From 28c1f3a9c5934e0429a731b82dbca00b2f2e39c4 Mon Sep 17 00:00:00 2001
From: Mykola Morhun <mmorhun@redhat.com>
Date: Tue, 16 Jun 2020 12:05:46 +0300
Subject: [PATCH] Backport: Read self-signed certiicate from dedicated secret
 (to be consistent with operator installer) (#17161)

Backport: Read self-signed certiicate from dedicated secret (to be consistent with operator installer)
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
---
 deploy/kubernetes/helm/che/templates/deployment.yaml | 2 +-
 deploy/kubernetes/helm/che/values.yaml               | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/deploy/kubernetes/helm/che/templates/deployment.yaml b/deploy/kubernetes/helm/che/templates/deployment.yaml
index c5d89b99c16..17ca983f096 100644
--- a/deploy/kubernetes/helm/che/templates/deployment.yaml
+++ b/deploy/kubernetes/helm/che/templates/deployment.yaml
@@ -100,7 +100,7 @@ spec:
           valueFrom:
             secretKeyRef:
               key: ca.crt
-              name: {{ .Values.global.tls.secretName }}
+              name: {{ .Values.global.tls.selfSignedCertSecretName }}
               optional: false
         {{- end }}
 
diff --git a/deploy/kubernetes/helm/che/values.yaml b/deploy/kubernetes/helm/che/values.yaml
index 4eefae4cc24..0b59b4daa46 100644
--- a/deploy/kubernetes/helm/che/values.yaml
+++ b/deploy/kubernetes/helm/che/values.yaml
@@ -46,8 +46,9 @@ global:
     secretName: che-tls
 
     ## If self-signed certificate flag is enabled
-    ## then CA certificate from `tls.secretName` will be propagated to Che components' trust stores
-    useSelfSignedCerts: false
+    ## then CA certificate from `tls.selfSignedCertSecretName` will be propagated to Che components' trust stores
+    useSelfSignedCerts: true
+    selfSignedCertSecretName: self-signed-certificate
 
     ## Name of the config-map with public certificates to add to Java trust store of the Che server.
     serverTrustStoreConfigMapName: ""