Deploy WorldBuilder chrome standards image

apps/worldbuilder/worldbuilder.yaml

@@ -90,7 +90,7 @@ spec:
       containers:
         - name: web
           # Bump tag for each rebuild. Initial deploy: v202605062048
-          image: localhost/fc-worldbuilder:v20260613-e4-about-edd6efc
+          image: localhost/fc-worldbuilder:v20260620-chrome-94c6d42
           imagePullPolicy: Never
           ports:
             - containerPort: 8080
@@ -208,34 +208,6 @@ spec:
     - name: http
       port: 80
       targetPort: 8080
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: worldbuilder-web-tls
-  namespace: fc-worldbuilder
-  labels:
-    app.kubernetes.io/name: worldbuilder-web-tls
-    app.kubernetes.io/component: ingress
-    app.kubernetes.io/part-of: flowercore
-    app.kubernetes.io/managed-by: argocd
-    flowercore.io/tenant-id: system
-    flowercore.io/created-by: bluejay-infra
-spec:
-  secretName: worldbuilder-web-tls
-  issuerRef:
-    name: step-ca-acme
-    kind: ClusterIssuer
-  dnsNames:
-    - worldbuilder.iamworkin.lan
-  # step-ca ACME provisioner caps lifetime at 30d. Requesting 90d
-  # silently capped to 30d, making renewBefore 720h (30d) equal to the
-  # actual cert lifetime — triggered a perpetual renewal loop that
-  # generated 2365+ CertificateRequest objects in 18h. Match the working
-  # 720h/240h pattern used by every other FC service cert.
-  duration: 720h     # 30d (step-ca cap)
-  renewBefore: 240h  # 10d
----
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -257,8 +229,7 @@ spec:
       services:
         - name: worldbuilder-web
           port: 80
-  tls:
-    secretName: worldbuilder-web-tls
+  tls: {}
 # ---- PUBLIC HOST PRE-STAGING (DISABLED - Sprint 61+ exposure go-decision only) ----
 # When the operator decides to expose worldbuilder-web publicly, uncomment + update the host,
 # then verify the five safe-to-expose gates (authentik-safe-to-expose-readiness-2026-06-07.md section 2).