From cfe9b1c3aa04c0f2e5a18eb9391b9c044a03cb2b Mon Sep 17 00:00:00 2001
From: Tomasz Pietrek <tomasz@nats.io>
Date: Tue, 2 Jul 2024 11:24:57 +0200
Subject: [PATCH] Add tlsFirst support to NACK

Signed-off-by: Tomasz Pietrek <tomasz@nats.io>
---
 helm/charts/nack/templates/deployment-jetstream-controller.yml | 3 +++
 helm/charts/nack/values.yaml                                   | 1 +
 2 files changed, 4 insertions(+)

diff --git a/helm/charts/nack/templates/deployment-jetstream-controller.yml b/helm/charts/nack/templates/deployment-jetstream-controller.yml
index 08a12029..666ed43d 100644
--- a/helm/charts/nack/templates/deployment-jetstream-controller.yml
+++ b/helm/charts/nack/templates/deployment-jetstream-controller.yml
@@ -113,6 +113,9 @@ spec:
           {{- if and .Values.jetstream.tls.enabled .Values.jetstream.tls.settings.client_ca }}
           - --tlsca={{ .Values.jetstream.tls.settings.client_ca }}
           {{- end }}
+          {{- if .Values.jetstream.tls.tlsFirst }}
+          - --tlsfirst={{ .Values.jetstream.tls.tlsFirst }}
+          {{- end }}
           {{- with .Values.jetstream.additionalArgs }}
           {{- toYaml . | nindent 10 }}
           {{- end }}
diff --git a/helm/charts/nack/values.yaml b/helm/charts/nack/values.yaml
index 29a966c1..c9050b23 100644
--- a/helm/charts/nack/values.yaml
+++ b/helm/charts/nack/values.yaml
@@ -35,6 +35,7 @@ jetstream:
   # Enabled must be true, and a secret name specified for this to work
   tls:
     enabled: false
+    tlsFirst: false
     # the secret containing the client ca.crt, tls.crt, and tls.key for NATS
     secretName:
     # Reference