bakery-ia/infrastructure/environments/prod/k8s-manifests/prod-certificate.yaml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: bakery-ia-prod-tls-cert
  namespace: bakery-ia
spec:
  # Let's Encrypt certificate for production
  secretName: bakery-ia-prod-tls-cert

  # Certificate duration and renewal
  duration: 2160h # 90 days (Let's Encrypt default)
  renewBefore: 360h # 15 days before expiry

  # Subject configuration
  subject:
    organizations:
      - Bakery IA

  # Common name
  commonName: bakewise.ai

  # DNS names this certificate is valid for
  dnsNames:
    - bakewise.ai
    - www.bakewise.ai
    - mail.bakewise.ai
    - monitoring.bakewise.ai
    - gitea.bakewise.ai
    - api.bakewise.ai

  # Use Let's Encrypt production issuer
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
    group: cert-manager.io

  # Private key configuration
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048

  # Usages
  usages:
    - server auth
    - client auth
    - digital signature
    - key encipherment
Add new infra architecture 2026-01-19 11:55:17 +01:00			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: bakery-ia-prod-tls-cert`
			`namespace: bakery-ia`
			`spec:`
			`# Let's Encrypt certificate for production`
			`secretName: bakery-ia-prod-tls-cert`

			`# Certificate duration and renewal`
			`duration: 2160h # 90 days (Let's Encrypt default)`
			`renewBefore: 360h # 15 days before expiry`

			`# Subject configuration`
			`subject:`
			`organizations:`
			`- Bakery IA`

			`# Common name`
			`commonName: bakewise.ai`

			`# DNS names this certificate is valid for`
			`dnsNames:`
			`- bakewise.ai`
			`- www.bakewise.ai`
			`- mail.bakewise.ai`
			`- monitoring.bakewise.ai`
			`- gitea.bakewise.ai`
			`- api.bakewise.ai`

			`# Use Let's Encrypt production issuer`
			`issuerRef:`
			`name: letsencrypt-production`
			`kind: ClusterIssuer`
			`group: cert-manager.io`

			`# Private key configuration`
			`privateKey:`
			`algorithm: RSA`
			`encoding: PKCS1`
			`size: 2048`

			`# Usages`
			`usages:`
			`- server auth`
			`- client auth`
			`- digital signature`
			`- key encipherment`