diff --git a/.flake8 b/.flake8
new file mode 100644
index 0000000..d6cbf96
--- /dev/null
+++ b/.flake8
@@ -0,0 +1,8 @@
+[flake8]
+per-file-ignores =
+    # imported but unused
+    __init__.py: F401
+
+max-complexity = 10
+
+extend-ignore = E501,C901
diff --git a/.github/workflows/controller-container.yaml b/.github/workflows/controller-container.yaml
new file mode 100644
index 0000000..1b37eb6
--- /dev/null
+++ b/.github/workflows/controller-container.yaml
@@ -0,0 +1,39 @@
+name: Controller Container
+
+on:
+  pull_request:
+    paths:
+      - 'containers/controller/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'containers/controller/**'
+
+permissions:
+  contents: write
+  pull-requests: read
+  actions: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  controller-container:
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.4.2-containers
+    with:
+      job-name: controller-container
+      registry: ${{ vars.HARBOR_REGISTRY }}
+      registry-user: ${{ vars.HARBOR_USER }}
+      registry-repo: ${{ vars.HARBOR_PROJECT }}/controller
+      release-tag-format: 'controller-container-${version}'
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      build-file: containers/controller/Dockerfile
+      build-context: containers/controller
+    secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
+      registry-token: ${{ secrets.HARBOR_TOKEN }}
+      slack-token: ${{ secrets.SLACK_TOKEN }}
diff --git a/.github/workflows/flake8.yaml b/.github/workflows/flake8.yaml
new file mode 100644
index 0000000..82b08a5
--- /dev/null
+++ b/.github/workflows/flake8.yaml
@@ -0,0 +1,31 @@
+name: Flake8
+
+on:
+  pull_request:
+    paths:
+      - '.flake8'
+      - 'containers/controller/src/**.py'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  flake8:
+    runs-on:
+      labels: [self-hosted, linux, x64]
+      group: light
+    
+    steps:
+      - name: clone repo
+        uses: actions/checkout@v4
+        
+      - name: install flake8
+        run: pip install flake8
+        
+      - name: install flake8 annotations
+        uses: rbialon/flake8-annotations@v1
+          
+      - name: run flake8
+        run: |
+          flake8 containers/controller/src
diff --git a/.github/workflows/guacamole-chart.yaml b/.github/workflows/guacamole-chart.yaml
new file mode 100644
index 0000000..0d6c153
--- /dev/null
+++ b/.github/workflows/guacamole-chart.yaml
@@ -0,0 +1,42 @@
+name: Guacamole Chart
+
+on:
+  pull_request:
+    paths:
+      - 'charts/guacamole/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'charts/guacamole/**'
+
+permissions:
+  contents: write
+  pull-requests: read
+  actions: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  guacamole-chart:
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v1.2.0-charts
+    with:
+      job-name: guacamole-chart
+      registry: ${{ vars.HARBOR_REGISTRY }}
+      registry-user: ${{ vars.HARBOR_USER }}
+      registry-project: ${{ vars.HARBOR_PROJECT }}
+      registry-repo: guacamole
+      release-tag-format: 'guacamole-chart-${version}'
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      chart: charts/guacamole
+      test-command: |
+        helm template $CHART --debug
+
+    secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
+      registry-token: ${{ secrets.HARBOR_TOKEN }}
+      slack-token: ${{ secrets.SLACK_TOKEN }}
diff --git a/.github/workflows/guacamole-crds-chart.yaml b/.github/workflows/guacamole-crds-chart.yaml
new file mode 100644
index 0000000..8e7038b
--- /dev/null
+++ b/.github/workflows/guacamole-crds-chart.yaml
@@ -0,0 +1,42 @@
+name: Guacamole Chart
+
+on:
+  pull_request:
+    paths:
+      - 'charts/guacamole-crds/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'charts/guacamole-crds/**'
+
+permissions:
+  contents: write
+  pull-requests: read
+  actions: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  guacamole-crds-chart:
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v1.2.0-charts
+    with:
+      job-name: guacamole-crds-chart
+      registry: ${{ vars.HARBOR_REGISTRY }}
+      registry-user: ${{ vars.HARBOR_USER }}
+      registry-project: ${{ vars.HARBOR_PROJECT }}
+      registry-repo: guacamole-crds
+      release-tag-format: 'guacamole-crds-chart-${version}'
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      chart: charts/guacamole-crds
+      test-command: |
+        helm template $CHART --debug
+
+    secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
+      registry-token: ${{ secrets.HARBOR_TOKEN }}
+      slack-token: ${{ secrets.SLACK_TOKEN }}
diff --git a/charts/guacamole-crds/.helmignore b/charts/guacamole-crds/.helmignore
index 2a2671c..0f4f9fb 100644
--- a/charts/guacamole-crds/.helmignore
+++ b/charts/guacamole-crds/.helmignore
@@ -1,3 +1,4 @@
+
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line..
diff --git a/charts/guacamole/.helmignore b/charts/guacamole/.helmignore
index 2a2671c..0f4f9fb 100644
--- a/charts/guacamole/.helmignore
+++ b/charts/guacamole/.helmignore
@@ -1,3 +1,4 @@
+
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line..
diff --git a/containers/guacamole/controller/Dockerfile b/containers/controller/Dockerfile
similarity index 100%
rename from containers/guacamole/controller/Dockerfile
rename to containers/controller/Dockerfile
diff --git a/containers/guacamole/controller/src/api/__init__.py b/containers/controller/src/api/__init__.py
similarity index 100%
rename from containers/guacamole/controller/src/api/__init__.py
rename to containers/controller/src/api/__init__.py
diff --git a/containers/guacamole/controller/src/api/authenticate_user.py b/containers/controller/src/api/authenticate_user.py
similarity index 100%
rename from containers/guacamole/controller/src/api/authenticate_user.py
rename to containers/controller/src/api/authenticate_user.py
diff --git a/containers/guacamole/controller/src/api/build_url.py b/containers/controller/src/api/build_url.py
similarity index 98%
rename from containers/guacamole/controller/src/api/build_url.py
rename to containers/controller/src/api/build_url.py
index 95e90f2..d4c8905 100644
--- a/containers/guacamole/controller/src/api/build_url.py
+++ b/containers/controller/src/api/build_url.py
@@ -33,4 +33,4 @@ def build_url(
     )
 
     logging.debug(f"{url=}")
-    return url
\ No newline at end of file
+    return url
diff --git a/containers/guacamole/controller/src/controller.py b/containers/controller/src/controller.py
similarity index 99%
rename from containers/guacamole/controller/src/controller.py
rename to containers/controller/src/controller.py
index 7b7c4fb..d3336c3 100644
--- a/containers/guacamole/controller/src/controller.py
+++ b/containers/controller/src/controller.py
@@ -239,7 +239,7 @@ def main(
             username = record["attributes"].get(ldap_username_attribute, "")
             logging.debug(f"{dn=} {ldap_username_attribute}={username}")
 
-        logging.debug(f"sleeping...")
+        logging.debug("sleeping...")
         time.sleep(60)
 
     logging.info("halting")
diff --git a/containers/guacamole/controller/src/database/__init__.py b/containers/controller/src/database/__init__.py
similarity index 100%
rename from containers/guacamole/controller/src/database/__init__.py
rename to containers/controller/src/database/__init__.py
diff --git a/containers/guacamole/controller/src/database/connection.py b/containers/controller/src/database/connection.py
similarity index 100%
rename from containers/guacamole/controller/src/database/connection.py
rename to containers/controller/src/database/connection.py
diff --git a/containers/guacamole/controller/src/database/create_service_user.py b/containers/controller/src/database/create_service_user.py
similarity index 96%
rename from containers/guacamole/controller/src/database/create_service_user.py
rename to containers/controller/src/database/create_service_user.py
index c87182f..3fffca8 100644
--- a/containers/guacamole/controller/src/database/create_service_user.py
+++ b/containers/controller/src/database/create_service_user.py
@@ -7,10 +7,10 @@
 
 
 def db_create_service_user(
-        client: Connection,
-        username: str,
-        password: str
-    ):
+    client: Connection,
+    username: str,
+    password: str
+):
 
     logging.debug(f"{username=}")
 
diff --git a/containers/guacamole/controller/src/directory/__init__.py b/containers/controller/src/directory/__init__.py
similarity index 100%
rename from containers/guacamole/controller/src/directory/__init__.py
rename to containers/controller/src/directory/__init__.py
diff --git a/containers/guacamole/controller/src/directory/authenticate_user.py b/containers/controller/src/directory/authenticate_user.py
similarity index 99%
rename from containers/guacamole/controller/src/directory/authenticate_user.py
rename to containers/controller/src/directory/authenticate_user.py
index 9d148c4..1474d50 100644
--- a/containers/guacamole/controller/src/directory/authenticate_user.py
+++ b/containers/controller/src/directory/authenticate_user.py
@@ -17,4 +17,3 @@ def ldap_authenticate_user(
     client.start_tls()
 
     return client
-
diff --git a/containers/guacamole/controller/src/directory/iter_group_members.py b/containers/controller/src/directory/iter_group_members.py
similarity index 100%
rename from containers/guacamole/controller/src/directory/iter_group_members.py
rename to containers/controller/src/directory/iter_group_members.py
diff --git a/containers/guacamole/controller/src/directory/iter_search.py b/containers/controller/src/directory/iter_search.py
similarity index 100%
rename from containers/guacamole/controller/src/directory/iter_search.py
rename to containers/controller/src/directory/iter_search.py
diff --git a/containers/guacamole/controller/src/requirements.txt b/containers/controller/src/requirements.txt
similarity index 100%
rename from containers/guacamole/controller/src/requirements.txt
rename to containers/controller/src/requirements.txt