fix(guacamole): readinessProbe path /guacamole/ matches webapp deploy root (Refs TBD-G4) (#1699)

The Apache Guacamole webapp deploys under Tomcat's context path `/guacamole/` (the WAR is `guacamole.war` so Tomcat exposes it at `/<warname>/`). Tomcat's ROOT context at `/` returns 404. Probing `/` previously caused both liveness AND readiness probes to fail with HTTP 404 → kubelet restarted the Pod every ~60s → kube-system Cilium gateway returned HTTP 503 to `https://guacamole.<sov>/` because no Endpoint was ever Ready (observed on t22, 5 restarts in 8m of uptime). Probing `/guacamole/` matches the actual servlet context the webapp registers at boot. Chart bump 0.1.22 -> 0.1.23. Bootstrap-kit pin follow-up in a separate PR (pattern matches #1693 + #1694). Co-authored-by: hatiyildiz <hati.yildiz@openova.io> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 17:08:54 +04:00 · 2026-05-18 17:08:54 +04:00 · a632ed50e2
commit a632ed50e2
parent c70ead6a13
2 changed files with 23 additions and 3 deletions
--- a/platform/guacamole/chart/Chart.yaml
+++ b/platform/guacamole/chart/Chart.yaml
@ -40,7 +40,15 @@ name: bp-guacamole
 # 0.1.17 (Fix #163, 2026-05-11, MIRROR-EVERYTHING): migrationImage AND
 # oidc-secret-bootstrap-job both gain explicit
 # harbor.openova.io/proxy-dockerhub prefix per CLAUDE.md inviolable rule.
-version: 0.1.22
+# 0.1.23 (Refs TBD-G4 phase 2, 2026-05-18): readiness + liveness probe
+# paths flipped from `/` to `/guacamole/`. The Apache Guacamole webapp
+# deploys at Tomcat's context path /guacamole/ (the WAR file is
+# `guacamole.war` so Tomcat exposes it at /<warname>/). The container
+# root path `/` returns 404 from Tomcat's empty ROOT context, so
+# probing `/` made kubelet restart the Pod every ~60s and the kube-
+# system Cilium gateway returned 503 to `https://guacamole.<sov>/`
+# because no endpoint was ever Ready (observed on t22, 5 restarts).
+version: 0.1.23
 appVersion: "1.5.5"
 description: |
  Catalyst-authored Blueprint chart for Apache Guacamole — a clientless
--- a/platform/guacamole/chart/templates/guacamole-deployment.yaml
+++ b/platform/guacamole/chart/templates/guacamole-deployment.yaml
@ -100,15 +100,27 @@ spec:
            {{- toYaml .Values.guacamole.webapp.resources | nindent 12 }}
          securityContext:
            {{- toYaml .Values.guacamole.containerSecurityContext | nindent 12 }}
+          # The Apache Guacamole webapp deploys under Tomcat's context
+          # path `/guacamole/` (the WAR is `guacamole.war` so Tomcat
+          # exposes it at `/<warname>/`). The container root path `/`
+          # is NOT served by the webapp — it returns 404 from Tomcat's
+          # ROOT context. Probing `/` previously caused liveness +
+          # readiness probes to fail with HTTP 404, the kubelet to
+          # restart the Pod every ~60s, and the kube-system Cilium
+          # gateway to return 503 to the public hostname because no
+          # endpoint was ever Ready (observed on t22, 5 restarts).
+          # Probing `/guacamole/` matches the actual webapp root.
+          # Operator-visible /guacamole.html → /guacamole/ redirect is
+          # handled by the HTTPRoute (separate PR / TBD-G6 follow-up).
          livenessProbe:
            httpGet:
-              path: /
+              path: /guacamole/
              port: http
            initialDelaySeconds: 30
            periodSeconds: 30
          readinessProbe:
            httpGet:
-              path: /
+              path: /guacamole/
              port: http
            initialDelaySeconds: 10
            periodSeconds: 10