Add new infra architecture

infrastructure/environments/prod/k8s-manifests/prod-certificate.yaml

@@ -0,0 +1,48 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: bakery-ia-prod-tls-cert
+  namespace: bakery-ia
+spec:
+  # Let's Encrypt certificate for production
+  secretName: bakery-ia-prod-tls-cert
+
+  # Certificate duration and renewal
+  duration: 2160h # 90 days (Let's Encrypt default)
+  renewBefore: 360h # 15 days before expiry
+
+  # Subject configuration
+  subject:
+    organizations:
+      - Bakery IA
+
+  # Common name
+  commonName: bakewise.ai
+
+  # DNS names this certificate is valid for
+  dnsNames:
+    - bakewise.ai
+    - www.bakewise.ai
+    - mail.bakewise.ai
+    - monitoring.bakewise.ai
+    - gitea.bakewise.ai
+    - api.bakewise.ai
+
+  # Use Let's Encrypt production issuer
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+    group: cert-manager.io
+
+  # Private key configuration
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+
+  # Usages
+  usages:
+    - server auth
+    - client auth
+    - digital signature
+    - key encipherment