apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: bakery-dev-tls-cert
  namespace: bakery-ia
spec:
  # Self-signed certificate for local development
  secretName: bakery-dev-tls-cert

  # Certificate duration
  duration: 2160h # 90 days
  renewBefore: 360h # 15 days

  # Subject configuration
  subject:
    organizations:
      - Bakery IA Development

  # Common name
  commonName: localhost

  # DNS names this certificate is valid for
  dnsNames:
    - localhost
    - bakery-ia.local
    - api.bakery-ia.local
    - "*.bakery-ia.local"

  # IP addresses (for localhost)
  ipAddresses:
    - 127.0.0.1
    - ::1

  # Use self-signed issuer for development
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io

  # Private key configuration
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048

  # Usages
  usages:
    - server auth
    - client auth
    - digital signature
    - key encipherment