diff --git a/deployment/ironic/ironic-api-container-puppet.yaml b/deployment/ironic/ironic-api-container-puppet.yaml
index 4db783dc86..be649c89a0 100644
--- a/deployment/ironic/ironic-api-container-puppet.yaml
+++ b/deployment/ironic/ironic-api-container-puppet.yaml
@@ -63,6 +63,7 @@ parameters:
     default: false
 
 conditions:
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
   cors_allowed_origin_unset: {equals : [{get_param: IronicCorsAllowedOrigin}, '']}
 
 resources:
@@ -228,6 +229,7 @@ outputs:
                   - /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro
                   - /var/log/containers/ironic:/var/log/ironic:z
                   - /var/log/containers/httpd/ironic-api:/var/log/httpd:z
+                  - /var/lib/config-data/ironic_api/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
             command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
         step_4:
           ironic_api:
@@ -246,6 +248,16 @@ outputs:
                   - /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro
                   - /var/log/containers/ironic:/var/log/ironic:z
                   - /var/log/containers/httpd/ironic-api:/var/log/httpd:z
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       host_prep_tasks: