diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
index 3430f17..501fe2a 100644
--- a/helm/templates/_helpers.tpl
+++ b/helm/templates/_helpers.tpl
@@ -60,3 +60,35 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Return true if a TLS secret should be created
+*/}}
+{{- define "exam.createTlsSecret" -}}
+{{- if and .Values.tls.enabled (not .Values.tls.certificatesSecret) -}}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get namespace
+*/}}
+{{- define "exam.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Search already generated TLS secret
+*/}}
+{{- define "exam.lookup" -}}
+{{- $value := "" -}}
+{{- $secretData := (lookup "v1" "Secret" (include "exam.namespace" .context) .secret).data -}}
+{{- if and $secretData (hasKey $secretData .key) -}}
+  {{- $value = index $secretData .key -}}
+{{- else if .defaultValue -}}
+  {{- $value = .defaultValue | toString | b64enc -}}
+{{- end -}}
+{{- if $value -}}
+{{- printf "%s" $value -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml
index 0e0841e..cfe3064 100644
--- a/helm/templates/ingress.yaml
+++ b/helm/templates/ingress.yaml
@@ -24,7 +24,7 @@ spec:
   {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
   ingressClassName: {{ .Values.ingress.className }}
   {{- end }}
-  {{- if .Values.ingress.tls }}
+  {{- if and (include "exam.createTlsSecret" . ) .Values.ingress.tls }}
   tls:
     {{- range .Values.ingress.tls }}
     - hosts:
diff --git a/helm/templates/secrets.yaml b/helm/templates/secrets.yaml
index bc4cf6e..228e2ba 100644
--- a/helm/templates/secrets.yaml
+++ b/helm/templates/secrets.yaml
@@ -9,4 +9,25 @@ data:
     | b64enc | quote }}
   username: {{ required "secrets.username is required" .Values.secrets.username
     | b64enc | quote }}
-type: Opaque
\ No newline at end of file
+type: Opaque
+---
+{{- if (include "exam.createTlsSecret" . ) }}
+{{- $secretName := printf "%s-crt" (include "exam.fullname" .) }}
+{{- $ca := genCA "ingress-ca" 365 }}
+{{- $fullname := "kube-exam.local" }}
+{{- $cert := genSignedCert $fullname nil nil 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  labels:
+  {{- include "exam.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": "pre-install"
+    "helm.sh/hook-delete-policy": "before-hook-creation"
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "exam.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+  tls.key: {{ include "exam.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+  ca.crt: {{ include "exam.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+{{- end }}
\ No newline at end of file
diff --git a/helm/templates/volume.yaml b/helm/templates/volume.yaml
index 072bf40..47c28c7 100644
--- a/helm/templates/volume.yaml
+++ b/helm/templates/volume.yaml
@@ -9,12 +9,20 @@ spec:
   accessModes:
   - ReadWriteOnce
   capacity:
-    storage: 1Gi
-  hostPath:
-    path: /tmp/minikube/postgres
+    storage: {{ .Values.pvc.request | quote }}
+  local:
+    path: /var/lib/minikube
   persistentVolumeReclaimPolicy: Retain
-  storageClassName: manual
+  storageClassName: local-storage
   volumeMode: Filesystem
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - minikube
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -29,4 +37,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.pvc.request | quote }}
-  storageClassName: {{ .Values.pvc.class | quote }}
\ No newline at end of file
+  storageClassName: local-storage
\ No newline at end of file
diff --git a/helm/values.yaml b/helm/values.yaml
index 133cf24..8b74097 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -5,12 +5,15 @@ serviceAccount:
   annotations: {}
   name: ""
 
+tls:
+  enabled: true
+
 ingress:
-  ssl: false
+  ssl: true
   className: ""
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /$2
-    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/use-regex: "true"
   hosts:
     - host: kube-exam.local
@@ -23,10 +26,10 @@ ingress:
           pathType: ImplementationSpecific
           name: "api"
           port: 5000
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+  tls:
+   - secretName: exam-crt
+     hosts:
+       - kube-exam.local
 
 resources: {}
 
@@ -62,7 +65,7 @@ secrets:
   username: "password1234"
 
 pvc:
-  class: manual
+  class: local-storage
   request: 1Gi
 
 deployments:
@@ -98,6 +101,9 @@ deployments:
       nonsecrets:
         pgdata: /var/lib/postgresql/data/pgdata
         postgresDb: db
+      secrets:
+        postgres-password: password
+        postgres-user: username
     image:
       repository: db
       tag: 13.3