bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity
Files
292528ec154ae11c9a86fbb58d8b484b45ed8b5c
bluejay-infra/apps/fc-desktop/fc-desktop.yaml
Andrew Stoltz 292528ec15 feat(fc-desktop): add /guacamole PathPrefix route to IngressRoute 
Single-host Guacamole routing — Traefik matches Host=desktop.iamworkin.lan
+ PathPrefix=/guacamole first (priority 20) and forwards to the
guacamole Service in the guacamole namespace on 8080. The existing
Host-only catch-all rule drops to priority 10 so Guacamole traffic
resolves to the more-specific match.

Mirrors the IngressRoute in FlowerCore.RemoteDesktop@master (merged
as part of codex/single-host-guacamole-wip). The RemoteDesktop repo
copy is deploy-ref only — ArgoCD owns the live IngressRoute via
this manifest. Without this change, GuacamolePublicUrl=
https://desktop.iamworkin.lan/guacamole returns 404 because Traefik
routes the whole Host to remotedesktop-web.

Unblocks the per-template AAT smoke against the new public URL
path + closes the final live piece of Codex's single-host routing
work.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 01:03:34 -05:00

48 lines
1.4 KiB
YAML
Raw Blame History

# FlowerCore Remote Desktop — TLS + Ingress
# Deployment and Service managed by deploy script (not ArgoCD)
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: remotedesktop-web-tls
namespace: fc-desktop
spec:
secretName: remotedesktop-web-tls
issuerRef:
name: step-ca-acme
kind: ClusterIssuer
dnsNames:
- desktop.iamworkin.lan
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: remotedesktop-web
namespace: fc-desktop
spec:
entryPoints:
- websecure
routes:
# Single-host Guacamole routing: Traefik forwards the /guacamole
# path-prefix directly to the guacamole Service in the guacamole
# namespace. Must precede the catch-all Host() rule so priority
# resolves the more-specific match first. RemoteDesktop.Web then
# emits launch URLs with host=desktop.iamworkin.lan + /guacamole
# prefix, keeping Guacamole reachable through the same public
# surface (GuacamolePublicUrl=https://desktop.iamworkin.lan/guacamole).
- match: Host(`desktop.iamworkin.lan`) && PathPrefix(`/guacamole`)
kind: Rule
priority: 20
services:
- name: guacamole
namespace: guacamole
port: 8080
- match: Host(`desktop.iamworkin.lan`)
kind: Rule
priority: 10
services:
- name: remotedesktop-web
port: 8080
tls:
secretName: remotedesktop-web-tls
Reference in New Issue View Git Blame Copy Permalink