bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity
Files
f0733ff89d6901f8a657fc336077b37fa5b6d421
bluejay-infra/apps
History
Andrew Stoltz f0733ff89d feat(guacamole): wire 1Password vault extension + logback into deployment 
Adds the 1Password vault JAR to the Guacamole pod so connection params
like ${OP:ItemTitle/fieldLabel} are resolved from 1Password Connect at
tunnel-open time. Credentials never land in MySQL — only token literals.

Deployment changes:
- env: OP_CONNECT_URL=http://10.0.56.10:8180, OP_VAULT_ID=..., plus
  OP_CONNECT_TOKEN from secret/guacamole-1password-token/credential.
- env: ENABLE_ENVIRONMENT_PROPERTIES=true so OP_* env vars render as
  op-connect-url / op-connect-token / op-vault-id properties the
  extension reads.
- volumeMount for guacamole-vault-jar at
  /etc/guacamole/extensions/guacamole-vault-1password-1.0.0.jar
- volumeMount for guacamole-logback so we see DEBUG token-inject lines.
- nodeSelector kubernetes.io/hostname=rke2-server — the Synology NFS
  export for /volume1/kubernetes currently only allows rke2-server.
  Followup: add rke2-agent1/2 to the export and remove this selector.

New ConfigMaps:
- guacamole-vault-jar (binaryData, ~312KB JAR, Gson shaded, built from
  FlowerCore.Notes/k8s/guacamole/extensions/1password-vault via mvn).
- guacamole-logback with DEBUG on io.flowercore.guacamole.vault — drop
  to INFO once resolution is proven stable.

Existing guacamole-properties: added onepassword-vault to extension-priority.

The guacamole-1password-token Secret is NOT in git — it holds a verbatim
copy of the onepassword-connect-operator bearer token. Followup task:
provision a scoped Connect token for Guacamole and rotate the copy out.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 15:32:51 -05:00
..
agent-zero
Update Agent Zero, Asterisk, and Telephony K8s manifests
2026-04-13 19:12:08 -05:00
andrew
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
asterisk
fix: align desk phone dtmf mode with yealink provisioning
2026-04-16 19:36:37 -05:00
dustin
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
erik
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
fc-chat
apps: fc-chat refactor + fc-menuboard app split
2026-04-16 19:25:25 -05:00
fc-desktop
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-dms
Add signage service ingress manifests
2026-04-09 15:09:08 -05:00
fc-landing
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-menuboard
apps: fc-chat refactor + fc-menuboard app split
2026-04-16 19:25:25 -05:00
fc-messageboard
Add K8s deployment manifests for SignalControl, MessageBoard, Chat, TTS Reader
2026-04-13 20:23:55 -05:00
fc-mysql
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-php
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-presentations
Add signage service ingress manifests
2026-04-09 15:09:08 -05:00
fc-scoreboard
Add signage service ingress manifests
2026-04-09 15:09:08 -05:00
fc-signage
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-signalcontrol
Add K8s deployment manifests for SignalControl, MessageBoard, Chat, TTS Reader
2026-04-13 20:23:55 -05:00
fc-ttsreader
ttsreader: wire operator secrets through 1password
2026-04-17 10:05:24 -05:00
fit
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
flowercore
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
gitea-public
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
guacamole
feat(guacamole): wire 1Password vault extension + logback into deployment
2026-04-17 15:32:51 -05:00
intranet
Add cert-manager Certificate for intranet ACME TLS auto-renewal
2026-04-05 08:47:42 -05:00
irc
Improve The Lounge MOTD contrast
2026-04-16 19:49:53 -05:00
mail
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
matrix
matrix, zabbix: add volumeMode to postgres PVC templates
2026-04-17 14:48:43 -05:00
monitoring
Add agent-zero egress to monitoring NetworkPolicy for blackbox probes
2026-04-08 17:34:16 +00:00
noc-services
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
pki-web
Add infrastructure manifests for 9 services
2026-03-09 16:35:04 -05:00
teamspeak
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
telephony
telephony: bump web image to v202604170153
2026-04-16 20:56:30 -05:00
traefik-dashboard
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
voice
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
zabbix
matrix, zabbix: add volumeMode to postgres PVC templates
2026-04-17 14:48:43 -05:00