# Create a root CA certificate for local development
# NOTE: This certificate must be ready before the local-ca-issuer can be used
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: local-ca-cert
  namespace: cert-manager  # This ensures the secret is created in the cert-manager namespace
spec:
  isCA: true
  commonName: bakery-ia-local-ca
  subject:
    organizationalUnits:
      - "Bakery IA Local CA"
    organizations:
      - "Bakery IA"
    countries:
      - "US"
  secretName: local-ca-key-pair
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io
  duration: 8760h # 1 year
  renewBefore: 720h # 30 days