diff --git a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
index d9cc4973a..6d2b9cb22 100644
--- a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
@@ -56,9 +56,11 @@ spec:
           - mountPath: /etc/hubble-relay
             name: config
             readOnly: true
+          {% if cilium_hubble_tls_generate -%}
           - mountPath: /var/lib/hubble-relay/tls
             name: tls
             readOnly: true
+          {% endif %}
       restartPolicy: Always
       serviceAccount: hubble-relay
       serviceAccountName: hubble-relay
@@ -74,6 +76,7 @@ spec:
           path: /var/run/cilium
           type: Directory
         name: hubble-sock-dir
+      {% if cilium_hubble_tls_generate -%}
       - projected:
           sources:
           - secret:
@@ -93,6 +96,7 @@ spec:
                 - key: tls.key
                   path: server.key
         name: tls
+      {% endif %}
 ---
 # Source: cilium/templates/hubble-ui/deployment.yaml
 kind: Deployment