Add optional fleet.tls.secretName to helm chart (#8921)

2026-05-23 17:08:53 +00:00 · 2022-12-14 12:17:44 -06:00 · 2022-12-14 12:17:44 -06:00 · 4c084da762
commit 4c084da762
parent 612c86531b
2 changed files with 9 additions and 1 deletions
--- a/charts/fleet/templates/deployment.yaml
+++ b/charts/fleet/templates/deployment.yaml
@ -336,7 +336,11 @@ spec:
        {{- if .Values.fleet.tls.enabled }}
        - name: fleet-tls
          secret:
+            {{- if .Values.fleet.tls.uniqueTLSSecret }}
+            secretName: "{{ .Values.fleet.tls.secretName }}"
+            {{- else }}
            secretName: "{{ .Values.fleet.secretName }}"
+            {{- end }}
        {{- end }}
        {{- if .Values.mysql.tls.enabled }}
        - name: mysql-tls
--- a/charts/fleet/values.yaml
+++ b/charts/fleet/values.yaml
@ -55,12 +55,16 @@ ingress:
 # All of the settings relating to configuring the Fleet server
 fleet:
  listenPort: 8080
-  # Name of the Secret resource storing TLS and S3 bucket secrets
+  # Name of the Secret resource storing S3 bucket and optionally TLS secrets
  secretName: fleet
  # Whether or not to run `fleet db prepare` to run SQL migrations before starting Fleet
  autoApplySQLMigrations: true
  tls:
    enabled: true
+    # Set to true if you need a separate secret for just TLS data.
+    # Useful with cert-manager and similar deployments.
+    uniqueTLSSecret: false
+    secretName: fleet-tls
    compatibility: modern
    certSecretKey: server.cert
    keySecretKey: server.key