diff --git a/chart/permissions-api/templates/_helpers.tpl b/chart/permissions-api/templates/_helpers.tpl
index 9c36ff6e..0b8d583e 100644
--- a/chart/permissions-api/templates/_helpers.tpl
+++ b/chart/permissions-api/templates/_helpers.tpl
@@ -5,16 +5,16 @@
 {{- end }}
 
 {{- define "permapi.volumes" }}
-{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policySecretName }}
+{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName }}
 {{- with .Values.config.spicedb.caSecretName }}
 - name: spicedb-ca
   secret:
     secretName: {{ . }}
 {{- end }}
-{{- with .Values.config.spicedb.policySecretName }}
+{{- with .Values.config.spicedb.policyConfigMapName }}
 - name: policy-file
-  secret:
-    secretName: {{ . }}
+  configMap:
+    name: {{ . }}
 {{- end }}
 {{- else -}}
 []
@@ -22,14 +22,14 @@
 {{- end }}
 
 {{- define "permapi.volumeMounts" }}
-{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policySecretName }}
+{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName }}
 {{- if .Values.config.spicedb.caSecretName }}
 - name: spicedb-ca
   mountPath: /etc/ssl/spicedb/
 {{- end }}
-{{- if .Values.config.spicedb.policySecretName }}
+{{- if .Values.config.spicedb.policyConfigMapName }}
 - name: policy-file
-  mountPath: /policy/policy.yaml
+  mountPath: /policy
 {{- end }}
 {{- else -}}
 []
diff --git a/chart/permissions-api/templates/deployment-server.yaml b/chart/permissions-api/templates/deployment-server.yaml
index 587116c7..afe6f943 100644
--- a/chart/permissions-api/templates/deployment-server.yaml
+++ b/chart/permissions-api/templates/deployment-server.yaml
@@ -76,7 +76,7 @@ spec:
               value: "{{ .Values.config.spicedb.insecure }}"
             - name: PERMISSIONSAPI_SPICEDB_VERIFYCA
               value: "{{ .Values.config.spicedb.verifyCA }}"
-          {{- if .Values.config.spicedb.policySecretName }}
+          {{- if .Values.config.spicedb.policyConfigMapName }}
             - name: PERMISSIONSAPI_SPICEDB_POLICYFILE
               value: /policy/policy.yaml
           {{- end }}
@@ -125,7 +125,7 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      volumeMounts: {{ include "permapi.volumeMounts" . | nindent 8 }}
+          volumeMounts: {{ include "permapi.volumeMounts" . | nindent 12 }}
       {{- with .Values.deployment.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -138,4 +138,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-    volumes: {{ include "permapi.volumes" . | nindent 6 }}
+      volumes: {{ include "permapi.volumes" . | nindent 8 }}
diff --git a/chart/permissions-api/templates/deployment-worker.yaml b/chart/permissions-api/templates/deployment-worker.yaml
index 1dc56915..8a08e4e4 100644
--- a/chart/permissions-api/templates/deployment-worker.yaml
+++ b/chart/permissions-api/templates/deployment-worker.yaml
@@ -98,7 +98,7 @@ spec:
               value: "{{ .Values.config.spicedb.insecure }}"
             - name: PERMISSIONSAPI_SPICEDB_VERIFYCA
               value: "{{ .Values.config.spicedb.verifyCA }}"
-          {{- if .Values.config.spicedb.policySecretName }}
+          {{- if .Values.config.spicedb.policyConfigMapName }}
             - name: PERMISSIONSAPI_SPICEDB_POLICYFILE
               value: /policy/policy.yaml
           {{- end }}
@@ -147,7 +147,7 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      volumeMounts: {{ include "permapi.volumeMounts" . | nindent 8 }}
+          volumeMounts: {{ include "permapi.volumeMounts" . | nindent 12 }}
       {{- with .Values.deployment.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -160,4 +160,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-    volumes: {{ include "permapi.volumes" . | nindent 6 }}
+      volumes: {{ include "permapi.volumes" . | nindent 8 }}
diff --git a/chart/permissions-api/templates/ingress.yaml b/chart/permissions-api/templates/ingress.yaml
index 3d3f5967..2b54502a 100644
--- a/chart/permissions-api/templates/ingress.yaml
+++ b/chart/permissions-api/templates/ingress.yaml
@@ -1,14 +1,14 @@
 {{- if .Values.ingress.enabled -}}
-{{- $fullName := include "common.names.fullname" . -}}
 {{- if empty .Values.ingress.hosts }}
 {{- fail ".Values.ingress.hosts must contain at least one entry" }}
 {{- end }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
+  name: {{ include "common.names.fullname" . }}-server
   namespace: {{ .Release.Namespace }}
   labels:
+    service: server
     {{- include "common.labels.standard" . | nindent 4 }}
   {{- with .Values.ingress.annotations }}
   annotations:
@@ -36,7 +36,7 @@ spec:
             pathType: {{ .pathType }}
             backend:
               service:
-                name: {{ $fullName }}
+                name: {{ include "common.names.fullname" $ }}-server
                 port:
                   name: http
           {{- end }}
diff --git a/chart/permissions-api/values.yaml b/chart/permissions-api/values.yaml
index eed388b1..5c5abc87 100644
--- a/chart/permissions-api/values.yaml
+++ b/chart/permissions-api/values.yaml
@@ -35,8 +35,8 @@ config:
     caSecretName: ""
     # pskSecretName is the name of the secret containing the pre-shared key for connecting to SpiceDB. This must contain a key, PERMISSIONSAPI_SPICEDB_KEY, that contains the PSK value
     pskSecretName: ""
-    # policySecretName is the name of the secret containing the policy file configuration
-    policySecretName: ""
+    # policyConfigMapName is the name of the Config Map containing the policy file configuration
+    policyConfigMapName: ""
 
   events:
     # url is the event server connection url