/ gets prefix /guacamole added
|
# TLS Certificate RETIRED 2026-04-24. Single-host routing via
|
||||||
apiVersion: traefik.io/v1alpha1
|
# desktop.iamworkin.lan/guacamole (below) has been live-proven and
|
||||||
kind: Middleware
|
# RemoteDesktop.Web no longer emits URLs pointing at the legacy
|
||||||
metadata:
|
# subdomain. ArgoCD prune will delete the live resources on next
|
||||||
name: guac-add-prefix
|
# sync; pfSense DNS override for guac.iamworkin.lan should be
|
||||||
namespace: guacamole
|
# removed via FlowerCore.DNS in a follow-up operator step.
|
||||||
spec:
|
|
||||||
addPrefix:
|
|
||||||
prefix: /guacamole
|
|
||||||
---
|
|
||||||
# TLS Certificate via cert-manager
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: guacamole-tls
|
|
||||||
namespace: guacamole
|
|
||||||
spec:
|
|
||||||
secretName: guacamole-tls
|
|
||||||
issuerRef:
|
|
||||||
name: step-ca-acme
|
|
||||||
kind: ClusterIssuer
|
|
||||||
dnsNames:
|
|
||||||
- guac.iamworkin.lan
|
|
||||||
---
|
|
||||||
# Traefik IngressRoute
|
|
||||||
apiVersion: traefik.io/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: guacamole
|
|
||||||
namespace: guacamole
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
- match: Host(`guac.iamworkin.lan`)
|
|
||||||
kind: Rule
|
|
||||||
middlewares:
|
|
||||||
- name: guac-add-prefix
|
|
||||||
services:
|
|
||||||
- name: guacamole
|
|
||||||
port: 8080
|
|
||||||
tls:
|
|
||||||
secretName: guacamole-tls
|
|
||||||
---
|
---
|
||||||
# Single-host Guacamole routing — matches RemoteDesktop.Web launch URLs
|
# Single-host Guacamole routing — matches RemoteDesktop.Web launch URLs
|
||||||
# that embed Guacamole as a path-prefixed iframe on the primary desktop
|
# that embed Guacamole as a path-prefixed iframe on the primary desktop
|
||||||
|
|||||||
Reference in New Issue
Block a user