diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index 0b87b2b7..7b55f4be 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -21,7 +21,7 @@ jobs:
           python-version: '3.10'
 
       - name: Install dependencies
-        run: pip install --no-color tosca-parser yamllint
+        run: pip install --no-color git+https://github.com/micafer/tosca-parser@im yamllint
 
       - name: Check Yamllint in templates
         run: |
diff --git a/custom_types.yaml b/custom_types.yaml
index d5a75290..728f96a9 100644
--- a/custom_types.yaml
+++ b/custom_types.yaml
@@ -753,6 +753,12 @@ node_types:
         required: no
         type: string
         default: "jhondoe@server.com"
+      tls_certificates:
+        required: no
+        type: map
+        entry_schema:
+          type: tosca.datatypes.grycap.TLSCertificate
+        default: {}
       public_dns_name:
         required: no
         type: string
@@ -840,6 +846,7 @@ node_types:
             kube_nvidia_support:  { get_property: [ SELF, nvidia_support ] }
             kube_cert_manager:  { get_property: [ SELF, cert_manager ] }
             kube_cert_user_email:  { get_property: [ SELF, cert_user_email ] }
+            kube_tls_certificates: { get_property: [ SELF, tls_certificates ] }
             kube_public_dns_name:  { get_property: [ SELF, public_dns_name ] }
             kube_public_additional_dns_names:  { get_property: [ SELF, public_additional_dns_names ] }
             kube_cert_manager_challenge: { get_property: [ SELF, cert_manager_challenge ] }
diff --git a/templates/kubernetes.yaml b/templates/kubernetes.yaml
index 0bd5e6e5..852eff6c 100644
--- a/templates/kubernetes.yaml
+++ b/templates/kubernetes.yaml
@@ -1,13 +1,13 @@
 tosca_definitions_version: tosca_simple_yaml_1_0
 
 imports:
-  - grycap_custom_types: https://raw.githubusercontent.com/grycap/tosca/main/custom_types.yaml
+  - grycap_custom_types: https://raw.githubusercontent.com/grycap/tosca/k8s_tls/custom_types.yaml
 
 description: Deploy a Kubernetes Virtual Cluster.
 
 metadata:
   template_name: Kubernetes
-  template_version: "1.3.0"
+  template_version: "1.4.0"
   display_name: Deploy a Kubernetes Virtual Cluster
   icon: images/kubernetes.png
   order: 3
@@ -211,6 +211,13 @@ topology_template:
       constraints:
         - valid_values: [ false, true ]
 
+    kube_gen_tls_certificates:
+      type: boolean
+      description: Flag to generate self-signed TLS certificates for the cluster
+      default: false
+      constraints:
+        - valid_values: [ false, true ]
+
   node_templates:
 
     lrms_front_end:
@@ -236,6 +243,7 @@ topology_template:
         nvidia_support: { get_input: fe_kube_nvidia_support }
         cert_manager: { get_input: kube_cert_manager }
         cert_user_email: { get_input: kube_cert_user_email }
+        tls_certificates: { get_attribute: [ HOST, endpoint, tls_certificates ] }
         public_dns_name: { get_input: kube_public_dns_name}
         cri_runtime: { get_input: kube_cri_runtime }
         csi_driver: { get_input: kube_csi_driver }
@@ -251,6 +259,7 @@ topology_template:
         endpoint:
           properties:
             dns_name: kubeserver
+            tls: { get_input: kube_gen_tls_certificates }
             additional_dns_names:
               - { get_input: kube_public_dns_name}
             network_name: PUBLIC