portal-stt: drop setup_tls_secret module (ClusterIP-only, no fullchain.pem)

The landed portal-stt source still declared the setup_tls_secret module + tls_secret_name variable, which file()-reads secrets/fullchain.pem — a file this stack does not ship. portal-stt is ClusterIP-only (no ingress; the Gateway is the sole externally-exposed component, ADR-0001), so it needs no TLS secret. The live deployment never had it (removed during the original apply); this aligns the source with reality so CI applies cleanly. Fixes the pipeline-229 portal-stt apply failure. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-17 20:29:31 +00:00 · 2026-06-17 20:29:31 +00:00 · ab55cb5dcd
commit ab55cb5dcd
parent e7b9a74756
1 changed files with 4 additions and 10 deletions
--- a/stacks/portal-stt/main.tf
+++ b/stacks/portal-stt/main.tf
@ -55,11 +55,6 @@
 # pins tier-2-gpu precisely so chatterbox IS evicted first.)
 # =============================================================================

-variable "tls_secret_name" {
-  type      = string
-  sensitive = true
-}
-
 variable "nfs_server" {
  type        = string
  description = "NFS server (Proxmox host). From config.tfvars (192.168.1.127)."
@ -122,11 +117,10 @@ resource "kubernetes_namespace" "portal_stt" {
  }
 }

-module "tls_secret" {
-  source          = "../../modules/kubernetes/setup_tls_secret"
-  namespace       = kubernetes_namespace.portal_stt.metadata[0].name
-  tls_secret_name = var.tls_secret_name
-}
+# portal-stt is ClusterIP-only (no ingress) — the Gateway is the sole
+# externally-exposed component (ADR-0001), so there is NO TLS secret / no
+# setup_tls_secret module here (it would demand secrets/fullchain.pem that this
+# stack does not ship).

 # Model + HF cache on NFS-SSD (fast first-load, persists across restarts). Path
 # /srv/nfs-ssd/portal-stt on the Proxmox host (192.168.1.127). Mirrors the