{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) -}}
{{- $cn := printf "%s.%s.svc.cluster.local" ( include "mongodb.fullname" . ) .Release.Namespace }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ template "mongodb.caSecretName" . }}
  namespace: {{ template "mongodb.namespace" . }}
  annotations:
    "helm.sh/hook": "pre-install"
  labels:
   {{- include "common.labels.standard" . | nindent 4 }}
    app.kubernetes.io/component: mongodb
type: Opaque
data:
  {{ if and .Values.tls.caCert .Values.tls.caKey }}
  {{- $ca := buildCustomCert .Values.tls.caCert .Values.tls.caKey -}}
  {{- $cert := genSignedCert $cn nil nil 3650 $ca -}}
  {{- $pem := printf "%s%s" $cert.Cert $cert.Key -}}
  mongodb-ca-cert: {{ b64enc $ca.Cert }}
  mongodb-ca-key: {{ b64enc $ca.Key }}
  client-pem: {{ b64enc $pem }}
  {{- else -}}
  {{- $ca:= genCA "myMongo-ca" 3650 -}}
  {{- $cert := genSignedCert $cn nil nil 3650 $ca -}}
  {{- $pem := printf "%s%s" $cert.Cert $cert.Key -}}
  mongodb-ca-cert: {{ b64enc $ca.Cert }}
  mongodb-ca-key: {{ b64enc $ca.Key }}
  client-pem: {{ b64enc $pem }}
  {{- end -}}
{{- end -}}