Imporve the infra

infrastructure/kubernetes/overlays/dev/cluster-issuer-staging.yaml

@@ -0,0 +1,29 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL (Let's Encrypt staging)
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: admin@bakery-ia.local  # Change this to your email
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+          podTemplate:
+            spec:
+              nodeSelector:
+                "kubernetes.io/os": linux

infrastructure/kubernetes/overlays/dev/kustomization.yaml

@@ -14,7 +14,7 @@ resources:
   - dev-ingress.yaml
   # Dev-Prod Parity: Enable HTTPS with self-signed certificates
   - dev-certificate.yaml
-  - ../../base/components/cert-manager/cluster-issuer-staging.yaml
+  - cluster-issuer-staging.yaml
 
 # Exclude nominatim from dev to save resources
 # Using scale to 0 for StatefulSet to prevent pod creation