diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1a6f621fd221c6b2ab74f1d4492ef2044af38640..d32c3284e93823a43441e14c58333135ff08ef5f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ---
 
+## [0.1.6-bb.4] - 2021-06-07
+### Added
+- Ability to pass volumes / volumeMounts to MM pods
+
 ## [0.1.6-bb.3] - 2021-06-04
 ### Added
 - Add IPS with new operator
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 29f2702bc0a1651c2588a8c6836cd3b657497abc..0a2698c3d28f26ae25a78ae16ecc0bcc06c94e0b 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: mattermost
 type: application
-version: "0.1.6-bb.3"
+version: "0.1.6-bb.4"
 appVersion: "5.34.2"
 description: "Deployment of mattermost"
 keywords:
diff --git a/chart/templates/mattermost.yaml b/chart/templates/mattermost.yaml
index ee5f8d8efcdda3b3d65391a798a18e6760c62322..f7d6e6829c56e2572c9f3b62eea5c5ff71190a48 100644
--- a/chart/templates/mattermost.yaml
+++ b/chart/templates/mattermost.yaml
@@ -153,6 +153,16 @@ spec:
       {{ toYaml .Values.nodeSelector | nindent 6 }}
     {{- end }}  
 
+  {{- with .Values.volumes }}
+  volumes:
+  {{- toYaml . | nindent 4}}
+  {{- end }}
+
+  {{- with .Values.volumeMounts }}
+  volumeMounts:
+  {{- toYaml . | nindent 4}}
+  {{- end }}
+
   database:
     external:
       secret: {{ .Values.database.secret | default (printf "%s-dbcreds" (include "mattermost.fullname" .)) }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 50e56c76f57ed9dd83fcd49b562b574454a23454..3c5b37c4ff727110f91cd313b07bd112ed21e4c3 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -101,6 +101,17 @@ existingSecretEnvs: {}
   #       key: DB_CONNECTION_CHECK_URL
   #       name: "mysecretname"
 
+volumes: {}
+  # - name: ca-cert
+  #   secret:
+  #     secretName: ca-secret
+  #     defaultMode: 0644
+
+volumeMounts: {}
+  # - name: ca-cert
+  #   mountPath: /etc/ssl/certs
+  #   readOnly: true
+
 minio:
   install: false
 
diff --git a/docs/keycloak.md b/docs/keycloak.md
index d6a5e1d5331e82c7c6cdc39eff0c76da2630f5e8..36431b3c704804ae5acb2a2508116fb5f51fc814 100644
--- a/docs/keycloak.md
+++ b/docs/keycloak.md
@@ -77,3 +77,27 @@ helm upgrade -i mattermost chart -n mattermost --create-namespace -f my-values.y
 Role based authentication can be configured as long as you are on an enterprise version.
 
 Follow the steps in [this tutorial](https://docs.mattermost.com/deployment/advanced-permissions.html) to customize the permissions given to users. In general permissions can be edited under the "System Console -> User Management -> Permissions". Users should be created by default under the "Member" group, except for the first user to sign up or login.
+
+## OIDC Custom CA
+
+Mattermost can be configured to point to specific files to trust with an OIDC auth connection, here is an example when using Big Bang to deploy mattermost, assuming you are populating a secret named "ca-cert" in the same namespace, with a key of cert.pem and value of a single PEM encoded certificate (an easy way to make this secret is included below as well):
+
+```yaml
+addons:
+  mattermost:
+    values:
+      volumes:
+        - name: ca-cert
+          secret:
+            secretName: ca-secret
+            defaultMode: 0644
+      volumeMounts:
+        - name: ca-cert
+          mountPath: /etc/ssl/certs
+          readOnly: true
+```
+
+For secret creation with this example and a pem file at `/path/to/cert.pem`:
+```bash
+kubectl create secret generic ca-secret --from-file=cert.pem=/path/to/cert.pem -n mattermost
+```