Add new infra architecture 6

infrastructure/platform/mail/mailu-helm/configs/mailu-certificates-secret.yaml

@@ -0,0 +1,26 @@
+# Self-signed TLS certificate secret for Mailu Front
+# This is required by the Mailu Helm chart even when TLS is disabled (tls.flavor: notls)
+# The Front pod mounts this secret for internal certificate handling
+#
+# For production, replace with proper certificates from cert-manager or Let's Encrypt
+# This script generates a self-signed certificate valid for 365 days
+#
+# To regenerate manually:
+#   openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+#     -keyout tls.key -out tls.crt \
+#     -subj "/CN=mail.bakery-ia.local/O=bakery-ia"
+#   kubectl create secret tls mailu-certificates \
+#     --cert=tls.crt --key=tls.key -n bakery-ia
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mailu-certificates
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: mailu
+    app.kubernetes.io/component: certificates
+type: kubernetes.io/tls
+data:
+  # Placeholder - will be generated dynamically by the setup script
+  tls.crt: ""
+  tls.key: ""