From 07a7806c292db96d971a24ad45fcdfecdac0397a Mon Sep 17 00:00:00 2001
From: Daniel <103500748+danielnginx@users.noreply.github.com>
Date: Mon, 10 Jul 2023 11:42:37 +0100
Subject: [PATCH 1/2] Clarify language about default TLS certificate

Update the the helm chart comments and helm chart installation documentation.
---
 deployments/helm-chart/values.yaml                  | 2 +-
 docs/content/installation/installation-with-helm.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml
index 32ace3bf9a..3347af0a96 100644
--- a/deployments/helm-chart/values.yaml
+++ b/deployments/helm-chart/values.yaml
@@ -82,7 +82,7 @@ controller:
 
   ## It is recommended to use your own TLS certificates and keys
   defaultTLS:
-    ## The base64-encoded TLS certificate for the default HTTPS server. By default, a pre-generated self-signed certificate is used.
+    ## The base64-encoded TLS certificate for the default HTTPS server.
     ## Note: It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
     cert: ""
 
diff --git a/docs/content/installation/installation-with-helm.md b/docs/content/installation/installation-with-helm.md
index d2b5cf2565..b185fbd234 100644
--- a/docs/content/installation/installation-with-helm.md
+++ b/docs/content/installation/installation-with-helm.md
@@ -200,7 +200,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 |`controller.config.annotations` | The annotations of the Ingress Controller configmap. | {} |
 |`controller.config.entries` | The entries of the ConfigMap for customizing NGINX configuration. See [ConfigMap resource docs](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) for the list of supported ConfigMap keys. | {} |
 |`controller.customPorts` | A list of custom ports to expose on the NGINX Ingress Controller pod. Follows the conventional Kubernetes yaml syntax for container ports. | [] |
-|`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server. **Note:** By default, a pre-generated self-signed certificate is used. It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | A pre-generated self-signed certificate. |
+|`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server. **Note:** It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. |
 |`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** By default, a pre-generated key is used. It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | A pre-generated key. |
 |`controller.defaultTLS.secret` | The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `<namespace>/<name>`. Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. **Note:** Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | None |
 |`controller.wildcardTLS.cert` | The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None |

From a663725669e7fe4fd627a312c3075870d95d2e75 Mon Sep 17 00:00:00 2001
From: Daniel <103500748+danielnginx@users.noreply.github.com>
Date: Mon, 10 Jul 2023 13:17:05 +0100
Subject: [PATCH 2/2] Update to the defaultTLS.key documentation

---
 deployments/helm-chart/values.yaml                  | 2 +-
 docs/content/installation/installation-with-helm.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml
index 3347af0a96..0b09946c63 100644
--- a/deployments/helm-chart/values.yaml
+++ b/deployments/helm-chart/values.yaml
@@ -86,7 +86,7 @@ controller:
     ## Note: It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
     cert: ""
 
-    ## The base64-encoded TLS key for the default HTTPS server. By default, a pre-generated key is used.
+    ## The base64-encoded TLS key for the default HTTPS server.
     ## Note: It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
     key: ""
 
diff --git a/docs/content/installation/installation-with-helm.md b/docs/content/installation/installation-with-helm.md
index b185fbd234..812bd0a11d 100644
--- a/docs/content/installation/installation-with-helm.md
+++ b/docs/content/installation/installation-with-helm.md
@@ -201,7 +201,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 |`controller.config.entries` | The entries of the ConfigMap for customizing NGINX configuration. See [ConfigMap resource docs](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) for the list of supported ConfigMap keys. | {} |
 |`controller.customPorts` | A list of custom ports to expose on the NGINX Ingress Controller pod. Follows the conventional Kubernetes yaml syntax for container ports. | [] |
 |`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server. **Note:** It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. |
-|`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** By default, a pre-generated key is used. It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | A pre-generated key. |
+|`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. |
 |`controller.defaultTLS.secret` | The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `<namespace>/<name>`. Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. **Note:** Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | None |
 |`controller.wildcardTLS.cert` | The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None |
 |`controller.wildcardTLS.key` | The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None |