From 4c084da76240e7c5d846103ddc7649fe8d023e00 Mon Sep 17 00:00:00 2001
From: Robert Fairburn <8029478+rfairburn@users.noreply.github.com>
Date: Wed, 14 Dec 2022 12:17:44 -0600
Subject: [PATCH] Add optional fleet.tls.secretName to helm chart (#8921)

---
 charts/fleet/templates/deployment.yaml | 4 ++++
 charts/fleet/values.yaml               | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/charts/fleet/templates/deployment.yaml b/charts/fleet/templates/deployment.yaml
index 7f658cce7c..add029fd95 100644
--- a/charts/fleet/templates/deployment.yaml
+++ b/charts/fleet/templates/deployment.yaml
@@ -336,7 +336,11 @@ spec:
         {{- if .Values.fleet.tls.enabled }}
         - name: fleet-tls
           secret:
+            {{- if .Values.fleet.tls.uniqueTLSSecret }}
+            secretName: "{{ .Values.fleet.tls.secretName }}"
+            {{- else }}
             secretName: "{{ .Values.fleet.secretName }}"
+            {{- end }}
         {{- end }}
         {{- if .Values.mysql.tls.enabled }}
         - name: mysql-tls
diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml
index e4578307d8..f815bc704f 100644
--- a/charts/fleet/values.yaml
+++ b/charts/fleet/values.yaml
@@ -55,12 +55,16 @@ ingress:
 # All of the settings relating to configuring the Fleet server
 fleet:
   listenPort: 8080
-  # Name of the Secret resource storing TLS and S3 bucket secrets
+  # Name of the Secret resource storing S3 bucket and optionally TLS secrets
   secretName: fleet
   # Whether or not to run `fleet db prepare` to run SQL migrations before starting Fleet
   autoApplySQLMigrations: true
   tls:
     enabled: true
+    # Set to true if you need a separate secret for just TLS data.
+    # Useful with cert-manager and similar deployments.
+    uniqueTLSSecret: false
+    secretName: fleet-tls
     compatibility: modern
     certSecretKey: server.cert
     keySecretKey: server.key