Add new infra architecture

infrastructure/security/certificates/ca/ca-cert.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFyzCCA7OgAwIBAgIUPgOqNY+ZoKByQ1MfO8lkiGhOmxIwDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
+DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
+aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNTEwMTgxNDIyMTRaFw0zNTEw
+MTYxNDIyMTRaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUw
+EwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMREwDwYDVQQL
+DAhTZWN1cml0eTEUMBIGA1UEAwwLQmFrZXJ5SUEtQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDRD5O2egkYg9HNRR5SU0bLnGHjpv/RagrM7dhusaWn
+rfDF5VpTZ4s9/9sOEJ0NyjuoKXamouTwR1nw19FdH8f1eomcQ4eKw2HkxoxqR34t
+RDaAGz3bWO+raTQ4SyMK7XFMovUUiLl+GO23l1BNPfhzkcDkZ97m434f1QVo99tb
+hV4bILaoFIqf09M0E1/faB+JCR8Ykl7LoXguz3VR/BUnd0vMsTMWueD/2nVuUZO0
+0pUmTUBQ2Qd7657k/HWd/1wcEAL9dXNRbxhDNfGgc3WtQhggcpYLQafLa81tlxyc
+wDgN6PdElUlxgX/OuoZ1ylMZE7xpsMtpn1AweodVbm3Qp5A1ydybE61u1urYz1Lt
+WNZ9eOfAqewiYQHVZWMC4a4Sa+2yM6q5PX/4g+TbITh8hZJwXPK5EDig7vF14JPl
+lERNpwia3n6a0P703HPN6rkQO5kVTdiUsfibMtcUJHLyWWQARBmyeVfkICaaeYEl
+ELkswa9NVESKvQaHKSiHZFhEI0aAvcpAjm1EOhEa+hSRhOoFyUOvG+cMOfcBSmL0
+UmlD/lfanTT0zk5aqspEkXGeBw31rmZ/0AZOjV2ppRxWWekzo9Bf7g6eLTY4UCC5
+MyPtzmx9TbXrNAnXhiF6Lg5h28R42GTe5Ad6THkF9S/Khq8u0dY5SA2GUF1EbQO8
+KwIDAQABo1MwUTAdBgNVHQ4EFgQUA+6q/kc8fTQU1EDqzGRfKQpq6m0wHwYDVR0j
+BBgwFoAUA+6q/kc8fTQU1EDqzGRfKQpq6m0wDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAQuvFh2+HQFy8VTcUgalEViayt1zQGv4rISmiq3G6IeXP
+XS4gwqHkFzTwZvmohTwmOCwW/xF4KgxmFbyWNrEJJEqcbedqUWV/0BCaFmJvUddI
++ex/iD3Febu8AFI+J8lBH/CenDiSLHhgyseY8uwRnXsshX5RnDirF1uKr1J635an
+GlyFINUrnQlguEvtr0enGUlzT5rWj4y0AWUdbXi8vRsjWoQ8Ja0BxTrYYh/kO/FI
+PtqX7wsxoJMDEQ71zhwa7WLQc2dfb2rAr1uBh3qNwiVBINB+t3JFv72xqsWgurIB
+If2soRTI2nMe5gTG1Dfd+V24jfa/yIgAsMjCzmGQK20vobX4sAVnmPVbZg9SLFZi
+Midkn9O9U68MEOe3Iascld7fp5Jk+HrbJU6/s16EER/AgD3Ooj3wRgjTCS+ADD+j
+xo2O8VX2kPo03AN+iYa3nJmlMFzCrzT+8ZxSnP5FqGg2ECEbqqA0B/5naVpmdYaV
+41oFLswcFm2iqGawbsLN9x3tvICuE93HYk1j72PzXaiSLtpvamH1dRYC+HUM1L0O
+49CNMYJeL/NlyQuZJm2X0qDNSXmRML8HU9sOwWX6pPPJOzuqtgdx/+lkGAd2wZJU
+IVbmL6Qvzdbta/cSVwsLtBzG48a1b4KBc7WLHTwbrdBRTg0TkLY4kvCZe5nNl4E=
+-----END CERTIFICATE-----

infrastructure/security/certificates/ca/ca-cert.srl

@@ -0,0 +1 @@
+1BE074336AF19EA8C676D7E8D0185EBCA0B1D203

infrastructure/security/certificates/ca/ca-key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDRD5O2egkYg9HN
+RR5SU0bLnGHjpv/RagrM7dhusaWnrfDF5VpTZ4s9/9sOEJ0NyjuoKXamouTwR1nw
+19FdH8f1eomcQ4eKw2HkxoxqR34tRDaAGz3bWO+raTQ4SyMK7XFMovUUiLl+GO23
+l1BNPfhzkcDkZ97m434f1QVo99tbhV4bILaoFIqf09M0E1/faB+JCR8Ykl7LoXgu
+z3VR/BUnd0vMsTMWueD/2nVuUZO00pUmTUBQ2Qd7657k/HWd/1wcEAL9dXNRbxhD
+NfGgc3WtQhggcpYLQafLa81tlxycwDgN6PdElUlxgX/OuoZ1ylMZE7xpsMtpn1Aw
+eodVbm3Qp5A1ydybE61u1urYz1LtWNZ9eOfAqewiYQHVZWMC4a4Sa+2yM6q5PX/4
+g+TbITh8hZJwXPK5EDig7vF14JPllERNpwia3n6a0P703HPN6rkQO5kVTdiUsfib
+MtcUJHLyWWQARBmyeVfkICaaeYElELkswa9NVESKvQaHKSiHZFhEI0aAvcpAjm1E
+OhEa+hSRhOoFyUOvG+cMOfcBSmL0UmlD/lfanTT0zk5aqspEkXGeBw31rmZ/0AZO
+jV2ppRxWWekzo9Bf7g6eLTY4UCC5MyPtzmx9TbXrNAnXhiF6Lg5h28R42GTe5Ad6
+THkF9S/Khq8u0dY5SA2GUF1EbQO8KwIDAQABAoICABaHUt1U1KAYrHDYuZtuL/CH
+H0wKAK1Pe8R4/lwctq5AIfR2x79kfBkn9jIo0NPd7tnV8LGlAijGd5xq6rvZ+JFX
+2CEdFyvOluuxXbZM5/2hc9dlmB/dZfkXHYfSHlTyIMXSaw4AbITN05LM3TFwXn1j
+FTdH3jm2sC5mpUOaL2rzD0tlwL6SIBzNwIfEbWNvdAkvZh4ev9UPxxoRmcybmVKn
+GhBVKXKR1fucTg/0/dwm3pMXELmQTwHSnU0ty3rwPBEmGecNqL9QynuLrPMjyL2X
++W5IYCpBs/70KgSyRmS57hB0V25uQVDYVK6GuTCo/JV05AE7tQqNHstqmM+Nq+BL
+ZufWkjBYI2dYH0/3e+Bm9yRypQljiDsmzuvfFgXWTXG8H1erITOZCv+9leT5OwHE
+qIWRmWtgDJ5bggUC/nUVHsIxIx6chCJ8Shuxv/X+Oj5qhmL3QvXZvykDUvhiRJ33
+goS127MfYjJoPbXeGEHMACS5z0qRuRKR474DsDljQW6QGlKDPNJjm5lh0FwV0d7P
+Kg+J9HqX1p0blCULOZMQWddCRSIqD7W9BpDW9aUsjF4XftH9DonM8lXbV0h0edkQ
+HDYL/Cf+TaCBHjw/PLtnGdLpx4Em8WTaYM9KohTNCr6DUDQ0Lwjhr0pUrDRs4urD
+786SDeXL5G3b3PVYFj8xAoIBAQDzafuco8i2J1DZtr9M1denb3YtLgpAPKIPDyux
+0sjJ7KJI8nkq1anZLWH8Bb+gtk9sFpLxD8mGgHemjjsbrhlmIOeIRnwWyqYXCNQV
+sr6P/h5Jg7F/fK2fwV3z0QyFT88Pl/WxaYEk1tExiibAN2hg0ad5CRVKpvJLy11U
+uX5iO8wSSigHyNH7i6wvNISDUjrRzLta5dyLmTup4wVtcWIeksswixWIICgnosZi
+xQ15SiVwnYNl3Or3GkTLVZ6xPRyf/nrsiwsAvbkpv56VUq3DKP+ZotI+TfpZ5n9v
+R/iLrYRdGqvCvQJdZRyUkASWqkbs44MIeERHVKO6WfznptMZAoIBAQDb3t5/poBJ
+WshTmLLQB7c8GBzAKaWrZNpDfn9jDAG5+F2OilPzO5ffCfQdmo2Vgl6aaOYOaeob
+m7pCuzLB9/rDUbzOd+RieD4Hq0mJfo2T00r+JkB59nZ4JYW51aX+0lGre0umWz0Y
+hnhy2qBp0H1BNxvA6/KSk3KD+PDLi05uYV9G7Yjmv3X6IT80yVr/XqsY6tsAkZcB
++/qzb301gDYMj05HvPlPQLdDCS2YE3faAR72OTKyEwqdG1mHXSyQWKzXY6EWNfN2
+QMJCpFtzEc5y9/INBRs7x1rKfancusON1G4QekjY+ppGCG37uVvnJ4ixZZnDkw38
+WiPiJD79IZXjAoIBAD/rovFdaUW8SVUC0nWg6kLD2GrA3lxED+KYf0bxLV0pUOyL
+EBqZhULM0iBWeh4AAhdGTkwTcz5o2gLY8tiv/Wd+WI7Gw6tQiBEgdmFEURqLBvUT
+KjdqTEXZh4yRZxJTBPL5WsG+DPXZm5HAz7BGXJigNbRpGDhEYvhYbSfkljXBsjNT
+WfPBXrMJ2KuExQ+fNmcFtmWGW0YldS+FuFUnIzcYIVecDolyuFjAPAyP5pvlRrOu
+CWVkgCdntI0Y7NVqUOwK7cjUMo19RPSbp09bKNpJF+YGheNqosWc6/YTFkfHxyyT
+5mr7K3XPKZQxxaKzEHEAxdYhjvyUU3KKUwmaG3ECggEBAJPcYFMF/NXX6EpXsUC3
+P6F5MbSFDXWiwCmNo0tPosWW4gveuLAlTm/e+L0D191IrCg5DSV6Usa4Rl1kGLFa
++9doW4maFQung0eTCEQfyEQ2XwNlZAzhEzCfQzwDEru4YtXod6prRz38CHpszl36
+qJE350EpK5so72US/5RSna8baoB/c4aCEWvh+eic1MZRusxp/Fd4kU3zT9hlzJUz
+IKX3pZQW4K5MfjHltTTFOt9vy4uYUaBxr7yRzPZ8UWDNUYcT6BvQsma/DCTW9O0A
+d47XcX8SBQuBeGwecCIRszrpNg98vQq2FROtzZDwSX69Fm7+PZbJiSlA0UreR0Hh
+2TMCggEAREXvWcBV0NR1hRigoh3WAokM34XskBfrEv+U3/VmJF63CN/YPSgXu+Fc
+qRWhPS1tv4cD2X2ePWm4UCiArI25tlNpHacFmLYbhg4Dvug8stoIEyssGzXSparO
+cRpis0xtStBN4vJ9zIIHyRvbCqbOPlZ39EjKuLunvmvVOvr7ytg7GlwFwQr2/i6x
+DEyP+1VwRkpiJIsEblEwZhJSboObp0OCCND/Zr8tvO/y0oenN7DVWJQ9ZpBMxCqG
+B9wtdGt6LGZXKobZXrFKHty7BeaqcdbS9DCs7pM2Lraoqg73PFfqjqZ9FrVpLO22
+bIhGuCSGodEUpQSPEziZ2cyPSczDrw==
+-----END PRIVATE KEY-----

infrastructure/security/certificates/generate-certificates.sh

@@ -0,0 +1,204 @@
+#!/usr/bin/env bash
+
+# Generate TLS certificates for PostgreSQL and Redis
+# Self-signed certificates for internal cluster use
+
+set -e
+
+TLS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CA_DIR="$TLS_DIR/ca"
+POSTGRES_DIR="$TLS_DIR/postgres"
+REDIS_DIR="$TLS_DIR/redis"
+
+echo "Generating TLS certificates for Bakery IA..."
+echo "Directory: $TLS_DIR"
+echo ""
+
+# Clean up old certificates
+echo "Cleaning up old certificates..."
+rm -rf "$CA_DIR"/* "$POSTGRES_DIR"/* "$REDIS_DIR"/* 2>/dev/null || true
+
+# =====================================
+# 1. Generate Certificate Authority (CA)
+# =====================================
+
+echo "Step 1: Generating Certificate Authority (CA)..."
+
+# Generate CA private key
+openssl genrsa -out "$CA_DIR/ca-key.pem" 4096
+
+# Generate CA certificate (valid for 10 years)
+openssl req -new -x509 -days 3650 -key "$CA_DIR/ca-key.pem" -out "$CA_DIR/ca-cert.pem" \
+  -subj "/C=US/ST=California/L=SanFrancisco/O=BakeryIA/OU=Security/CN=BakeryIA-CA"
+
+echo "✓ CA certificate generated"
+echo ""
+
+# =====================================
+# 2. Generate PostgreSQL Server Certificates
+# =====================================
+
+echo "Step 2: Generating PostgreSQL server certificates..."
+
+# Generate PostgreSQL server private key
+openssl genrsa -out "$POSTGRES_DIR/server-key.pem" 4096
+
+# Create certificate signing request (CSR)
+openssl req -new -key "$POSTGRES_DIR/server-key.pem" -out "$POSTGRES_DIR/server.csr" \
+  -subj "/C=US/ST=California/L=SanFrancisco/O=BakeryIA/OU=Database/CN=*.bakery-ia.svc.cluster.local"
+
+# Create SAN (Subject Alternative Names) configuration
+cat > "$POSTGRES_DIR/san.cnf" <<EOF
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US
+ST = California
+L = SanFrancisco
+O = BakeryIA
+OU = Database
+CN = *.bakery-ia.svc.cluster.local
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.bakery-ia.svc.cluster.local
+DNS.2 = *.bakery-ia
+DNS.3 = auth-db-service
+DNS.4 = tenant-db-service
+DNS.5 = training-db-service
+DNS.6 = forecasting-db-service
+DNS.7 = sales-db-service
+DNS.8 = external-db-service
+DNS.9 = notification-db-service
+DNS.10 = inventory-db-service
+DNS.11 = recipes-db-service
+DNS.12 = suppliers-db-service
+DNS.13 = pos-db-service
+DNS.14 = orders-db-service
+DNS.15 = production-db-service
+DNS.16 = alert-processor-db-service
+DNS.17 = localhost
+IP.1 = 127.0.0.1
+EOF
+
+# Sign the certificate with CA (valid for 3 years)
+openssl x509 -req -in "$POSTGRES_DIR/server.csr" \
+  -CA "$CA_DIR/ca-cert.pem" -CAkey "$CA_DIR/ca-key.pem" -CAcreateserial \
+  -out "$POSTGRES_DIR/server-cert.pem" -days 1095 \
+  -extensions v3_req -extfile "$POSTGRES_DIR/san.cnf"
+
+# PostgreSQL requires specific permissions on key file
+chmod 600 "$POSTGRES_DIR/server-key.pem"
+chmod 644 "$POSTGRES_DIR/server-cert.pem"
+
+# Copy CA cert for PostgreSQL clients
+cp "$CA_DIR/ca-cert.pem" "$POSTGRES_DIR/ca-cert.pem"
+
+echo "✓ PostgreSQL certificates generated"
+echo ""
+
+# =====================================
+# 3. Generate Redis Server Certificates
+# =====================================
+
+echo "Step 3: Generating Redis server certificates..."
+
+# Generate Redis server private key
+openssl genrsa -out "$REDIS_DIR/redis-key.pem" 4096
+
+# Create certificate signing request (CSR)
+openssl req -new -key "$REDIS_DIR/redis-key.pem" -out "$REDIS_DIR/redis.csr" \
+  -subj "/C=US/ST=California/L=SanFrancisco/O=BakeryIA/OU=Cache/CN=redis-service.bakery-ia.svc.cluster.local"
+
+# Create SAN configuration for Redis
+cat > "$REDIS_DIR/san.cnf" <<EOF
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US
+ST = California
+L = SanFrancisco
+O = BakeryIA
+OU = Cache
+CN = redis-service.bakery-ia.svc.cluster.local
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = redis-service.bakery-ia.svc.cluster.local
+DNS.2 = redis-service.bakery-ia
+DNS.3 = redis-service
+DNS.4 = localhost
+IP.1 = 127.0.0.1
+EOF
+
+# Sign the certificate with CA (valid for 3 years)
+openssl x509 -req -in "$REDIS_DIR/redis.csr" \
+  -CA "$CA_DIR/ca-cert.pem" -CAkey "$CA_DIR/ca-key.pem" -CAcreateserial \
+  -out "$REDIS_DIR/redis-cert.pem" -days 1095 \
+  -extensions v3_req -extfile "$REDIS_DIR/san.cnf"
+
+# Redis requires specific permissions
+chmod 600 "$REDIS_DIR/redis-key.pem"
+chmod 644 "$REDIS_DIR/redis-cert.pem"
+
+# Copy CA cert for Redis clients
+cp "$CA_DIR/ca-cert.pem" "$REDIS_DIR/ca-cert.pem"
+
+echo "✓ Redis certificates generated"
+echo ""
+
+# =====================================
+# 4. Verify Certificates
+# =====================================
+
+echo "Step 4: Verifying certificates..."
+
+# Verify PostgreSQL certificate
+echo "PostgreSQL certificate details:"
+openssl x509 -in "$POSTGRES_DIR/server-cert.pem" -noout -subject -issuer -dates
+openssl verify -CAfile "$CA_DIR/ca-cert.pem" "$POSTGRES_DIR/server-cert.pem"
+
+echo ""
+echo "Redis certificate details:"
+openssl x509 -in "$REDIS_DIR/redis-cert.pem" -noout -subject -issuer -dates
+openssl verify -CAfile "$CA_DIR/ca-cert.pem" "$REDIS_DIR/redis-cert.pem"
+
+echo ""
+echo "===================="
+echo "✓ All certificates generated successfully!"
+echo ""
+echo "Generated files:"
+echo "  CA:"
+echo "    - $CA_DIR/ca-cert.pem (Certificate Authority certificate)"
+echo "    - $CA_DIR/ca-key.pem (CA private key - keep secure!)"
+echo ""
+echo "  PostgreSQL:"
+echo "    - $POSTGRES_DIR/server-cert.pem (Server certificate)"
+echo "    - $POSTGRES_DIR/server-key.pem (Server private key)"
+echo "    - $POSTGRES_DIR/ca-cert.pem (CA certificate for clients)"
+echo ""
+echo "  Redis:"
+echo "    - $REDIS_DIR/redis-cert.pem (Server certificate)"
+echo "    - $REDIS_DIR/redis-key.pem (Server private key)"
+echo "    - $REDIS_DIR/ca-cert.pem (CA certificate for clients)"
+echo ""
+echo "Certificate validity: 3 years"
+echo "Next steps:"
+echo "  1. Create Kubernetes secrets from these certificates"
+echo "  2. Mount secrets in database pods"
+echo "  3. Configure PostgreSQL and Redis to use TLS"
+echo "  4. Update client connection strings to require SSL"

infrastructure/security/certificates/generate-minio-certificates.sh

@@ -0,0 +1,111 @@
+#!/usr/bin/env bash
+
+# Generate MinIO TLS certificates using existing CA
+# This script generates certificates for MinIO server
+
+set -e
+
+TLS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CA_DIR="$TLS_DIR/ca"
+MINIO_DIR="$TLS_DIR/minio"
+
+mkdir -p "$MINIO_DIR"
+
+echo "Generating MinIO TLS certificates using existing CA..."
+echo "CA Directory: $CA_DIR"
+echo "MinIO Directory: $MINIO_DIR"
+echo ""
+
+# Check if CA exists
+if [ ! -f "$CA_DIR/ca-cert.pem" ] || [ ! -f "$CA_DIR/ca-key.pem" ]; then
+    echo "ERROR: CA certificates not found. Please run generate-certificates.sh first."
+    exit 1
+fi
+
+# Generate MinIO server private key
+echo "Step 1: Generating MinIO server private key..."
+openssl genrsa -out "$MINIO_DIR/minio-key.pem" 4096
+
+# Convert to traditional RSA format (required by MinIO)
+echo "Step 1b: Converting private key to traditional RSA format..."
+openssl rsa -in "$MINIO_DIR/minio-key.pem" -traditional -out "$MINIO_DIR/minio-key.pem"
+
+# Create certificate signing request (CSR)
+echo "Step 2: Creating MinIO certificate signing request..."
+openssl req -new -key "$MINIO_DIR/minio-key.pem" -out "$MINIO_DIR/minio.csr" \
+  -subj "/C=US/ST=California/L=SanFrancisco/O=BakeryIA/OU=Storage/CN=minio.bakery-ia.svc.cluster.local"
+
+# Create SAN (Subject Alternative Names) configuration for MinIO
+cat > "$MINIO_DIR/san.cnf" <<EOF
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US
+ST = California
+L = SanFrancisco
+O = BakeryIA
+OU = Storage
+CN = minio.bakery-ia.svc.cluster.local
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = minio.bakery-ia.svc.cluster.local
+DNS.2 = minio.bakery-ia
+DNS.3 = minio-console.bakery-ia.svc.cluster.local
+DNS.4 = minio-console.bakery-ia
+DNS.5 = minio
+DNS.6 = minio-console
+DNS.7 = localhost
+IP.1 = 127.0.0.1
+EOF
+
+# Sign the certificate with CA (valid for 3 years)
+echo "Step 3: Signing MinIO certificate with CA..."
+openssl x509 -req -in "$MINIO_DIR/minio.csr" \
+  -CA "$CA_DIR/ca-cert.pem" -CAkey "$CA_DIR/ca-key.pem" -CAcreateserial \
+  -out "$MINIO_DIR/minio-cert.pem" -days 1095 \
+  -extensions v3_req -extfile "$MINIO_DIR/san.cnf"
+
+# Set proper permissions
+chmod 600 "$MINIO_DIR/minio-key.pem"
+chmod 644 "$MINIO_DIR/minio-cert.pem"
+
+# Copy CA cert for MinIO
+cp "$CA_DIR/ca-cert.pem" "$MINIO_DIR/ca-cert.pem"
+
+echo ""
+echo "Step 4: Verifying MinIO certificates..."
+
+# Verify MinIO certificate
+echo "MinIO certificate details:"
+openssl x509 -in "$MINIO_DIR/minio-cert.pem" -noout -subject -issuer -dates
+openssl verify -CAfile "$CA_DIR/ca-cert.pem" "$MINIO_DIR/minio-cert.pem"
+
+echo ""
+echo "==================="
+echo "✓ MinIO certificates generated successfully!"
+echo ""
+echo "Generated files:"
+echo "  MinIO:"
+echo "    - $MINIO_DIR/minio-cert.pem (Server certificate)"
+echo "    - $MINIO_DIR/minio-key.pem (Server private key - traditional RSA format)"
+echo "    - $MINIO_DIR/ca-cert.pem (CA certificate)"
+echo ""
+echo "Important Notes:"
+echo "  • Private key is in traditional RSA format (BEGIN RSA PRIVATE KEY)"
+echo "  • This format is required by MinIO to avoid 'The private key contains additional data' error"
+echo "  • Certificates follow the standardized Opaque secret structure"
+echo ""
+echo "Next steps:"
+echo "  1. Update Kubernetes minio-tls secret with these certificates"
+echo "  2. Apply the updated secret to your cluster"
+echo "  3. Restart MinIO pods if necessary"
+echo ""
+echo "For more details, see: docs/MINIO_TLS_FIX_SUMMARY.md"

infrastructure/security/certificates/mailu/ca-cert.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFyzCCA7OgAwIBAgIUPgOqNY+ZoKByQ1MfO8lkiGhOmxIwDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
+DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
+aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNTEwMTgxNDIyMTRaFw0zNTEw
+MTYxNDIyMTRaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUw
+EwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMREwDwYDVQQL
+DAhTZWN1cml0eTEUMBIGA1UEAwwLQmFrZXJ5SUEtQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDRD5O2egkYg9HNRR5SU0bLnGHjpv/RagrM7dhusaWn
+rfDF5VpTZ4s9/9sOEJ0NyjuoKXamouTwR1nw19FdH8f1eomcQ4eKw2HkxoxqR34t
+RDaAGz3bWO+raTQ4SyMK7XFMovUUiLl+GO23l1BNPfhzkcDkZ97m434f1QVo99tb
+hV4bILaoFIqf09M0E1/faB+JCR8Ykl7LoXguz3VR/BUnd0vMsTMWueD/2nVuUZO0
+0pUmTUBQ2Qd7657k/HWd/1wcEAL9dXNRbxhDNfGgc3WtQhggcpYLQafLa81tlxyc
+wDgN6PdElUlxgX/OuoZ1ylMZE7xpsMtpn1AweodVbm3Qp5A1ydybE61u1urYz1Lt
+WNZ9eOfAqewiYQHVZWMC4a4Sa+2yM6q5PX/4g+TbITh8hZJwXPK5EDig7vF14JPl
+lERNpwia3n6a0P703HPN6rkQO5kVTdiUsfibMtcUJHLyWWQARBmyeVfkICaaeYEl
+ELkswa9NVESKvQaHKSiHZFhEI0aAvcpAjm1EOhEa+hSRhOoFyUOvG+cMOfcBSmL0
+UmlD/lfanTT0zk5aqspEkXGeBw31rmZ/0AZOjV2ppRxWWekzo9Bf7g6eLTY4UCC5
+MyPtzmx9TbXrNAnXhiF6Lg5h28R42GTe5Ad6THkF9S/Khq8u0dY5SA2GUF1EbQO8
+KwIDAQABo1MwUTAdBgNVHQ4EFgQUA+6q/kc8fTQU1EDqzGRfKQpq6m0wHwYDVR0j
+BBgwFoAUA+6q/kc8fTQU1EDqzGRfKQpq6m0wDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAQuvFh2+HQFy8VTcUgalEViayt1zQGv4rISmiq3G6IeXP
+XS4gwqHkFzTwZvmohTwmOCwW/xF4KgxmFbyWNrEJJEqcbedqUWV/0BCaFmJvUddI
++ex/iD3Febu8AFI+J8lBH/CenDiSLHhgyseY8uwRnXsshX5RnDirF1uKr1J635an
+GlyFINUrnQlguEvtr0enGUlzT5rWj4y0AWUdbXi8vRsjWoQ8Ja0BxTrYYh/kO/FI
+PtqX7wsxoJMDEQ71zhwa7WLQc2dfb2rAr1uBh3qNwiVBINB+t3JFv72xqsWgurIB
+If2soRTI2nMe5gTG1Dfd+V24jfa/yIgAsMjCzmGQK20vobX4sAVnmPVbZg9SLFZi
+Midkn9O9U68MEOe3Iascld7fp5Jk+HrbJU6/s16EER/AgD3Ooj3wRgjTCS+ADD+j
+xo2O8VX2kPo03AN+iYa3nJmlMFzCrzT+8ZxSnP5FqGg2ECEbqqA0B/5naVpmdYaV
+41oFLswcFm2iqGawbsLN9x3tvICuE93HYk1j72PzXaiSLtpvamH1dRYC+HUM1L0O
+49CNMYJeL/NlyQuZJm2X0qDNSXmRML8HU9sOwWX6pPPJOzuqtgdx/+lkGAd2wZJU
+IVbmL6Qvzdbta/cSVwsLtBzG48a1b4KBc7WLHTwbrdBRTg0TkLY4kvCZe5nNl4E=
+-----END CERTIFICATE-----

infrastructure/security/certificates/mailu/generate-mailu-certificates.sh

@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+
+# Generate TLS certificates for Mailu mail server
+# Uses the shared CA from the infrastructure
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CA_DIR="$SCRIPT_DIR/../ca"
+MAILU_DIR="$SCRIPT_DIR"
+
+echo "Generating TLS certificates for Mailu..."
+echo "Directory: $MAILU_DIR"
+echo ""
+
+# Check if CA exists
+if [ ! -f "$CA_DIR/ca-cert.pem" ] || [ ! -f "$CA_DIR/ca-key.pem" ]; then
+    echo "ERROR: CA certificates not found. Please run generate-certificates.sh first."
+    exit 1
+fi
+
+# Clean up old certificates
+echo "Cleaning up old certificates..."
+rm -f "$MAILU_DIR/mailu-cert.pem" "$MAILU_DIR/mailu-key.pem" "$MAILU_DIR/mailu.csr" 2>/dev/null || true
+
+# =====================================
+# Generate Mailu Server Certificates
+# =====================================
+
+echo "Generating Mailu server certificates..."
+
+# Generate Mailu server private key
+openssl genrsa -out "$MAILU_DIR/mailu-key.pem" 4096
+
+# Create certificate signing request (CSR)
+openssl req -new -key "$MAILU_DIR/mailu-key.pem" -out "$MAILU_DIR/mailu.csr" \
+  -subj "/C=US/ST=California/L=SanFrancisco/O=BakeryIA/OU=Mail/CN=mail.bakewise.ai"
+
+# Create SAN configuration for Mailu
+cat > "$MAILU_DIR/san.cnf" <<EOF
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US
+ST = California
+L = SanFrancisco
+O = BakeryIA
+OU = Mail
+CN = mail.bakewise.ai
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment, digitalSignature
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = mail.bakewise.ai
+DNS.2 = mailu-front.bakery-ia.svc.cluster.local
+DNS.3 = mailu-front.bakery-ia
+DNS.4 = mailu-front
+DNS.5 = localhost
+DNS.6 = *.bakewise.ai
+IP.1 = 127.0.0.1
+EOF
+
+# Sign the certificate with CA (valid for 3 years)
+openssl x509 -req -in "$MAILU_DIR/mailu.csr" \
+  -CA "$CA_DIR/ca-cert.pem" -CAkey "$CA_DIR/ca-key.pem" -CAcreateserial \
+  -out "$MAILU_DIR/mailu-cert.pem" -days 1095 \
+  -extensions v3_req -extfile "$MAILU_DIR/san.cnf"
+
+# Set proper permissions
+chmod 600 "$MAILU_DIR/mailu-key.pem"
+chmod 644 "$MAILU_DIR/mailu-cert.pem"
+
+# Copy CA cert for Mailu clients
+cp "$CA_DIR/ca-cert.pem" "$MAILU_DIR/ca-cert.pem"
+
+echo "✓ Mailu certificates generated"
+echo ""
+
+# =====================================
+# Verify Certificates
+# =====================================
+
+echo "Verifying certificates..."
+echo "Mailu certificate details:"
+openssl x509 -in "$MAILU_DIR/mailu-cert.pem" -noout -subject -issuer -dates
+openssl verify -CAfile "$CA_DIR/ca-cert.pem" "$MAILU_DIR/mailu-cert.pem"
+
+echo ""
+echo "===================="
+echo "✓ Mailu certificates generated successfully!"
+echo ""
+echo "Generated files:"
+echo "  - $MAILU_DIR/mailu-cert.pem (Server certificate)"
+echo "  - $MAILU_DIR/mailu-key.pem (Server private key)"
+echo "  - $MAILU_DIR/ca-cert.pem (CA certificate for clients)"
+echo ""
+echo "Next steps:"
+echo "  1. Create Kubernetes secret: mailu-tls-secret"
+echo "  2. Mount in mailu-front deployment"
+echo ""

infrastructure/security/certificates/mailu/mailu-cert.pem

@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGdTCCBF2gAwIBAgIUG+B0M2rxnqjGdtfo0BhevKCx0gMwDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
+DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
+aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNjAxMTgyMTIyMjlaFw0yOTAx
+MTcyMTIyMjlaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUw
+EwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMQ0wCwYDVQQL
+DARNYWlsMRkwFwYDVQQDDBBtYWlsLmJha2V3aXNlLmFpMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAzuglDn8gI8RymbJhZ0sCAX5SsWjc7WfOK7XF4VH/
+vz3aT4dS49t2qNemMVMHuDS0C4PpkIMh+TlCQYTGFmaufNVBwLrs/bzShy4c+jRL
+PDDOEoBLNrfLZfDP3AK/7EDRZZ3DyOaioImMdXLRlC1UbhPWZdVm4cgrfGwrcOC5
+ujoLsxAFic3GQoMx2Rdqgf/a+12WxZ8u5kv1g1cgeoDNbH4vpyVqsNu3FRTsDcM/
+ifW2uMCeGhcI/3FJs6JYT7qCgQosp9kKQUomQBa3Byh/j5a3K/+CbAUEM1JIxmYg
+S/xZN/OGiex4K/yN6WA7MAH731sdC+jfb1FCtJcFZh1ZrukAqmo5f5WmxzKQkO3K
+ROXfPnEKtG2Pow2o9YyfkDu8YqXApD1gOc2AChOOxKSqGrxAXIDPYn7IclY/CWtv
+h1oP/8fyGIqIskDvEJtkX1DW14I9KU1zSThKbbTrXptbLD5YMCly/SfyCoX7sKPJ
+YhfZw8gYLfZb28ee21g4HffY3G1skJPUGHSF5c6rs9pPpJFb0Mt5QL1Pob2j8QCE
+QbXq5UTIQcNw/fO3FzSRST9TXUbn6KDB2dZnjq7pPHMzuGSclng0XNxJrAA+/yme
+jo+zuZ/dw6i/qMJWcCKQWbwSZmTMXm/Rr5b1xfqvzRWYKm1m9ZEkoLRcAeyh2vQx
+kYMCAwEAAaOB+zCB+DALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
+CCsGAQUFBwMCMIGJBgNVHREEgYEwf4IQbWFpbC5iYWtld2lzZS5haYInbWFpbHUt
+ZnJvbnQuYmFrZXJ5LWlhLnN2Yy5jbHVzdGVyLmxvY2FsghVtYWlsdS1mcm9udC5i
+YWtlcnktaWGCC21haWx1LWZyb250gglsb2NhbGhvc3SCDSouYmFrZXdpc2UuYWmH
+BH8AAAEwHQYDVR0OBBYEFBF8hOzbjYU6JYPQm4rvL8hDuan7MB8GA1UdIwQYMBaA
+FAPuqv5HPH00FNRA6sxkXykKauptMA0GCSqGSIb3DQEBCwUAA4ICAQB/nfYeoTDU
+HAxgJZyqTC1WrIj1g22QiVuwYS9mUvzKJ/mJGG4lFRAGWw5Ye6sTL26Sqk1AlAbF
+bCp0PhfGB45WKlZDYXMt8OrZ+WMX+0q0oGOpUT6m7oH/GwwDWUgUxItoWjtWzOKW
+y3SKhUsKncbRc0bCQhzJam9hAy49kTaaQfgt7lgCkP02npaEm6uDe7iKb1BQBm5c
+lYz6Hao0i83Cq4XrqZ//7TJIGUXm4Y2Ep0poT1J3D8OUsjvEi2kwdTf/9yiZcC47
+ZdYQffn0s1gVdBYHq/B8VA5NkCv2Mr2XE9OqSb3p8QO7BZNdvZkMEBvR3WJkwo8K
+jQizu7ztwzsyrUPSNWzCVFVyeoJapM/5F+TibBGhc6q3FY+emeTu1sA0sU8fDAcw
+9caTcU7cuPKCrkdk1Do1rwdgn9wFxiliQSLR6jJ3bKvVNGItPRkQ3TvHK9j1bqWr
+K7Qf4KOKVUCiZaEPhM0AZfYc0ZDV9uJJxMzgR8dgsprqnFnKJrkta5Fn9pd0Rwir
+YUPjD8izUuLK0/1cbYJ9gOI/W4kRRloXz0MR1jgycFUxR10dQtbyTT5htsf0RRbx
+My1XkqlKx02StFxn4gG0TVrjSMugCbBo7WCn8KlUk3QS/mnRSV4lOoMPE6QUhJYL
+x/seKYop9/9ORM2aBneXVQqkckmXJYYaCQ==
+-----END CERTIFICATE-----

infrastructure/security/certificates/mailu/mailu-key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDO6CUOfyAjxHKZ
+smFnSwIBflKxaNztZ84rtcXhUf+/PdpPh1Lj23ao16YxUwe4NLQLg+mQgyH5OUJB
+hMYWZq581UHAuuz9vNKHLhz6NEs8MM4SgEs2t8tl8M/cAr/sQNFlncPI5qKgiYx1
+ctGULVRuE9Zl1WbhyCt8bCtw4Lm6OguzEAWJzcZCgzHZF2qB/9r7XZbFny7mS/WD
+VyB6gM1sfi+nJWqw27cVFOwNwz+J9ba4wJ4aFwj/cUmzolhPuoKBCiyn2QpBSiZA
+FrcHKH+Plrcr/4JsBQQzUkjGZiBL/Fk384aJ7Hgr/I3pYDswAfvfWx0L6N9vUUK0
+lwVmHVmu6QCqajl/labHMpCQ7cpE5d8+cQq0bY+jDaj1jJ+QO7xipcCkPWA5zYAK
+E47EpKoavEBcgM9ifshyVj8Ja2+HWg//x/IYioiyQO8Qm2RfUNbXgj0pTXNJOEpt
+tOtem1ssPlgwKXL9J/IKhfuwo8liF9nDyBgt9lvbx57bWDgd99jcbWyQk9QYdIXl
+zquz2k+kkVvQy3lAvU+hvaPxAIRBterlRMhBw3D987cXNJFJP1NdRufooMHZ1meO
+ruk8czO4ZJyWeDRc3EmsAD7/KZ6Oj7O5n93DqL+owlZwIpBZvBJmZMxeb9GvlvXF
++q/NFZgqbWb1kSSgtFwB7KHa9DGRgwIDAQABAoICAAlY3MOzjoTPInY7DsIXK2IH
+OOkhhEmH/6e4hdX7Wa25Yka8JaHRj6IVC+xShJjCbhfPFRrIMcgL2X29knf/RNwI
+Lk5B+OQwRuUrJM1Q1iKZTytFdyBjsTahEw2CD6A2qr8HyjPQkiw6dTP2b0KzFuCv
+g2daT/7ch3UO1e+QLL5y/Nr8BaQHaHDSHcsMOcLhshzaSi4SAOZlLBQ2OBYQrOG9
+LvNCx3fHP+rIj9lspqQu4Nr701NOaG5Ryd3pnvULHKDZECdiW1+TtU1T5AouFC/X
+w91NpQYIO/utjfLDOQD1x3oK8FsEFHG4Q8Of60yXP6+uyA3PrrhdWBbHHnanK3Px
+4TphJRsKlX7keCWohyZCdWDLHf3k3zoV2DNeJrF33DZeAbuTZAtKnu/QeNxIAaIt
+0LlYWSbwWA9Fk7n/by91avQU2PWNwyRwzsnhmsPyGF5cgpXsWQNJ45x3EgkqhhpT
++g5LfPQKhyF1oYaW87idl33N2Ck1gd8Iiy39Cx8DvZNRro0W4AAtfln6BF5oai6e
+a12l2cIoFAJmtlZ2ebEU2blJgkq1dR1Ke3f1k2UUyMrX5+0bWLz601dgHUXSxOm+
++a84Kzxq+DZdia0CWlUWkNjS255BwdH2Le/GUNAfRxpRLd+g5VgMrZhVjRJMsUs3
+Y4LgNDn7SRipfXTpNbIhAoIBAQD4YrN9w54YXqnQXVBwHmbamnc9FfcVjO9dpN2J
+g2q8MMWpQ447xaPuNuZjfoc8V6Sf8Km0kUekrNPxnfbylao4oWg0gOFTJEBxpT7s
+9j/X4tzmaJClyaIhPC8vAeQyCJdS2Y1LADkeMbCxIFnWlFxykgtSyi8NmMlcbxlc
+jETpR5an23Py/N9yXNl98fTS4WZZpYDrweFSrddw6mT9JHql29iF58dkJK6NJ9VT
+x1ukYY4tRH/ARkFeBQjWgLHQDS7DsIaeWeJJdauSNVZEhn6DDeO1cvixZNS6rW8s
+oqrbvbqnqvWO7Q9rZHHxL4vgz2vdrI6mFbOLwMTNt0CeH3wbAoIBAQDVP+x1LjZe
+grofW5eXXmHpSiVov4+61PbshKbiBEHA/+um/jBAszLH+j5tp/QCLuDqiyUhObpX
+OczUFdbh5IIsO8r0XkYGvNqcr3HXiFUfdhnkNTqdCGTzhr+lV7ti3zf9Y5POMyqw
+ww+xNHBL/59xgYhh4aXge6k9Ku1eyCV6FNdjhkP917VGxPcR+nHGagDU6RdVpqe3
+ksLb2asvsIS5dunhGLhrazNcz0Mr1yEuhp9AmONvSDS5nGF2ArBVUv6oLUyBgJ4f
+XnbLw7CAY1ZbG5lMjD7i054/Wo2mRTUfdgZGMWw2htBNNIxQg1KioeZVu3lyXs5N
+ouj3a2dvnMa5AoIBADoxFZAvVkirVOmGEyRRWxN4ANuE2+BmpmWwDF79NPJmEsj3
+FMmYIjHbFtrUd+aBOgZmobu2FazU+MqwkXx/5+NgnUM/top+AcMeTcHCZ26yrcIl
+WU4eESfsK7m9nbLDJIC6i0m5Aai7R4QX6jRFiesloBWDXMa4tuQ6+xwdmL92kCs/
+VMjmyYrHigThvNPzDsGN7shNIfb213SS1ZohA8L74Jxukt45YdOcM3RvTl8So/aj
+B7MKQqI+V7W5bO8rR3t9TeynbkZ7lPiqGk3vnJAjnueRygX1c4lQvK0eZx0YNDS3
+7tPPYj9sxu0UkJbYwZKrrLfoeaoSPYlcl3z0L2UCggEAPkurPtweI+PajViLYzu+
+LJFtdjknurOF4rgprDMEJmZcp+7vl6cBuauf2xbKUGzzZXD6isc7aUnITViH6nt/
+j350Hoj/ue4nisgx4H3CKCuvCpyGH+OY4g9GIv4LDqoYyBvzzLPjz7lb9y9TctAc
++uKVPcrWU0qsuOK2bw7W69/0v+00JY6DNUZKyuS3offLgGcLWwkRS65C4EipGohd
+bXSQhCJdlXu+iGk/vSneVqIbGZrQLe0RAfvt+LR2YKabH/QDun0hNBa7a3EiOY9L
+ZdgdI2CA6nBZdTZ11NG44BTxZkX/z7n4VeV46/hBBqN3DypyIvgRGlrx5X1pvRA2
+eQKCAQEAptZ8KLN94muL8zB7oIuDti7RstS+kgcNKo22sWicUiS8/1md9syGM3rr
+ZQb+yLSmra+D9bOvc9xskI08gI2L0xWNLGDeW4RxXK2pWlgNpsMOVVe5uYKiO2/V
+B/+G873HoVLVvJbhsrd50pyVWU8KyN3ZKotVHzyhxSc562hkU7Sw8q5nKweHSuoJ
+dvwR0UNSBm7BGeSgnbV/aDV/cb3OeAgVGV1/u3thfPu9vbMUHnkF1eOuf5VpacXA
+ubtV1ZlZOur6FilEcExwqw+B4IuUfgyuJmgEBgxWibJSHIbfLQYF8xFV0hRkSnaS
+mvEDhckfBYc3I1M/uUI0/AmKPjLyxQ==
+-----END PRIVATE KEY-----

infrastructure/security/certificates/mailu/mailu.csr

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEuzCCAqMCAQAwdjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEx
+FTATBgNVBAcMDFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExDTALBgNV
+BAsMBE1haWwxGTAXBgNVBAMMEG1haWwuYmFrZXdpc2UuYWkwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDO6CUOfyAjxHKZsmFnSwIBflKxaNztZ84rtcXh
+Uf+/PdpPh1Lj23ao16YxUwe4NLQLg+mQgyH5OUJBhMYWZq581UHAuuz9vNKHLhz6
+NEs8MM4SgEs2t8tl8M/cAr/sQNFlncPI5qKgiYx1ctGULVRuE9Zl1WbhyCt8bCtw
+4Lm6OguzEAWJzcZCgzHZF2qB/9r7XZbFny7mS/WDVyB6gM1sfi+nJWqw27cVFOwN
+wz+J9ba4wJ4aFwj/cUmzolhPuoKBCiyn2QpBSiZAFrcHKH+Plrcr/4JsBQQzUkjG
+ZiBL/Fk384aJ7Hgr/I3pYDswAfvfWx0L6N9vUUK0lwVmHVmu6QCqajl/labHMpCQ
+7cpE5d8+cQq0bY+jDaj1jJ+QO7xipcCkPWA5zYAKE47EpKoavEBcgM9ifshyVj8J
+a2+HWg//x/IYioiyQO8Qm2RfUNbXgj0pTXNJOEpttOtem1ssPlgwKXL9J/IKhfuw
+o8liF9nDyBgt9lvbx57bWDgd99jcbWyQk9QYdIXlzquz2k+kkVvQy3lAvU+hvaPx
+AIRBterlRMhBw3D987cXNJFJP1NdRufooMHZ1meOruk8czO4ZJyWeDRc3EmsAD7/
+KZ6Oj7O5n93DqL+owlZwIpBZvBJmZMxeb9GvlvXF+q/NFZgqbWb1kSSgtFwB7KHa
+9DGRgwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAEoDvwPTbn4PxAz458F+H/58
+FFSqt45aFRC5/hoYWgV883JES0+PCHrXgvNqIBHlDNBhrAXHKW1wBQ3+9IWvCpp5
+yVOxr6LON0FyjkkGyq+I9hbUT9W3VD74TgDK7uRT7axEmUwlJw+o5zoYslwWPcBg
+u5usxsODZXe3jTYeP5nl3b7BD31JcMxOeXM24soAvY+UuJNyW2tDQAITYFD63TPS
+1+kekxYShak4GxUpjxIJpVHPA3I+09ILQeAPZZJ/wtuLlmMzecaMXpK/LDOatpYC
+mhvM4BsPlaN7AocpQ/o/0xg3cC0E0hZu7HL3G814Dgxc0eo94Rsw4YcHyDsJAS5p
+HgYeS+KsmQPVkx4jFgEIETQYXZfcF0PP//VmHSvwiFjo3fdW7oh405FVGFfS3pwH
+Nf7VaFilJXgnibUtT6EQcmKaezo80MtQ2+DLMbm9kgnxHGLSeBlXna8sUAgUjHwj
+S/9nAOS3FAWly0XERA+rLYMgoY+mwCHq1wOaLp+S8BF1yv9aDou7XZoQzMqYdkoQ
+z6sybgjd5nFXCckv9rUiu2Cz/PFyF2eOhPH27C/qyCo/dNmFwZ+M9KOCVFhRlRQk
+vyQkAQsYlD4fMMNz9HSiz0/aLZOhttoRB/mY5FIQ/O63IeZI7L/3xXuORZdAszj5
+4Sy5Ey3HZE6ZgpksyZvh
+-----END CERTIFICATE REQUEST-----

infrastructure/security/certificates/mailu/san.cnf

@@ -0,0 +1,26 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US
+ST = California
+L = SanFrancisco
+O = BakeryIA
+OU = Mail
+CN = mail.bakewise.ai
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment, digitalSignature
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = mail.bakewise.ai
+DNS.2 = mailu-front.bakery-ia.svc.cluster.local
+DNS.3 = mailu-front.bakery-ia
+DNS.4 = mailu-front
+DNS.5 = localhost
+DNS.6 = *.bakewise.ai
+IP.1 = 127.0.0.1

infrastructure/security/certificates/minio/ca-cert.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFyzCCA7OgAwIBAgIUPgOqNY+ZoKByQ1MfO8lkiGhOmxIwDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
+DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
+aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNTEwMTgxNDIyMTRaFw0zNTEw
+MTYxNDIyMTRaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUw
+EwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMREwDwYDVQQL
+DAhTZWN1cml0eTEUMBIGA1UEAwwLQmFrZXJ5SUEtQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDRD5O2egkYg9HNRR5SU0bLnGHjpv/RagrM7dhusaWn
+rfDF5VpTZ4s9/9sOEJ0NyjuoKXamouTwR1nw19FdH8f1eomcQ4eKw2HkxoxqR34t
+RDaAGz3bWO+raTQ4SyMK7XFMovUUiLl+GO23l1BNPfhzkcDkZ97m434f1QVo99tb
+hV4bILaoFIqf09M0E1/faB+JCR8Ykl7LoXguz3VR/BUnd0vMsTMWueD/2nVuUZO0
+0pUmTUBQ2Qd7657k/HWd/1wcEAL9dXNRbxhDNfGgc3WtQhggcpYLQafLa81tlxyc
+wDgN6PdElUlxgX/OuoZ1ylMZE7xpsMtpn1AweodVbm3Qp5A1ydybE61u1urYz1Lt
+WNZ9eOfAqewiYQHVZWMC4a4Sa+2yM6q5PX/4g+TbITh8hZJwXPK5EDig7vF14JPl
+lERNpwia3n6a0P703HPN6rkQO5kVTdiUsfibMtcUJHLyWWQARBmyeVfkICaaeYEl
+ELkswa9NVESKvQaHKSiHZFhEI0aAvcpAjm1EOhEa+hSRhOoFyUOvG+cMOfcBSmL0
+UmlD/lfanTT0zk5aqspEkXGeBw31rmZ/0AZOjV2ppRxWWekzo9Bf7g6eLTY4UCC5
+MyPtzmx9TbXrNAnXhiF6Lg5h28R42GTe5Ad6THkF9S/Khq8u0dY5SA2GUF1EbQO8
+KwIDAQABo1MwUTAdBgNVHQ4EFgQUA+6q/kc8fTQU1EDqzGRfKQpq6m0wHwYDVR0j
+BBgwFoAUA+6q/kc8fTQU1EDqzGRfKQpq6m0wDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAQuvFh2+HQFy8VTcUgalEViayt1zQGv4rISmiq3G6IeXP
+XS4gwqHkFzTwZvmohTwmOCwW/xF4KgxmFbyWNrEJJEqcbedqUWV/0BCaFmJvUddI
++ex/iD3Febu8AFI+J8lBH/CenDiSLHhgyseY8uwRnXsshX5RnDirF1uKr1J635an
+GlyFINUrnQlguEvtr0enGUlzT5rWj4y0AWUdbXi8vRsjWoQ8Ja0BxTrYYh/kO/FI
+PtqX7wsxoJMDEQ71zhwa7WLQc2dfb2rAr1uBh3qNwiVBINB+t3JFv72xqsWgurIB
+If2soRTI2nMe5gTG1Dfd+V24jfa/yIgAsMjCzmGQK20vobX4sAVnmPVbZg9SLFZi
+Midkn9O9U68MEOe3Iascld7fp5Jk+HrbJU6/s16EER/AgD3Ooj3wRgjTCS+ADD+j
+xo2O8VX2kPo03AN+iYa3nJmlMFzCrzT+8ZxSnP5FqGg2ECEbqqA0B/5naVpmdYaV
+41oFLswcFm2iqGawbsLN9x3tvICuE93HYk1j72PzXaiSLtpvamH1dRYC+HUM1L0O
+49CNMYJeL/NlyQuZJm2X0qDNSXmRML8HU9sOwWX6pPPJOzuqtgdx/+lkGAd2wZJU
+IVbmL6Qvzdbta/cSVwsLtBzG48a1b4KBc7WLHTwbrdBRTg0TkLY4kvCZe5nNl4E=
+-----END CERTIFICATE-----

infrastructure/security/certificates/minio/minio-cert.pem

@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGrTCCBJWgAwIBAgIUG+B0M2rxnqjGdtfo0BhevKCx0gAwDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
+DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
+aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNjAxMTcxNDU0NDhaFw0yOTAx
+MTYxNDU0NDhaMIGKMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEV
+MBMGA1UEBwwMU2FuRnJhbmNpc2NvMREwDwYDVQQKDAhCYWtlcnlJQTEQMA4GA1UE
+CwwHU3RvcmFnZTEqMCgGA1UEAwwhbWluaW8uYmFrZXJ5LWlhLnN2Yy5jbHVzdGVy
+LmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnju7tpQwvF/V
+k/MuRhrJYV0MJqtrFJ/NX+1OLJaMhFX/KY10LP+B65w/plZGyJtbtUdWj5wZLrZQ
+mJb3p4TtuK4BT1gu3bSZKIHQNeAg81KsMGq+5uXOoPWNrAhh4hYOJ45mIsYba0Dd
+O2MFv9WuWVn3T6FzzM7qLdCJzZNjeaB7mTJjdHGr84iT86AEA+HywvsqOojZe+Uj
+Ku8XrjxUGR/ePFvQCyMdWgFbjwijJ/Bn8RCARIuiEssjSLQWOgQgrIATvEF/cyUd
+ZKGhac3/4I71xDWhX71XWYwONEmrQ6cGzXmvcUMV8HvEWMzb05RpOYzymKrbxNL4
+eWNaKvrvcZzcMzpIM4ReGKw2N9sAGs3YBTR7WXLKWgnLYbsoHx3ddZuyQ+HJwDTX
+qpXutYhaoCffH23nMMFiAK1imebBI1hUcAiPvpSx7dI3mgNP4afN/oqhMOPg8Txm
+wMekvpz/7cWbCONjkd9dq0VLLSW+tqIffVQj0LOUPvXrLOmPmcL6lSlRO885TVvx
+JDbt2XURmhqJzparIfNhF9ElpHmbsdslmYPo/9JWUmrkbJ6AafdlJnrCTGxJpiwL
+0lJoxIwvqYt8DBuc1cNFKJISLZIyo6uXRuNVoNprxgfUvl8Clp3gS+mISFg33u2k
+Jcbqznvvc3tblHe0xg2MHMIVTdZiRjcCAwEAAaOCAR0wggEZMAsGA1UdDwQEAwIE
+MDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgaoGA1UdEQSBojCBn4Ih
+bWluaW8uYmFrZXJ5LWlhLnN2Yy5jbHVzdGVyLmxvY2Fsgg9taW5pby5iYWtlcnkt
+aWGCKW1pbmlvLWNvbnNvbGUuYmFrZXJ5LWlhLnN2Yy5jbHVzdGVyLmxvY2Fsghdt
+aW5pby1jb25zb2xlLmJha2VyeS1pYYIFbWluaW+CDW1pbmlvLWNvbnNvbGWCCWxv
+Y2FsaG9zdIcEfwAAATAdBgNVHQ4EFgQUrW33q9i+xNLuVcpe++9qPNzuQxUwHwYD
+VR0jBBgwFoAUA+6q/kc8fTQU1EDqzGRfKQpq6m0wDQYJKoZIhvcNAQELBQADggIB
+AISOCbxRVwlmigc6WK3xTiBq6RF0csvuy62Mbr77HtCuO4x1929B011wuv7gXHfk
+OBojkvpfqPQyQe96tapDbjafiy+eHpOJmeB1M7iP+13LbIF3wjQ9IvuMkg7qPs6W
+MyrpowVp+POx56JRQ+yOrngjH1DoE1n940IGISfDfoh7q9c2CoJP6qj7albwU8EM
+bPywpxZAS662uKAGEMpSK+cn1wTSvVH3z45k2OrRl/CNOgAZwWr77P+P7moEHyfQ
+eGGirRSYk0RBmc7NLgtG/bWBPLKxtr2Bfbt1pdVWjGxNiph4xsVtbWi6uNyLX4Mj
+Yr+AUR7u0yBUlRsUT/WCnAXvtf74pqbZ46wb1gj1+yMFXtMRWUWcEqMFUtItK+Rx
+JP8mA+mojtGNpgIdnwoZO10lBFvSFJ/XFPYllqJ8biZbwD6mXIsz/VBgCDyrCy2o
+PyXsGoG47SfJ/BWotu0FCZdDkx+PSI6nGJw+vzjRW2wMOmw2bgLd+wlT3iMzxWuN
+CbvM0JjSCbwaS/tO8zkk4dNyXdYcPnBO5Re3R+AEwODqWaxOFWbeTYmtlyNMwMON
+wiiGzKZ90hs9A+z3ltBWM6lM8PIhZeppuLFML4LJ6tN/wjrk8EU0PMOfeQ5cYzkd
+wAwbF5WiXCwbmhDBmn1UPk27OAEtO4R3ynis4xcIneSC
+-----END CERTIFICATE-----

infrastructure/security/certificates/minio/minio-key.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAnju7tpQwvF/Vk/MuRhrJYV0MJqtrFJ/NX+1OLJaMhFX/KY10
+LP+B65w/plZGyJtbtUdWj5wZLrZQmJb3p4TtuK4BT1gu3bSZKIHQNeAg81KsMGq+
+5uXOoPWNrAhh4hYOJ45mIsYba0DdO2MFv9WuWVn3T6FzzM7qLdCJzZNjeaB7mTJj
+dHGr84iT86AEA+HywvsqOojZe+UjKu8XrjxUGR/ePFvQCyMdWgFbjwijJ/Bn8RCA
+RIuiEssjSLQWOgQgrIATvEF/cyUdZKGhac3/4I71xDWhX71XWYwONEmrQ6cGzXmv
+cUMV8HvEWMzb05RpOYzymKrbxNL4eWNaKvrvcZzcMzpIM4ReGKw2N9sAGs3YBTR7
+WXLKWgnLYbsoHx3ddZuyQ+HJwDTXqpXutYhaoCffH23nMMFiAK1imebBI1hUcAiP
+vpSx7dI3mgNP4afN/oqhMOPg8TxmwMekvpz/7cWbCONjkd9dq0VLLSW+tqIffVQj
+0LOUPvXrLOmPmcL6lSlRO885TVvxJDbt2XURmhqJzparIfNhF9ElpHmbsdslmYPo
+/9JWUmrkbJ6AafdlJnrCTGxJpiwL0lJoxIwvqYt8DBuc1cNFKJISLZIyo6uXRuNV
+oNprxgfUvl8Clp3gS+mISFg33u2kJcbqznvvc3tblHe0xg2MHMIVTdZiRjcCAwEA
+AQKCAgAXGAa8jgJS6/XDAyIEz1IG6MqmNiyJtQ0HbB4Vud9GTTrReLi0/JGcrpBH
+mZ35F1uaKJBEo3a1b5xxuM7qXydG5faA+xDUANC9rbySsGR+vtkss9eq4W135n7H
+1e1bTva/5TOY7asAy1W+niQvrGMm3U+QCrNY9/YLu7zxCQrirH59jHIhg5miEJPv
+YbJUUrzYokm2g1SilX29fWnKXzmy9Qi9bHT/ux9EjKAtTwhpAthYwZzG5E5CSe2b
+ZdU8oG+YXZUDy9drGcahckmZpJwszRCnk2A7FepSwnMsRHg/hngisxjdAfqIv7eX
+cka/KZD1+lFJ4N30awoixVJapYcepfMa1/7tModQl9wZ9VKY6zbQ0/U4Bwe0d48F
+CX+iYNgkxQdfuWp0U6FEeQ9nGkO2wYABq0+sH21SjnE4/MxyjzKd+cGO3RGdNKqS
+9A5nnHx1L1T3zgHNGfGKQzO89/OlT0VTO48HdjlokHfsuSTm77kdfE5MQpjavZKZ
+j4Az2XCFZC6ZBqbopfP5jeMZb5X54iumrR0pzQDihCvYZf1NUCkxEtVfi1uyKo/6
+38P+JCpKVJMfc8ra1eYTSWFZd75QuL+QmnZOUCjBKW2sPA5FlDrNESu4+DHBUQm8
+quLCPgKhp5NeID5crnbTIXrUBokPtzlZmtHK9LTXy3OZGWRkyQKCAQEA1t8TaugB
+jLQR65pSldWL7UJuFVVTUoCJPypyNB9/sUlL/MwTAlyaXz/yMyCeBukwrpLOS44s
+hndBRN/vlvDBhJ/V7Xh0DQe/0ijs4ItcXCYi7xEqfNwQPMBD+5rZGJyMb8KKWv0K
+ARxDKI4c+KRD0zd5wVmzVRN7KfU3OqWleuN3LLVj7tzaOdOlRSA7aiBM/hud5TQ9
+E0pAwH8Hhc1amjiC8tBlaFegIhuzIzxMSXHRBUp3lh3/oe36382nsELclN1hUVDk
+t3TAZctyXFB3HE2tzIvoqEJQ7Fdws05EPeqH81NzGcFTMKSbyRs6kXc8ECHOsiXH
+zL7yvR7KPfTvawKCAQEAvIVVQWyiqNRq7SBGws87Z5cdYI8gpJB8lYrJIji4rUEE
+Mx2gUx+Xhs9A2Rs41gXlawoEcjP9berve631VNWC4+t9pTvVojqXmrvZ5UD7uvCI
+FQO//IIGjkKEfDpIH/qlDRVelFSSRc9Q/cJbfSpKblbrXgQmtnJ9jlBJE/SLImxP
+79DUtifZlypUQl9yc8Rg1RbjrAkcAVa9PG1t7phSjrddtJmtURkEthXY77Gw9XrT
+80ZRGvJHKIlZPfhqvZSFC881RIgIiF+BulhnmzMJ4vgXyq0T+QcUF7AAtPQSHr0r
+Bnp7ReP1yGm5P7t23fEM4gDuDCAPt4GYYyLEcgizZQKCAQEAhOLTbHNtueoHhzEa
+0CWQczx5PmJVtJlfyBvlI00zuJ3/C6neO8CvjCbNEEek09tVyzFpuhqEeOi6CfGA
+iFX/KJl9QW8UPpbDUCMVVE174lWHl1iDcVLcC+ZQZQPALdNrmxayYFFL5aHn+uXh
+DvjwJWmSuDxUh1IUAr/v1yporBaPNqw70Jbvs4GsHZMwi5LMav8DaKQk/ZAXebVW
+Hq8A0I4QlkDB5oUCuPVulWUOPQHR5jbGvKVy2l+GnvDeO0kuiDZdoF+qA7eF4a6v
+3F27PFriGLWSPrU8vN3bCllmJPCuAZNjhNMmMtgqrHZVg289SzDNVym8ZmjVUJcB
+Ns4LXwKCAQEAt4nkKA8ZCd/MvlInMjDJ+B+ydTjDohQdhwYYrh2lBuB+szlLxsHC
+J3iN/RE4s34IDr8w9vLQ8HvDbpk9ebtpdHbn27+2TPxYb0gmasFqk2TsR/Ffr/nz
+Yfs2uy+O2ruOh39flnAD/L1Lb9MSeXh8AJLVEbJe8k/jF3Powenar8fdx3B8N1/y
+wu5uHDSK3FS7pZpkTDCOOGt3T2aGmb1o2xOAwny/tW3zHUeF7k8EJurPgVDbU62/
+Q6L85I1/dlUrdwTkKnV6QTMivQamz/3PyU6a8zKweEnA8RLkjUf2gEDRq7wBWlkH
+CHiN55OetZOiZEJdgCaSxqkAcLv/n7oC1QKCAQEAqFCGT1VXn2Pa0tT6d+oFvXa9
+HCU11DloZwXT968rhF8BRk7KEUoezEv6bMFluL3jOc03dQK5ZQtjvTBFJbW75VLV
+artuSLbU/BW+gDkYZk3Cn5gPzC9HldCks+KIC8rAqCOuoMG77HYNW+7rBKKwbwl5
+kCAmnJa65fYs7CYzD98foG+VllsnUX+m1LLeKcrPDeiiqndBaSZ/MERgZa6Ivbwi
+05m6qj/vW/VbWNb5Txgcy1jN9zQmbN4RtfgsssJFfsKrMKIqVzu6CLpBxypNQvGa
+4Ku3TVFroshYqYJLVmqVIXOWVfOHA4LOei6kCe9Gi42v7jKMx3GD+nB+PVmQWg==
+-----END RSA PRIVATE KEY-----

infrastructure/security/certificates/minio/minio.csr

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE0DCCArgCAQAwgYoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
+MRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMRAwDgYD
+VQQLDAdTdG9yYWdlMSowKAYDVQQDDCFtaW5pby5iYWtlcnktaWEuc3ZjLmNsdXN0
+ZXIubG9jYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCN+XNRDxtM
+siHWRzlX5bWLjd2la1w0HeUbzZ8l4mVRQTvgVZ2ilhZ4g749D3hE2HK4PV7yDXyN
+ofIz91s5CCIK9iuReukoYeTST0VRrNNUd72oe1oxp4v+iPOOQE8K6IH63ztc8EHZ
+0cHxNVrm7HCVLFFG09WGn9th9b51OVhCUFTyQqfvnL3rhvL0vvx7xTuVISGhw8wc
+/7DZPR2OFdSS8raVpWqy+vi0lgjQnbdcaI43t+2tfqHi3E3mJ1h3SR4YQJh0FWMI
+ULcIW3GcOKxQ2r9mAh1JeAR9BtVRQnFF4ZBlnN4nwd0IdmFLofvFgnylIJ5lm1kT
+/aIkAhljKPiWZhDmLayMlxf+YgtzPhoUtGt5tPfmXPDosYv5BNl/7PD3gem+Gqmn
+KRb4Sxz+6jDDMCijk/+QSh9ri3rDCjoiwxgi1p7lFDZukbR02XSVUmrTZljmDOPg
+tnMXhVNbr0ftWBtraynEGEIKIJrAG/XWmlgL+9rQ/2VHRuPbBplfY1azIvAHcxag
+xK4xW0cA9HAj8WSmEt30WplLXCeHv8UY2FKSk3cPmBp7QIAwKxqdeFuUQTcsT8p6
+wDCwZuP8irD9JMmbaLn+GyRFJkbXfcmLnWEKO7LqtEP7tfKEb+Vz2kTKv488heQo
+AUVPJRBiZsrwcoWlGlQ2iWmM9bW3ZGkzhwIDAQABoAAwDQYJKoZIhvcNAQELBQAD
+ggIBABINqJhSOOh+ZnFFKCz0hRIKZdAiDYXtwNDY0nGS6ZUkCTIqbx8m+iGmAyn+
+zCtoN5AK73U6QMeMHKebL6Yfhjh5HvVWqRb/dbXwgasVusOQMXmYCvkLOuSKjSUf
+3jWhJrA9I1Vg41vfoZmyy3u6g7/uRmOgSAhVB0Dk44GAlzW0jpZIBveQ4H0M1PHV
+HGAXaZKLmmnHTpC3ilsaQTKF5yjVXMmJ85VnyMlo/Kxiv+XujKdt1Dp0BRk+IPpW
+DFNAY2joOAPOvJImH/7k0YrE3JZl11e4pyI1BO5SpKllWfPMhw0kqsTrtrnTeAgW
+eguP+fkXZaCeOyUyvatUMW7+lVcKu2Gqs/tPpn7PaAVyb1dTN5L9E32o6f9dJ7ew
+mD+mw+p+dKwhTSsf20irVZmNEYTyE40fnQQeR41fM5a8uGMxegIfKSwtWgDgEjE7
+z3L034/g+RQop0nyRhCb52HKlWHniGM/w+/S+2Rn6Ac7R7L3gAuNrdCLD9bWIcXe
+jaGQeh0zrp/TtXk/D+81KLdixGbWCzoeCggFzaFZUHf/4AT8lI6qZhp8IouBIL51
+b2A9Gz1yro0y6YaJai2HDDu7emVCCGgu45i8yxh09jwIR/MRjBWBDHw29xixbIiN
+af6SBracitghXnTxpOjLLfN1amp7i0CUe51HzxLblxNcnZM7
+-----END CERTIFICATE REQUEST-----

infrastructure/security/certificates/minio/san.cnf

@@ -0,0 +1,27 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US
+ST = California
+L = SanFrancisco
+O = BakeryIA
+OU = Storage
+CN = minio.bakery-ia.svc.cluster.local
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = minio.bakery-ia.svc.cluster.local
+DNS.2 = minio.bakery-ia
+DNS.3 = minio-console.bakery-ia.svc.cluster.local
+DNS.4 = minio-console.bakery-ia
+DNS.5 = minio
+DNS.6 = minio-console
+DNS.7 = localhost
+IP.1 = 127.0.0.1

infrastructure/security/certificates/postgres/ca-cert.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFyzCCA7OgAwIBAgIUPgOqNY+ZoKByQ1MfO8lkiGhOmxIwDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
+DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
+aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNTEwMTgxNDIyMTRaFw0zNTEw
+MTYxNDIyMTRaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUw
+EwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMREwDwYDVQQL
+DAhTZWN1cml0eTEUMBIGA1UEAwwLQmFrZXJ5SUEtQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDRD5O2egkYg9HNRR5SU0bLnGHjpv/RagrM7dhusaWn
+rfDF5VpTZ4s9/9sOEJ0NyjuoKXamouTwR1nw19FdH8f1eomcQ4eKw2HkxoxqR34t
+RDaAGz3bWO+raTQ4SyMK7XFMovUUiLl+GO23l1BNPfhzkcDkZ97m434f1QVo99tb
+hV4bILaoFIqf09M0E1/faB+JCR8Ykl7LoXguz3VR/BUnd0vMsTMWueD/2nVuUZO0
+0pUmTUBQ2Qd7657k/HWd/1wcEAL9dXNRbxhDNfGgc3WtQhggcpYLQafLa81tlxyc
+wDgN6PdElUlxgX/OuoZ1ylMZE7xpsMtpn1AweodVbm3Qp5A1ydybE61u1urYz1Lt
+WNZ9eOfAqewiYQHVZWMC4a4Sa+2yM6q5PX/4g+TbITh8hZJwXPK5EDig7vF14JPl
+lERNpwia3n6a0P703HPN6rkQO5kVTdiUsfibMtcUJHLyWWQARBmyeVfkICaaeYEl
+ELkswa9NVESKvQaHKSiHZFhEI0aAvcpAjm1EOhEa+hSRhOoFyUOvG+cMOfcBSmL0
+UmlD/lfanTT0zk5aqspEkXGeBw31rmZ/0AZOjV2ppRxWWekzo9Bf7g6eLTY4UCC5
+MyPtzmx9TbXrNAnXhiF6Lg5h28R42GTe5Ad6THkF9S/Khq8u0dY5SA2GUF1EbQO8
+KwIDAQABo1MwUTAdBgNVHQ4EFgQUA+6q/kc8fTQU1EDqzGRfKQpq6m0wHwYDVR0j
+BBgwFoAUA+6q/kc8fTQU1EDqzGRfKQpq6m0wDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAQuvFh2+HQFy8VTcUgalEViayt1zQGv4rISmiq3G6IeXP
+XS4gwqHkFzTwZvmohTwmOCwW/xF4KgxmFbyWNrEJJEqcbedqUWV/0BCaFmJvUddI
++ex/iD3Febu8AFI+J8lBH/CenDiSLHhgyseY8uwRnXsshX5RnDirF1uKr1J635an
+GlyFINUrnQlguEvtr0enGUlzT5rWj4y0AWUdbXi8vRsjWoQ8Ja0BxTrYYh/kO/FI
+PtqX7wsxoJMDEQ71zhwa7WLQc2dfb2rAr1uBh3qNwiVBINB+t3JFv72xqsWgurIB
+If2soRTI2nMe5gTG1Dfd+V24jfa/yIgAsMjCzmGQK20vobX4sAVnmPVbZg9SLFZi
+Midkn9O9U68MEOe3Iascld7fp5Jk+HrbJU6/s16EER/AgD3Ooj3wRgjTCS+ADD+j
+xo2O8VX2kPo03AN+iYa3nJmlMFzCrzT+8ZxSnP5FqGg2ECEbqqA0B/5naVpmdYaV
+41oFLswcFm2iqGawbsLN9x3tvICuE93HYk1j72PzXaiSLtpvamH1dRYC+HUM1L0O
+49CNMYJeL/NlyQuZJm2X0qDNSXmRML8HU9sOwWX6pPPJOzuqtgdx/+lkGAd2wZJU
+IVbmL6Qvzdbta/cSVwsLtBzG48a1b4KBc7WLHTwbrdBRTg0TkLY4kvCZe5nNl4E=
+-----END CERTIFICATE-----

infrastructure/security/certificates/postgres/san.cnf

@@ -0,0 +1,37 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US
+ST = California
+L = SanFrancisco
+O = BakeryIA
+OU = Database
+CN = *.bakery-ia.svc.cluster.local
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.bakery-ia.svc.cluster.local
+DNS.2 = *.bakery-ia
+DNS.3 = auth-db-service
+DNS.4 = tenant-db-service
+DNS.5 = training-db-service
+DNS.6 = forecasting-db-service
+DNS.7 = sales-db-service
+DNS.8 = external-db-service
+DNS.9 = notification-db-service
+DNS.10 = inventory-db-service
+DNS.11 = recipes-db-service
+DNS.12 = suppliers-db-service
+DNS.13 = pos-db-service
+DNS.14 = orders-db-service
+DNS.15 = production-db-service
+DNS.16 = alert-processor-db-service
+DNS.17 = localhost
+IP.1 = 127.0.0.1

infrastructure/security/certificates/postgres/server-cert.pem

@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIHcjCCBVqgAwIBAgIUG+B0M2rxnqjGdtfo0BhevKCx0f4wDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
+DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
+aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNTEwMTgxNDIyMTRaFw0yODEw
+MTcxNDIyMTRaMIGHMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEV
+MBMGA1UEBwwMU2FuRnJhbmNpc2NvMREwDwYDVQQKDAhCYWtlcnlJQTERMA8GA1UE
+CwwIRGF0YWJhc2UxJjAkBgNVBAMMHSouYmFrZXJ5LWlhLnN2Yy5jbHVzdGVyLmxv
+Y2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1b/VSfu/PMvYorbL
+295V2ZAGRRNWupHH3K9xDAPm45TudgPWLxnyA9HVz5jmKgWHQKVrSI046uLuEYA+
+Rmth7FEVCLt9i5ifhaXmAfSouG91nC2NCshmEhXtZBJX0omaNhiDDotx78kjKaLR
+A22mQoCcPvkzEqOECpiVFU9UHB3C5unmtHSC48bB+ARyiE2z7RraG1YEKkiljilF
+mJTS6N36BqabF6AxqSpIanoEgFgWC6aIXtA+fo3Ez1mJEFwfzQBWcKt/ON3nx3xD
+bRNsmorxHpsPinOA4hHVw7TcU4LqqURYddNocmbkKiVXJZEFgLengB1lm/lAYWqZ
+QdPbT1UcCfQLvSt6lVk+VB06eZ4ZKfi/koflFP0f+2SB2hQ6aj97G/RbrkCGaIFX
+Cx5d69AoqSwuExtX/Qm1UK0O2xpLv35KdScy+Z1IFOcYzcXq28fxmu+TDDNySScK
+lsbjwfu4EGKGLsktGvTAGH1EyKvKksqx0Ex9s/8vAi/2T4+FC1Bl25B5fzDED5Dp
+KHtJatxwjWiiDlayrk8Wg03RyFSf5n4F7Rbp3+oFmsSSnEEZ+RCOnCgqCZY1Ms9r
+FT9fz7hAs2+XPepu0vwFKBUwlxiWdDzH6sDIQCeS3xS243vyiatEu6K8C7x0eWls
+59IBQqv5x2TbFtTwDXgb+SJ0k2UCAwEAAaOCAeUwggHhMAsGA1UdDwQEAwIEMDAd
+BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwggFxBgNVHREEggFoMIIBZIId
+Ki5iYWtlcnktaWEuc3ZjLmNsdXN0ZXIubG9jYWyCCyouYmFrZXJ5LWlhgg9hdXRo
+LWRiLXNlcnZpY2WCEXRlbmFudC1kYi1zZXJ2aWNlghN0cmFpbmluZy1kYi1zZXJ2
+aWNlghZmb3JlY2FzdGluZy1kYi1zZXJ2aWNlghBzYWxlcy1kYi1zZXJ2aWNlghNl
+eHRlcm5hbC1kYi1zZXJ2aWNlghdub3RpZmljYXRpb24tZGItc2VydmljZYIUaW52
+ZW50b3J5LWRiLXNlcnZpY2WCEnJlY2lwZXMtZGItc2VydmljZYIUc3VwcGxpZXJz
+LWRiLXNlcnZpY2WCDnBvcy1kYi1zZXJ2aWNlghFvcmRlcnMtZGItc2VydmljZYIV
+cHJvZHVjdGlvbi1kYi1zZXJ2aWNlghphbGVydC1wcm9jZXNzb3ItZGItc2Vydmlj
+ZYIJbG9jYWxob3N0hwR/AAABMB0GA1UdDgQWBBR+ZyMAMCMyCv50MJTcHSw13VV9
+3TAfBgNVHSMEGDAWgBQD7qr+Rzx9NBTUQOrMZF8pCmrqbTANBgkqhkiG9w0BAQsF
+AAOCAgEAC7WCN3aJw4vT3Nr5fWqjkzxcl+spTRyBDEbJZYp3HdK3QOixhTd0B3bF
+FzWSIX79Gvvs/rj8SZDXP3BdsSpoIxTJf+inzPm8hPRo2cuSNjO9yhf1u1AByb2g
+eWm2L58dLLIYngcsl/AaThifOuKfVc7kX5F5+ppHlWE4INGaOKl2ZqBLpOm+4nXp
+78iBAtfHKVLmMBkIDsYgX9EDU4gYYerSEuY3Tac94ea9nEcGpvHDhGRbNRS46Fl/
+O3Vj18OS+KddMerAueNjvop5vsK0T6MCelLOhlrtoMeNHEcwzkBLwjvDo2GWaHmO
+SyJNwSEAjlyU1rra0TXtpyMg6/cnWbr9gKhrnf+O0CMGLuV08FiPCwa6/qmPaiKA
+i0+6TbusbFLGkeWCPK3jyZFalSZnWPH5dLJEwuSYe9SFxZVZSHSMWn0ytv5HuZNj
+ZInxvbjj6S+a5SeRc5pvjJ5VMDkkQJ34mBl22noyBip8cruQgA7yzHn9sycbAyTk
+YgNXJHnb4QmutrbM7zbqkGPNFXEByyVaY/m7ZrlE3oG4GRlNssmKyUgvLPxUmgYK
+p4X5xDhRQl4MV49//A5F6+qS6ur+B+p9xHoLJfoBRTSW+S6Pubb4wQH49zp3Nmm9
+94aThjKHK8TiMbJA+bQ/kF2OnJYunkucYjYzNvjWwf1S/reBg2E=
+-----END CERTIFICATE-----

infrastructure/security/certificates/postgres/server-key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDVv9VJ+788y9ii
+tsvb3lXZkAZFE1a6kcfcr3EMA+bjlO52A9YvGfID0dXPmOYqBYdApWtIjTjq4u4R
+gD5Ga2HsURUIu32LmJ+FpeYB9Ki4b3WcLY0KyGYSFe1kElfSiZo2GIMOi3HvySMp
+otEDbaZCgJw++TMSo4QKmJUVT1QcHcLm6ea0dILjxsH4BHKITbPtGtobVgQqSKWO
+KUWYlNLo3foGppsXoDGpKkhqegSAWBYLpohe0D5+jcTPWYkQXB/NAFZwq3843efH
+fENtE2yaivEemw+Kc4DiEdXDtNxTguqpRFh102hyZuQqJVclkQWAt6eAHWWb+UBh
+aplB09tPVRwJ9Au9K3qVWT5UHTp5nhkp+L+Sh+UU/R/7ZIHaFDpqP3sb9FuuQIZo
+gVcLHl3r0CipLC4TG1f9CbVQrQ7bGku/fkp1JzL5nUgU5xjNxerbx/Ga75MMM3JJ
+JwqWxuPB+7gQYoYuyS0a9MAYfUTIq8qSyrHQTH2z/y8CL/ZPj4ULUGXbkHl/MMQP
+kOkoe0lq3HCNaKIOVrKuTxaDTdHIVJ/mfgXtFunf6gWaxJKcQRn5EI6cKCoJljUy
+z2sVP1/PuECzb5c96m7S/AUoFTCXGJZ0PMfqwMhAJ5LfFLbje/KJq0S7orwLvHR5
+aWzn0gFCq/nHZNsW1PANeBv5InSTZQIDAQABAoICAAXpngfuCklaEX6CvvCF3cBn
+Dv1XKRrVEH8RbUzvSLI6kD68dsQWcXmF6DurV5E0VkbwAcqKeYIUepBfs0P1vB+H
+ffpKsWYsonEAeJ8iOjk2gBLXYbjkIoqqh5wGiTOzhwwAW+kJlhe+Fmu+62LZuXPK
+efKgqGHXcGjDSrsXAX/GRPoSi0VU7w/yPghTGytGYaKT5RJE1q2oFR2calFBAJ/c
+urSiDtU1owSyZ467xvxuiKw+1DPcinYBYZR4vhAGnwHn2fxDiiveW4cgRVSIPoSn
+MOnvURvme7Cv3JwNbdtzhMk025uQGFSzID7tidO/XLRwSsECTylkLic5Bc8/1yeg
+JrlrEMa5o/kxoDkRZ3P0xYwofKx11eeEp7Jchhtfj4saCVxL7hyfO5PE1RY5vPuf
+9jpEFQ3Il0l24QQ58Mka7H3d+Rw3cnMLbJSHA71GR9aje/VQUOray0mWftdV6+Ta
+ZP/t0k/jjqlqRiqzOY08k0f8tjmjhstx1CYZiRPAXruiEoSwS4FAUvTwRyo087I2
+kgsXm9FwcEZDUmzl0lTG/1bNlHElulyqRLwZeQwLpAte3EvjMC17NuBnFT8Wxltc
+8sTdTs3MHFMvvb3r/irczY0Nw/w7ws8NZFuUlW2n1LObZCkMCHiW6FWOEAaJcsmy
+1yPlAZ1ptpbwor1w0/17AoIBAQD8AI2Zo6KL94Q0jObimrnrBTWQnZHZxSn4/VPM
+SChNgn9lttBRq2F2aveSLG2TaF4BQdcGKRA5u86Ovzw7eEYJdtK/BpPF6EkHDFTv
+/DUpSha/gbBkqmRaDJfFjg9pMPZdvgEVxyLYmsRYb//E8R7uLel04iypCU0ISl2c
+fUNLfWkCA4i4cmdHMqtGtnoKnsWqV3Uk2mEQJJYI66PDmr3KVwoRMoqZMP4pr175
+RHnkA6f9lEW8tkUXnutVi41ns8JhFZfnQZDKfXduT417GCHeGkkWnXizt5z6MuWm
+hLlQ+P69S6iVSQQNnKrZZuEuFNTMnnTSgVOufnRLVX1cd4ELAoIBAQDZI+ziaqzp
+FKjvlZRyBkp7iF+JjdP79BdfeK0SJVOt+G4NUNQOPLUxcuB1yeXwvv5XVikd8txJ
+FmVLqCM69a81RnHG6uNNSU1moE1VAX0wjwj1hi+nAGcegIpditzJrBiP8ldkV5+r
+ZHiC5/QvH7+QZaAuQ6s0fghPI7qsfXSnqNS5W14AsabMqPYPxGr4P0BOhEcgdxtR
+F65HPz9v9rQd9LmObIY318CkM7mcfsG+6ckAwtQUgFvefgtS8n/0dtFmBkDTfAxp
+ASfD5i66L5cx6BnUO1gsgMPpLjksh5D1qZ+gyNWkwlQlDRLs6IuBEW4vEnIc1aSl
+/APOy2pM1eNPAoIBABEHxIoGifyljJS0lQHpbPkaEAWm8G1kKrL+A8TBd5/NWui3
+0xpB18NV9Uc2o20b14aEOZDcA5GzRIFXIS3vseP/2Lw6KJBuY0kLp03UoI8ax7DH
+hfE3prKDOVqLgDUervek2JPtMkirJOvJHeLkXK/CAI36nwQJceBGjk7+FCcs4YTW
+Uk4MxTgFj5emy1aeZkNdx7fm3jpmDpGpwxZ8Bal/+lkxLjauHe8ZP/TekNI9AQRd
+Gd1oAAFZpxPP641/k3pWKD7jqnJUylZ1H92awucspZXWrIqQtRYfjG+VdqSnPyfx
+zgHQvmphFRa+IieoFr2BU+nJ/arENv3EWEWAegMCggEAT1UYzwA6fE3YCvCTc7Vo
+sQl6Hj97G6pqf68PTHnmwMDrNGI7l5gGezKFX4OMRxEAy9fm3dJFOU69Y47ikEAC
+62v5VburoCkP5lba6hvJKVyY4VtNPa6f/jzoUJTTZbtCnhTkaPy6kVv7y5gDVtQ6
+oP8ALub6Pgtt7bwYD70mSbsdPTtsdMRzNILmo4wXqOszC3y4n9vkVxRX0CADhVyV
+IfyvbqGnx+9DqrpbLhoBn0a68VQ9N+BNsFRMvtlqdl6S0rumI55GynZpmOEYYV3R
+16H9DdVAucGx0hfZO7Or+pUmhQ/bPn7hT0gfif7MOTOtFfWfS3mi1iHlIkCfbcMX
+cQKCAQBcnl0TCUMIdXbMnIG10CoL9myHWl1JjHV+L7I9TQ/OkvuxuIoJPRbpPUDK
+dnBCW3NY86zsgL++I5b2LWhXzSjlAgZSD5rJIBzv5/8yzGh5EZK519wg/bCbJLDE
+LQlQ7+j/BKUllmrIKD4vokir9ronGJnTNJ9aSOdtD5d7u3VBfJdDimKRt3uUpwZm
+BnLrLYZKmRUnZ+I7HgrwCO5+815W6Xut9Phdz6pp9rT+fyoUhy1V+uiu2aT1PlrS
+HSuAotWAkIYKb5eiPwSAytomgfbp7GbAE4mcP6wIuxXLnBgyZHo0a3qBcwkFyWb6
+1+AGw20W2hvgcwJ44cLH2IE28dy4
+-----END PRIVATE KEY-----

infrastructure/security/certificates/postgres/server.csr

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEzTCCArUCAQAwgYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
+MRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMREwDwYD
+VQQLDAhEYXRhYmFzZTEmMCQGA1UEAwwdKi5iYWtlcnktaWEuc3ZjLmNsdXN0ZXIu
+bG9jYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVv9VJ+788y9ii
+tsvb3lXZkAZFE1a6kcfcr3EMA+bjlO52A9YvGfID0dXPmOYqBYdApWtIjTjq4u4R
+gD5Ga2HsURUIu32LmJ+FpeYB9Ki4b3WcLY0KyGYSFe1kElfSiZo2GIMOi3HvySMp
+otEDbaZCgJw++TMSo4QKmJUVT1QcHcLm6ea0dILjxsH4BHKITbPtGtobVgQqSKWO
+KUWYlNLo3foGppsXoDGpKkhqegSAWBYLpohe0D5+jcTPWYkQXB/NAFZwq3843efH
+fENtE2yaivEemw+Kc4DiEdXDtNxTguqpRFh102hyZuQqJVclkQWAt6eAHWWb+UBh
+aplB09tPVRwJ9Au9K3qVWT5UHTp5nhkp+L+Sh+UU/R/7ZIHaFDpqP3sb9FuuQIZo
+gVcLHl3r0CipLC4TG1f9CbVQrQ7bGku/fkp1JzL5nUgU5xjNxerbx/Ga75MMM3JJ
+JwqWxuPB+7gQYoYuyS0a9MAYfUTIq8qSyrHQTH2z/y8CL/ZPj4ULUGXbkHl/MMQP
+kOkoe0lq3HCNaKIOVrKuTxaDTdHIVJ/mfgXtFunf6gWaxJKcQRn5EI6cKCoJljUy
+z2sVP1/PuECzb5c96m7S/AUoFTCXGJZ0PMfqwMhAJ5LfFLbje/KJq0S7orwLvHR5
+aWzn0gFCq/nHZNsW1PANeBv5InSTZQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIB
+AE4N38FRrzeIodjCM3ymJAkGI7cnm1vB/1aHwbq5OlCUQ0EGFzzeGIEZi1ve2tsW
+1exPvGZRBUosl+12vwq2oJURlPPKAieKAkrvXo/vR1Fb1QnZY5hDEdJuG5Uwd0rE
+QacjuFaQ/yv1TVKkvnjKhYXCmZ7w/mB36mWEOk3nBqK12xdwydRwFfgZtsVK6mq9
+OiDRskecaSshMyuprFAsS3eWAbRtP6alz66g7ZdaKpReaNCc3ARWjT9Lv19dA2JS
+PV7CFF0M/Ta6mE/1wct4h+GDbykwfAkzIeT4CcbXDjA0O2GaWuusZBwZrcttRycY
+akxUTlXq8kQt/dK1/hcqL8EqwHrknwA0kYcFZZ4q/VhVcbZKKH974FH8hjeCo2P+
+2gpK0iumg0EpTZQnViJ1cn4me8k/4U72ek6ToVUfA9i8179gvef5V/45aBqjI2CN
+S0fDtWyqqJv20dRQ2omqXUsLOyCjBSuoWlmBkVe2clnixkbCPDojxm5ngHF0TI9/
+4h47V26LHS1wXiqmpHFXjtVKRCtE3YxVI5sAK+KWE966m3JGngeqpjJebfHCR6dB
+0FSi4kaq3t8/eRWPmY209xJzKvG0ppbKUsxOZvVnZEP8DFmDpTecS+7pehzpWvvk
+rD1ROkG4d53Rj4cGwTWF+k39fIrr7ohFlDdY3LKNdNsD
+-----END CERTIFICATE REQUEST-----

infrastructure/security/certificates/redis/ca-cert.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFyzCCA7OgAwIBAgIUPgOqNY+ZoKByQ1MfO8lkiGhOmxIwDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
+DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
+aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNTEwMTgxNDIyMTRaFw0zNTEw
+MTYxNDIyMTRaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUw
+EwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMREwDwYDVQQL
+DAhTZWN1cml0eTEUMBIGA1UEAwwLQmFrZXJ5SUEtQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDRD5O2egkYg9HNRR5SU0bLnGHjpv/RagrM7dhusaWn
+rfDF5VpTZ4s9/9sOEJ0NyjuoKXamouTwR1nw19FdH8f1eomcQ4eKw2HkxoxqR34t
+RDaAGz3bWO+raTQ4SyMK7XFMovUUiLl+GO23l1BNPfhzkcDkZ97m434f1QVo99tb
+hV4bILaoFIqf09M0E1/faB+JCR8Ykl7LoXguz3VR/BUnd0vMsTMWueD/2nVuUZO0
+0pUmTUBQ2Qd7657k/HWd/1wcEAL9dXNRbxhDNfGgc3WtQhggcpYLQafLa81tlxyc
+wDgN6PdElUlxgX/OuoZ1ylMZE7xpsMtpn1AweodVbm3Qp5A1ydybE61u1urYz1Lt
+WNZ9eOfAqewiYQHVZWMC4a4Sa+2yM6q5PX/4g+TbITh8hZJwXPK5EDig7vF14JPl
+lERNpwia3n6a0P703HPN6rkQO5kVTdiUsfibMtcUJHLyWWQARBmyeVfkICaaeYEl
+ELkswa9NVESKvQaHKSiHZFhEI0aAvcpAjm1EOhEa+hSRhOoFyUOvG+cMOfcBSmL0
+UmlD/lfanTT0zk5aqspEkXGeBw31rmZ/0AZOjV2ppRxWWekzo9Bf7g6eLTY4UCC5
+MyPtzmx9TbXrNAnXhiF6Lg5h28R42GTe5Ad6THkF9S/Khq8u0dY5SA2GUF1EbQO8
+KwIDAQABo1MwUTAdBgNVHQ4EFgQUA+6q/kc8fTQU1EDqzGRfKQpq6m0wHwYDVR0j
+BBgwFoAUA+6q/kc8fTQU1EDqzGRfKQpq6m0wDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAQuvFh2+HQFy8VTcUgalEViayt1zQGv4rISmiq3G6IeXP
+XS4gwqHkFzTwZvmohTwmOCwW/xF4KgxmFbyWNrEJJEqcbedqUWV/0BCaFmJvUddI
++ex/iD3Febu8AFI+J8lBH/CenDiSLHhgyseY8uwRnXsshX5RnDirF1uKr1J635an
+GlyFINUrnQlguEvtr0enGUlzT5rWj4y0AWUdbXi8vRsjWoQ8Ja0BxTrYYh/kO/FI
+PtqX7wsxoJMDEQ71zhwa7WLQc2dfb2rAr1uBh3qNwiVBINB+t3JFv72xqsWgurIB
+If2soRTI2nMe5gTG1Dfd+V24jfa/yIgAsMjCzmGQK20vobX4sAVnmPVbZg9SLFZi
+Midkn9O9U68MEOe3Iascld7fp5Jk+HrbJU6/s16EER/AgD3Ooj3wRgjTCS+ADD+j
+xo2O8VX2kPo03AN+iYa3nJmlMFzCrzT+8ZxSnP5FqGg2ECEbqqA0B/5naVpmdYaV
+41oFLswcFm2iqGawbsLN9x3tvICuE93HYk1j72PzXaiSLtpvamH1dRYC+HUM1L0O
+49CNMYJeL/NlyQuZJm2X0qDNSXmRML8HU9sOwWX6pPPJOzuqtgdx/+lkGAd2wZJU
+IVbmL6Qvzdbta/cSVwsLtBzG48a1b4KBc7WLHTwbrdBRTg0TkLY4kvCZe5nNl4E=
+-----END CERTIFICATE-----

infrastructure/security/certificates/redis/redis-cert.pem

@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGczCCBFugAwIBAgIUG+B0M2rxnqjGdtfo0BhevKCx0f8wDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
+DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
+aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNTEwMTgxNDIyMTRaFw0yODEw
+MTcxNDIyMTRaMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEV
+MBMGA1UEBwwMU2FuRnJhbmNpc2NvMREwDwYDVQQKDAhCYWtlcnlJQTEOMAwGA1UE
+CwwFQ2FjaGUxMjAwBgNVBAMMKXJlZGlzLXNlcnZpY2UuYmFrZXJ5LWlhLnN2Yy5j
+bHVzdGVyLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvsa2
+51GEGEnio54u1tkMxSBLd82oL/ulab1awqDBjqBdUAig2l1jRpQr5LG5XwS5h739
+Y+vyPlZVemzuTb6k3n8OrLMru/PPRG+iQg7qyTGZ+bawaf6aXEeCK8A1YnqK/N4K
+A1HRLWEsWG0JCeYjFOfqszjVLKrtRaH7zKiADFqDBBmxRqk/P2oJ6f+XWijp4NJu
+OiWhBchbjcF/fM6v0elBS/8k5pui8kEudMea1IQK5qSJYwN6Y5tMOpJrmHu1E7No
+BQegnjBo1bZRAd1h+/cq8p0Ykwja9u2gJNcs31qf81Am6+q6IW0LjLqT2yH5U5io
+KhSkAns3pqAO4VkIdn3ytckd+M0BcMq4JBnbbM/gVOWr5Ez+HDJ9k2rARo0VXPyq
+gORq2sWSctyQbWJOtLNQeUmCtuvxwDrUShAiXdha3zmz7X9bb4+VQp6zRZ3xvmpg
+qExmOsNs00LjOl0pljUfGFAGdfomIIzRZlgVCzMUlZD4pcPVsaHbnGZ/6/YmxMde
+9Lcn4kbik65fdAInxfTP2IMMdDwMFdbFis/Rl20ej7ABta3KuXodYn1y0n+XLR2L
+7abTqoqItgQmAciHNPUacgDC/lPQJOyrDZU9hCsLt2IUVJMCzSd3GrCC08wgRoe5
+6Q5Ht4E2XndWseYfqVtQ3g8ZKCiU+QMIBkxK7G8CAwEAAaOB3jCB2zALBgNVHQ8E
+BAMCBDAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMG0GA1UdEQRmMGSC
+KXJlZGlzLXNlcnZpY2UuYmFrZXJ5LWlhLnN2Yy5jbHVzdGVyLmxvY2FsghdyZWRp
+cy1zZXJ2aWNlLmJha2VyeS1pYYINcmVkaXMtc2VydmljZYIJbG9jYWxob3N0hwR/
+AAABMB0GA1UdDgQWBBSdIWUzCh/4ORfbKGbXMRvyxWLWrzAfBgNVHSMEGDAWgBQD
+7qr+Rzx9NBTUQOrMZF8pCmrqbTANBgkqhkiG9w0BAQsFAAOCAgEAhGvpPRJZjBFi
+pZ43UhUFLaHx+Q0vgs/zyyqW5jK+7efpcvtJOBmukEKLiu0Xakf+yT8VFZxGksfF
+qVr/Uoolwm5DjiG8OEOoOa2Be9joGSvb7sBsgn0a/itIFRzDQwZtbPfgi0agvBfM
+qs1B6oHzjA2GR6iLP1Wc88UtMXRpWW4VvRrVHjYsXun3fGtf1GRwfwAXQI7+9bWi
+SOChD9eI6MquCXBdBAX/Cqnxk8hubkwWcsHySFBDLqQhPs5uM8li3+MPgpLXCfaY
+X6/ZzH3NgJ3D+PIH59ZYphG3zvlFpGD4oG3Q2AolxqwMR3+P6c9If1DfMMoSgV3+
+mfvgRjN5tngB+/oBiumbM4+EF8aMRk1GOyWpf3eRfG55+OTJlLsDXOSBW+K1NCz4
+yNYTyshwxjVSPXqfateAZzC5SjFMRdrdHD10M0gl5/dXcp+x5hpQSY3M+gM2wWdI
+zo7JBOt9Q1FQDgT3jIVWQ5PtNhd9oT9Wdc0EdJizyNl3vi9m2/bJKVpHO2ymdnHY
+hPmvQYVtfsMlNvksvDLpXemG7s4vjHf12YEP8TT5DJgD46NVoe39Ka47IfaTWugN
+FWoV/PajRIx/IO/kOp4NBpeB69O+nuYUUNcCw0filA+mFgWQjqFGP+fqWNaJj+pP
+50rzPNsxp+qiw6FVoZ55ccxE27knveY=
+-----END CERTIFICATE-----

infrastructure/security/certificates/redis/redis-key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC+xrbnUYQYSeKj
+ni7W2QzFIEt3zagv+6VpvVrCoMGOoF1QCKDaXWNGlCvksblfBLmHvf1j6/I+VlV6
+bO5NvqTefw6ssyu7889Eb6JCDurJMZn5trBp/ppcR4IrwDVieor83goDUdEtYSxY
+bQkJ5iMU5+qzONUsqu1FofvMqIAMWoMEGbFGqT8/agnp/5daKOng0m46JaEFyFuN
+wX98zq/R6UFL/yTmm6LyQS50x5rUhArmpIljA3pjm0w6kmuYe7UTs2gFB6CeMGjV
+tlEB3WH79yrynRiTCNr27aAk1yzfWp/zUCbr6rohbQuMupPbIflTmKgqFKQCezem
+oA7hWQh2ffK1yR34zQFwyrgkGdtsz+BU5avkTP4cMn2TasBGjRVc/KqA5GraxZJy
+3JBtYk60s1B5SYK26/HAOtRKECJd2FrfObPtf1tvj5VCnrNFnfG+amCoTGY6w2zT
+QuM6XSmWNR8YUAZ1+iYgjNFmWBULMxSVkPilw9WxoducZn/r9ibEx170tyfiRuKT
+rl90AifF9M/Ygwx0PAwV1sWKz9GXbR6PsAG1rcq5eh1ifXLSf5ctHYvtptOqioi2
+BCYByIc09RpyAML+U9Ak7KsNlT2EKwu3YhRUkwLNJ3casILTzCBGh7npDke3gTZe
+d1ax5h+pW1DeDxkoKJT5AwgGTErsbwIDAQABAoICAAFv4m19pLQWImSUdXUy2gYb
+cdYWMNUjsnbzG92UHmvM83Gojvr2HHWp+hFVRriGLZZDLRx1PjQ6rEF+0+YMBevo
+eHDT7K6+wxSYjq1WtW1h4poJ8UGVzw3bkAnKVIdIYFxP7ogLNBCBHIy8otvLOv/A
++3icI1GcfABmnEyfXE+Q2E8jQ72XhXLHLAnyM0P/mOYTpQw/v6XD1kS2whdrldF2
+o1ec4BHzTC1CURpEwqV6f9EwSMSmgGPYW0ukUgvVAA6E7xyn67glVIoqPxP3hJxu
+8TOLUWW8zwFwgCCm6knzFySwZDVUuvreJRR191UoPVuO2SgaqF2dwKk6/WxfIlGB
+hFwdncuCU0uUyAzwUHvliDZwVPQqiPLmqXXJwZ69F530FeTs8/hTSF5Q00iAjNhe
+XQo8IB04SSvT7LBz59X8cs42HyTo4afzmhK+Nu8K/CFq8DLOZ+E1mbxXDOC3VVTp
+h1EiwukFtzJqG5QHBcM9M5YS+q3iL8av67Nv3opNm/PnXZGXzqmV4s+Qp07mIHbU
+ljaBqes4cxE6YEKdKSNJrzcODTSEOhNaBW7dMHTfk/3mpi8224CAtEIreeg/TkeA
+2KYPfO2DwxXdvIwSoj0R3BCnGU9eQ+9v/g9YU7ItrKe1B9Ee0163T8/mnqeg/Pzq
+8SCHP7bMYoX1iIfn971xAoIBAQDea6bV9nT5uRG/mE+aKwJELwdO1BA7psdHruxP
+cInGr7jkx5KmJWx/Sw8EwQf4uu8Dr61p/PP6KI6hK5mBRa9JVyWUmHShQCoH9LhO
+Nf2Lm0ENjVUfGNobG38lnhKwO6BsJKrqO76Inksxk7HmhfzziAlUmL1ytXEoK6Bn
+3pGdsQg13b9gX+z5vUpiD8r9GE5Fnzp8MkPlMhjqk/VjwUsJpinH8LcPwhC2fS9g
+ZsgXvkz1TyGaYTu9/+Ak0Lg2j1Nd4V4Jb2GAosSCEKFBrkeSU15K+f+8KHtQm1UA
+0jhLVAjTNLuSwxzPuUJDhax+y/DZQFbODmdBkQYqAXZC/JJ5AoIBAQDblApLh7sT
+r8mn7EqLDSFrT9PJ+lBxj/mtmgtAQ428A5ua0Uslbx4cbwJsrKez5evHcXgf/V8s
+Ai1m6rKraA9iLhQWJMpFAh8FoFyH+JE7Yz7AwzV6YtakXteYk5R3JX4RdYCLRxzC
+JAcnY1FCIdkG8VpVOJFEVpgZCE0dPNWDts9q4riDw5shueGwdeuwhK+pzxP6iCRk
+4GDGxsOHgPDd7/oULsboDhBBOyNoEr/i/Z5P8zssZlGm+cagM2DLmh6LN5IUi53Z
+m4GGN/54CyfNi1AER+Vk9L93s9cd82nfyD2FwAsYvFQpAQ/g5zDNgslPvXyDz8j5
+sKBdsqwgTnwnAoIBAAy1uB3n7H1Mrw/0wy+7H3EIAvHlOlw+Ror5GvXbJ3RcHEOu
+h9nIr6+CeYQ7B5qWDAx44H76/nIgGS5qkGYLtl2JhlM8dwWz5fL4cAPAIBH3ODtv
+BRs2z1fXNWfP5Z9+eMdVPRMPgO7LpN5bY0IaC/9ambXk2IaSibnS7GKjHE0XjbGO
+T15RfPg0ceiyoFXgKrDdzXjFYo3ZVAUrmU0vAXu2rBKJ1dwnqc7Tzn5CwVJiBIHM
+GM56mfBci9Fuv+gWPpxRwY7md3rjUjlge+aF7/8TloLQUGXPJmTPy4a1fJQJZEu1
+araTQbU5D+lN3TKNsuCnRY6W0h20DNcfqENhrXkCggEAWH7Qq2I3vpZxcpEj9ejD
+2Eki9VtCApLhMNtNv4e6XtUhaIMDg0HGY/VFh+EJ8dIvdYFAxbvLGKSEAd+DRNu6
+n3ostEP9lVRmhlD8GfzPI507FFtYeUvOcA6dW6vXATIGHik6Nmfhqkj07SX1AO89
+VbP+ESysN1ujDyuuUKNM9jm+XLilXs19/1i4IfNUmx7O4WRJDAbEjDd2KYbAFSOd
+cAUgx/OWTL4mRPP9sBsmZOiMXnKMHbfbHq26JKSwVT53IuqxoEAozSQETsDQeTcd
+wpRsGl2TkV2msSq0/yg0OnGsgfRFRKHaVXBNIvpqS9lzIwUeYs1ilWdfKoQxJRAc
+rwKCAQBzgVxVqa5tOFnw8QmfUYMe7DHCU4r3RS1ONwmGoXI1RLzz3I8SRGIbNpV1
+yIs4gFWWwIuXn4zLo0+YdLpOjkFh5Kak0Erkh7B5/Zm59fdGMwujA2viQGYjRrzO
+kTSCXPgrGwK9BljYfelS9qWui9vDuRhAWQZOOCCyPtxEcOvr9qf9KhOc0xEENtUj
+z/MBH786rprBEAXnOAFFJbmftLXYy9RhAau2SMDX0g9udHDMQNOBoWO7dh/5A5va
+LLkpVgvoYkcSScDaJIKsodPLcLjqXXd51XNWpC9cOZBZQS8EuN1VfGrjODY9mR8b
+jComH1P0FzyPVmLSboWmjDbs0SFe
+-----END PRIVATE KEY-----

infrastructure/security/certificates/redis/redis.csr

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE1jCCAr4CAQAwgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
+MRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMQ4wDAYD
+VQQLDAVDYWNoZTEyMDAGA1UEAwwpcmVkaXMtc2VydmljZS5iYWtlcnktaWEuc3Zj
+LmNsdXN0ZXIubG9jYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+
+xrbnUYQYSeKjni7W2QzFIEt3zagv+6VpvVrCoMGOoF1QCKDaXWNGlCvksblfBLmH
+vf1j6/I+VlV6bO5NvqTefw6ssyu7889Eb6JCDurJMZn5trBp/ppcR4IrwDVieor8
+3goDUdEtYSxYbQkJ5iMU5+qzONUsqu1FofvMqIAMWoMEGbFGqT8/agnp/5daKOng
+0m46JaEFyFuNwX98zq/R6UFL/yTmm6LyQS50x5rUhArmpIljA3pjm0w6kmuYe7UT
+s2gFB6CeMGjVtlEB3WH79yrynRiTCNr27aAk1yzfWp/zUCbr6rohbQuMupPbIflT
+mKgqFKQCezemoA7hWQh2ffK1yR34zQFwyrgkGdtsz+BU5avkTP4cMn2TasBGjRVc
+/KqA5GraxZJy3JBtYk60s1B5SYK26/HAOtRKECJd2FrfObPtf1tvj5VCnrNFnfG+
+amCoTGY6w2zTQuM6XSmWNR8YUAZ1+iYgjNFmWBULMxSVkPilw9WxoducZn/r9ibE
+x170tyfiRuKTrl90AifF9M/Ygwx0PAwV1sWKz9GXbR6PsAG1rcq5eh1ifXLSf5ct
+HYvtptOqioi2BCYByIc09RpyAML+U9Ak7KsNlT2EKwu3YhRUkwLNJ3casILTzCBG
+h7npDke3gTZed1ax5h+pW1DeDxkoKJT5AwgGTErsbwIDAQABoAAwDQYJKoZIhvcN
+AQELBQADggIBABkUVJDRfMxYDqzkZGNjytWblvZXFQK8aZDN4aR9YqYQfBwliH3d
+ZcEFqI5HVjbypeLMfF6hs/5njOJ31hhH1gK4f3qNsKH2cjf0xSzRDeSCDGF/Fx5E
+uuwdMTAm8NnsXv15AA5ceqJmQ//E8Whu9R+ar3qfOdzw75US5IMamoRRJMlFjyHZ
+BwZHzOwctYhXq+A26HGLhQoWUs7ogdlxBqJq1Bpkls9o2RwJwQ6o1Pe5ytuK99U9
+vbQ75oBinJ+vX2hUR1dn9ym0CS+7HUhZ8jcF5VKMEZXcBw/RDvAsAG9GLjTnjdDf
+LMK1Eqi91rCeWK7RYd7ABolxr5Av9iGCYCSYC6EpwcbGKJc8laJouKEnG9jkzr27
+NB3c+yHagGJplBcxXuednVibBzNSHQNYoVJlDOv7LtFQy8yYCPptXqUaz/U9oB2i
+fdGMkwPNOQV58c1SzRis2kpHVZvD6fxxFWX9BLA1rD6Pk/a7gaU64WOPdlWZqYeV
+l5JZ1Dpd+W0hYfueGIWyyq5dF85XDW/gtyz8Tb8qktxhiNNdoTJaIC17cjB3qAd2
+w6X1RhUKIEO2hpQNhpYtWUvtxeOMzSYd2JykxuvWbcdZYPL1dlhIyWa5yyDph0cH
+/99xxUWKZ5vP5vkxzsyLbtddBuFGURmgE3JasGbq3ic6X00lSmrglnMy
+-----END CERTIFICATE REQUEST-----

infrastructure/security/certificates/redis/san.cnf

@@ -0,0 +1,24 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US
+ST = California
+L = SanFrancisco
+O = BakeryIA
+OU = Cache
+CN = redis-service.bakery-ia.svc.cluster.local
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = redis-service.bakery-ia.svc.cluster.local
+DNS.2 = redis-service.bakery-ia
+DNS.3 = redis-service
+DNS.4 = localhost
+IP.1 = 127.0.0.1