From 32e5f63d54e5bf68b72433f2d1c3bd1892a1f267 Mon Sep 17 00:00:00 2001
From: Sergii Leshchenko <sleshche@redhat.com>
Date: Fri, 26 Jul 2019 07:53:29 +0300
Subject: [PATCH] Improve configuring of self-signed certificate

Signed-off-by: Sergii Leshchenko <sleshche@redhat.com>
---
 deploy/kubernetes/helm/che/templates/deployment.yaml | 10 +++++++---
 deploy/kubernetes/helm/che/values.yaml               |  7 ++-----
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/deploy/kubernetes/helm/che/templates/deployment.yaml b/deploy/kubernetes/helm/che/templates/deployment.yaml
index 4be4c16fb7c..aefd744f401 100644
--- a/deploy/kubernetes/helm/che/templates/deployment.yaml
+++ b/deploy/kubernetes/helm/che/templates/deployment.yaml
@@ -72,17 +72,21 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
+        {{- if .Values.global.tls.enabled }}
+
+        # If self-signed-cert is used then configure Che Server with certificate content
+        # to propagate it to trust store
         {{- if .Values.global.tls.useSelfSignedCerts }}
         - name: CHE_SELF__SIGNED__CERT
           valueFrom:
             secretKeyRef:
-              key: ca.crt
-              name: self-signed-certificate
+              key: tls.crt
+              name: {{ .Values.global.tls.secretName  }}
               optional: false
         {{- end }}
+
         # If workspaces are created in different namespace than Che Server's one
         # then configure Che Server to propagate TLS secret to workspaces' namespaces
-        {{- if .Values.global.tls.enabled }}
         {{- if ne .Release.Namespace .Values.global.cheWorkspacesNamespace }}
         - name: "CHE_INFRA_KUBERNETES_TLS__CERT"
           valueFrom:
diff --git a/deploy/kubernetes/helm/che/values.yaml b/deploy/kubernetes/helm/che/values.yaml
index e9ae3107705..9cc5c0d909f 100644
--- a/deploy/kubernetes/helm/che/values.yaml
+++ b/deploy/kubernetes/helm/che/values.yaml
@@ -45,12 +45,9 @@ global:
     ## it MUST be pre-created in the configured Che namespace
     secretName: che-tls
 
+    ## If self-signed certificate is enabled
+    ## then certificate from `tls.secretName` will be propagated to Che components' trust stores
     useSelfSignedCerts: false
-    ## Name of a secret that contains `ca.crt` entry with public key
-    ## that will be used for checking server certificate
-    ## Note the helm chart does now create this secret and
-    ## it MUST be pre-created in the configured Che namespace
-    selfSingedCertSecretName: self-signed-cert
 
   gitHubClientID: ""
   gitHubClientSecret: ""