From ab55cb5dcd156fa650ca93d7bd6821888ab5d8ef Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Wed, 17 Jun 2026 20:29:31 +0000 Subject: [PATCH] portal-stt: drop setup_tls_secret module (ClusterIP-only, no fullchain.pem) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The landed portal-stt source still declared the setup_tls_secret module + tls_secret_name variable, which file()-reads secrets/fullchain.pem — a file this stack does not ship. portal-stt is ClusterIP-only (no ingress; the Gateway is the sole externally-exposed component, ADR-0001), so it needs no TLS secret. The live deployment never had it (removed during the original apply); this aligns the source with reality so CI applies cleanly. Fixes the pipeline-229 portal-stt apply failure. Co-Authored-By: Claude Opus 4.8 --- stacks/portal-stt/main.tf | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/stacks/portal-stt/main.tf b/stacks/portal-stt/main.tf index 7c0e00bb..9d6ea38e 100644 --- a/stacks/portal-stt/main.tf +++ b/stacks/portal-stt/main.tf @@ -55,11 +55,6 @@ # pins tier-2-gpu precisely so chatterbox IS evicted first.) # ============================================================================= -variable "tls_secret_name" { - type = string - sensitive = true -} - variable "nfs_server" { type = string description = "NFS server (Proxmox host). From config.tfvars (192.168.1.127)." @@ -122,11 +117,10 @@ resource "kubernetes_namespace" "portal_stt" { } } -module "tls_secret" { - source = "../../modules/kubernetes/setup_tls_secret" - namespace = kubernetes_namespace.portal_stt.metadata[0].name - tls_secret_name = var.tls_secret_name -} +# portal-stt is ClusterIP-only (no ingress) — the Gateway is the sole +# externally-exposed component (ADR-0001), so there is NO TLS secret / no +# setup_tls_secret module here (it would demand secrets/fullchain.pem that this +# stack does not ship). # Model + HF cache on NFS-SSD (fast first-load, persists across restarts). Path # /srv/nfs-ssd/portal-stt on the Proxmox host (192.168.1.127). Mirrors the