diff --git a/charts/pulsar/templates/_certs.tpl b/charts/pulsar/templates/_certs.tpl
index 72e3a717..80efaf7a 100644
--- a/charts/pulsar/templates/_certs.tpl
+++ b/charts/pulsar/templates/_certs.tpl
@@ -107,6 +107,10 @@ spec:
     {{- end }}
     - {{ printf "*.%s-%s.%s.svc.%s" (include "pulsar.fullname" .root) .componentConfig.component (include "pulsar.namespace" .root) .root.Values.clusterDomain | quote }}
     - {{ printf "%s-%s" (include "pulsar.fullname" .root) .componentConfig.component | quote }}
+{{- if .tlsConfig.ipAddresses }}
+  ipAddresses:
+{{ toYaml .tlsConfig.ipAddresses | indent 4 }}
+{{- end }}
   # Issuer references are always required.
   issuerRef:
     name: "{{ template "pulsar.certs.issuers.ca.name" .root }}"
diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml
index 8a7e3dd9..40c30a98 100755
--- a/charts/pulsar/values.yaml
+++ b/charts/pulsar/values.yaml
@@ -251,6 +251,10 @@ tls:
     # The dnsNames field specifies a list of Subject Alternative Names to be associated with the certificate.
     dnsNames:
     # - example.com
+    # The ipAddresses fields specifies a list of IP addresses to include as SANs in the certificate.
+    # Useful for internal cluster communication or when DNS names are unavailable.
+    ipAddresses:
+    # - 10.84.12.9
     cacerts:
       enabled: false
       certs:
@@ -265,6 +269,10 @@ tls:
     # The dnsNames field specifies a list of Subject Alternative Names to be associated with the certificate.
     dnsNames:
     # - example.com
+    # The ipAddresses fields specifies a list of IP addresses to include as SANs in the certificate.
+    # Useful for internal cluster communication or when DNS names are unavailable.
+    ipAddresses:
+    # - 10.84.12.11
     cacerts:
       enabled: false
       certs: