bakery-ia/infrastructure/platform/cert-manager/ca-root-certificate.yaml

# Create a root CA certificate for local development
# NOTE: This certificate must be ready before the local-ca-issuer can be used
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: local-ca-cert
  namespace: cert-manager  # This ensures the secret is created in the cert-manager namespace
spec:
  isCA: true
  commonName: bakery-ia-local-ca
  subject:
    organizationalUnits:
      - "Bakery IA Local CA"
    organizations:
      - "Bakery IA"
    countries:
      - "US"
  secretName: local-ca-key-pair
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io
  duration: 8760h # 1 year
  renewBefore: 720h # 30 days
Add base kubernetes support final 2025-09-28 13:54:28 +02:00			`# Create a root CA certificate for local development`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`# NOTE: This certificate must be ready before the local-ca-issuer can be used`
Add base kubernetes support final 2025-09-28 13:54:28 +02:00			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: local-ca-cert`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`namespace: cert-manager # This ensures the secret is created in the cert-manager namespace`
Add base kubernetes support final 2025-09-28 13:54:28 +02:00			`spec:`
			`isCA: true`
			`commonName: bakery-ia-local-ca`
			`subject:`
			`organizationalUnits:`
			`- "Bakery IA Local CA"`
			`organizations:`
			`- "Bakery IA"`
			`countries:`
			`- "US"`
			`secretName: local-ca-key-pair`
			`privateKey:`
			`algorithm: ECDSA`
			`size: 256`
			`issuerRef:`
			`name: selfsigned-issuer`
			`kind: ClusterIssuer`
			`group: cert-manager.io`
			`duration: 8760h # 1 year`
			`renewBefore: 720h # 30 days`