diff --git a/apps/guacamole/guacamole.yaml b/apps/guacamole/guacamole.yaml
index 94728ed..a6a6101 100644
--- a/apps/guacamole/guacamole.yaml
+++ b/apps/guacamole/guacamole.yaml
@@ -516,50 +516,34 @@ data:
     #!/bin/bash
     set -euo pipefail
     GUAC_API="${GUAC_URL}/guacamole/api"
-    DATASOURCE="mysql"
+    DS="mysql"
     echo "[k8s-sync] Starting pod connection sync"
-    TOKEN=$(curl -sf -d "username=${GUAC_ADMIN_USER}&password=${GUAC_ADMIN_PASSWORD}" \
-        "${GUAC_API}/tokens" | python3 -c "import sys,json; print(json.load(sys.stdin)['authToken'])")
+    # Auth using grep (no python3/jq in bitnami/kubectl)
+    AUTH_RESP=$(curl -sf -d "username=${GUAC_ADMIN_USER}&password=${GUAC_ADMIN_PASSWORD}" "${GUAC_API}/tokens")
+    TOKEN=$(echo "$AUTH_RESP" | grep -o '"authToken":"[^"]*"' | cut -d'"' -f4)
     if [ -z "$TOKEN" ]; then echo "[k8s-sync] ERROR: Auth failed"; exit 1; fi
-    # Find Kubernetes group
-    K8S_GROUP_ID=$(curl -sf "${GUAC_API}/session/data/${DATASOURCE}/connectionGroups/ROOT/tree?token=${TOKEN}" \
-        | python3 -c "
-    import sys, json
-    tree = json.load(sys.stdin)
-    for g in tree.get('childConnectionGroups', []):
-        if g.get('name') == 'Kubernetes':
-            print(g['identifier']); sys.exit(0)
-    print('')")
-    if [ -z "$K8S_GROUP_ID" ]; then echo "[k8s-sync] No Kubernetes group"; exit 0; fi
-    # Get existing connections
-    EXISTING=$(curl -sf "${GUAC_API}/session/data/${DATASOURCE}/connections?token=${TOKEN}" \
-        | python3 -c "
-    import sys, json
-    conns = json.load(sys.stdin)
-    for k,v in conns.items():
-        if v.get('protocol') == 'kubernetes':
-            params = v.get('parameters', {})
-            print(f'{k}\t{params.get(\"namespace\",\"\")}\t{params.get(\"pod\",\"\")}')" 2>/dev/null || echo "")
+    echo "[k8s-sync] Authenticated"
+    CONNS=$(curl -sf "${GUAC_API}/session/data/${DS}/connections?token=${TOKEN}")
     IFS=',' read -ra NAMESPACES <<< "$TARGET_NAMESPACES"
     UPDATED=0
     for NS in "${NAMESPACES[@]}"; do
         PODS=$(kubectl get pods -n "$NS" --field-selector=status.phase=Running \
-            -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.containers[0].name}{"\n"}{end}' 2>/dev/null || echo "")
-        while IFS=$'\t' read -r POD CONTAINER; do
+            -o jsonpath='{range .items[*]}{.metadata.name} {.spec.containers[0].name}{"\n"}{end}' 2>/dev/null || echo "")
+        while read -r POD CONTAINER; do
             [ -z "$POD" ] && continue
-            # Check if a connection exists for this namespace+container combo
-            CONN_ID=$(echo "$EXISTING" | grep "	${NS}	" | head -1 | cut -f1)
-            if [ -n "$CONN_ID" ]; then
-                # Update existing connection pod name
-                OLD_POD=$(echo "$EXISTING" | grep "^${CONN_ID}	" | cut -f3)
-                if [ "$OLD_POD" != "$POD" ]; then
-                    echo "[k8s-sync] Updating ${NS}/${CONTAINER}: ${OLD_POD} -> ${POD}"
+            CONN_IDS=$(echo "$CONNS" | grep -o "\"[0-9]*\":{\"name\":\"k8s: ${CONTAINER}\"" | grep -o '"[0-9]*"' | tr -d '"' || echo "")
+            for CID in $CONN_IDS; do
+                PARAMS=$(curl -sf "${GUAC_API}/session/data/${DS}/connections/${CID}/parameters?token=${TOKEN}")
+                CURR_NS=$(echo "$PARAMS" | grep -o '"namespace":"[^"]*"' | cut -d'"' -f4)
+                CURR_POD=$(echo "$PARAMS" | grep -o '"pod":"[^"]*"' | cut -d'"' -f4)
+                if [ "$CURR_NS" = "$NS" ] && [ "$CURR_POD" != "$POD" ]; then
+                    echo "[k8s-sync] Updating $NS/$CONTAINER: $CURR_POD -> $POD"
                     curl -sf -X PUT -H "Content-Type: application/json" \
-                        -d "{\"name\":\"k8s: ${CONTAINER}\",\"parentIdentifier\":\"ROOT\",\"protocol\":\"kubernetes\",\"parameters\":{\"hostname\":\"localhost\",\"port\":\"8001\",\"namespace\":\"${NS}\",\"pod\":\"${POD}\",\"container\":\"${CONTAINER}\",\"use-ssl\":\"false\",\"exec-command\":\"/bin/sh\",\"font-size\":\"14\",\"color-scheme\":\"gray-black\",\"scrollback-size\":\"5000\"},\"attributes\":{\"max-connections\":\"2\",\"max-connections-per-user\":\"1\"}}" \
-                        "${GUAC_API}/session/data/${DATASOURCE}/connections/${CONN_ID}?token=${TOKEN}" > /dev/null
+                        -d "{\"name\":\"k8s: $CONTAINER\",\"parentIdentifier\":\"ROOT\",\"protocol\":\"kubernetes\",\"parameters\":{\"hostname\":\"localhost\",\"port\":\"8001\",\"namespace\":\"$NS\",\"pod\":\"$POD\",\"container\":\"$CONTAINER\",\"use-ssl\":\"false\",\"exec-command\":\"/bin/sh\",\"font-size\":\"14\",\"color-scheme\":\"gray-black\",\"scrollback-size\":\"5000\"},\"attributes\":{\"max-connections\":\"2\",\"max-connections-per-user\":\"1\"}}" \
+                        "${GUAC_API}/session/data/${DS}/connections/${CID}?token=${TOKEN}" > /dev/null
                     UPDATED=$((UPDATED + 1))
                 fi
-            fi
+            done
         done <<< "$PODS"
     done
     echo "[k8s-sync] Done: ${UPDATED} updated"