Update telephony-web image to v20260324d, resolve merge conflicts

2026-03-24 15:55:52 -05:00
parent 42d2894ed1
commit f3fde15002
14 changed files with 3333 additions and 3420 deletions
--- a/apps/guacamole/guacamole.yaml
+++ b/apps/guacamole/guacamole.yaml
@@ -1,9 +1,8 @@
-# Apache Guacamole - Blue Jay Remote Access
-# FlowerCore Infrastructure Gateway
-# MySQL 8 + guacd + guacamole web (Blue Jay branded)
+# Apache Guacamole - Remote Desktop Gateway
+# MySQL 8 + guacd + guacamole web
 # ArgoCD managed - BlueJay Lab
 # ALL credentials sourced from 1Password via OnePasswordItem CRD (guacamole-credentials)
-# Custom image: fc-guacamole:bluejay (Blue Jay branding + 1Password vault extension)
+# Fields: username, password, DB-User, DB-Password, DB-Root-Password, DB-Name, URL
 ---
 apiVersion: v1
 kind: Namespace
@@ -110,6 +109,7 @@ spec:
  clusterIP: None
 ---
 # DB schema init Job
+# Generates the MySQL schema and pipes it into the database
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -141,7 +141,9 @@ spec:
            - sh
            - -c
            - |
+              # Generate schema SQL
              /opt/guacamole/bin/initdb.sh --mysql > /tmp/initdb.sql
+              # Apply schema (ignore errors if tables already exist)
              mysql -h guac-mysql -u root -p"$MYSQL_ROOT_PASSWORD" "$MYSQL_DATABASE" < /tmp/initdb.sql || true
          env:
            - name: MYSQL_ROOT_PASSWORD
@@ -174,7 +176,6 @@ spec:
        app: guacd
    spec:
      containers:
-        serviceAccountName: guacd-exec
        - name: guacd
          image: guacamole/guacd:latest
          ports:
@@ -206,48 +207,7 @@ spec:
      targetPort: 4822
      name: guacd
 ---
-# Guacamole Properties ConfigMap
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: guacamole-properties
-  namespace: guacamole
-  labels:
-    app: guacamole
-data:
-  guacamole.properties: |
-    # Blue Jay Remote Access — Guacamole Configuration
-    # MySQL/guacd settings provided via env vars — do NOT duplicate here
-
-    # 1Password Vault Integration
-    1password-connect-url: http://onepassword-connect.onepassword-system.svc.cluster.local:8080
-    1password-connect-token: placeholder-configure-via-secret
-    1password-vault-id: qaphopopkryhbg353ukzhhuqoq
-
-    # Extension Priority
-    extension-priority: mysql, ban, bluejay, 1password-vault, *
-
-    # Ban (brute force)
-    ban-max-invalid-attempts: 5
-    ban-address-duration: 300000
-    ban-max-addresses: 1000
-
-    # TOTP
-    totp-issuer: Blue Jay Remote Access
-    totp-digits: 6
-    totp-period: 30
-    totp-mode: sha256
-
-    # Session Recording
-    recording-search-path: /var/lib/guacamole/recordings
-
-    # Logging
-    log-level: info
-
-    # API Token Expiry
-    api-session-timeout: 60
---
-# Guacamole Web Application — Blue Jay branded
+# Guacamole Web Application
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -267,8 +227,7 @@ spec:
    spec:
      containers:
        - name: guacamole
-          image: localhost/fc-guacamole:bluejay
-          imagePullPolicy: Never
+          image: guacamole/guacamole:latest
          ports:
            - containerPort: 8080
              name: http
@@ -296,10 +255,6 @@ spec:
                secretKeyRef:
                  name: guacamole-credentials
                  key: DB-Password
-          volumeMounts:
-            - name: guac-properties
-              mountPath: /etc/guacamole/guacamole.properties
-              subPath: guacamole.properties
          resources:
            requests:
              memory: 256Mi
@@ -319,10 +274,6 @@ spec:
              port: 8080
            initialDelaySeconds: 60
            periodSeconds: 5
-      volumes:
-        - name: guac-properties
-          configMap:
-            name: guacamole-properties
 ---
 apiVersion: v1
 kind: Service
@@ -338,6 +289,7 @@ spec:
      name: http
 ---
 # Traefik addPrefix middleware
+# External URL guac.iamworkin.lan/ gets prefix /guacamole added
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
@@ -381,7 +333,8 @@ spec:
  tls:
    secretName: guacamole-tls
 ---
-# 1Password secret sync
+# 1Password secret sync — creates guacamole-credentials K8s Secret
+# Fields: username, password, DB-User, DB-Password, DB-Root-Password, DB-Name, URL
 apiVersion: onepassword.com/v1
 kind: OnePasswordItem
 metadata:
@@ -389,38 +342,3 @@ metadata:
  namespace: guacamole
 spec:
  itemPath: vaults/IAmWorkin/items/Guacamole
---
-# RBAC for guacd K8s exec protocol
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: guacd-exec
-  namespace: guacamole
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: guacd-pod-exec
-rules:
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["get", "list"]
-  - apiGroups: [""]
-    resources: ["pods/exec"]
-    verbs: ["create"]
-  - apiGroups: [""]
-    resources: ["namespaces"]
-    verbs: ["list"]
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: guacd-pod-exec
-subjects:
-  - kind: ServiceAccount
-    name: guacd-exec
-    namespace: guacamole
-roleRef:
-  kind: ClusterRole
-  name: guacd-pod-exec
-  apiGroup: rbac.authorization.k8s.io
--- a/apps/intranet/intranet.yaml
+++ b/apps/intranet/intranet.yaml