From 43dd2bee9e6f229d20a23c79d3af74b736c03a1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= <thorsten.rossner.extern@zendis.de>
Date: Mon, 29 Sep 2025 11:30:53 +0200
Subject: [PATCH] fix(opendesk-certificates): Template `caCertificate` options

---
 .../apps/opendesk-services/values-certificates.yaml.gotmpl    | 3 +++
 helmfile/environments/default/certificate.yaml.gotmpl         | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/helmfile/apps/opendesk-services/values-certificates.yaml.gotmpl b/helmfile/apps/opendesk-services/values-certificates.yaml.gotmpl
index 6845d24d..f24444f7 100644
--- a/helmfile/apps/opendesk-services/values-certificates.yaml.gotmpl
+++ b/helmfile/apps/opendesk-services/values-certificates.yaml.gotmpl
@@ -66,6 +66,9 @@ cleanup:
 
 selfSigned:
   enabled: {{ .Values.certificate.selfSigned }}
+  caCertificate:
+    create: {{ .Values.certificate.caCertificate.create }}
+    secretName: {{ .Values.certificate.caCertificate.secretName | quote }}
   keystores:
     jks:
       enabled: true
diff --git a/helmfile/environments/default/certificate.yaml.gotmpl b/helmfile/environments/default/certificate.yaml.gotmpl
index 749dbfe0..f412cd46 100644
--- a/helmfile/environments/default/certificate.yaml.gotmpl
+++ b/helmfile/environments/default/certificate.yaml.gotmpl
@@ -9,5 +9,9 @@ certificate:
   # When using `wildcard: true` please ensure you configure the cert-manager accordingly, e.g. using DNS
   # validation (`DNS-01`) in case of letsencrypt.
   wildcard: false
+  # See also `opendesk/docs/enhanced-configuration/self-signed-certificates.md`
   selfSigned: false
+  caCertificate:
+    create: true
+    secretName: ""
 ...