diff --git a/main.tf b/main.tf
index 1080472..551a5d4 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,4 @@
 resource "kubernetes_secret_v1" "altinitycloud_cloud_connect" {
-  # https://www.terraform.io/language/state/sensitive-data
-  count = var.pem != "" ? 1 : 0
   metadata {
     name      = "cloud-connect"
     namespace = kubernetes_namespace_v1.altinitycloud_system.metadata[0].name
@@ -8,9 +6,11 @@ resource "kubernetes_secret_v1" "altinitycloud_cloud_connect" {
       app = "cloud-connect"
     }
   }
-  data = {
+
+  data = var.pem != "" ? {
     "cloud-connect.pem" = var.pem
-  }
+    "ca.crt" = var.ca_crt
+  } : {}
 }
 
 resource "kubernetes_deployment_v1" "altinitycloud_cloud_connect" {
@@ -41,6 +41,14 @@ resource "kubernetes_deployment_v1" "altinitycloud_cloud_connect" {
       }
       spec {
         service_account_name = "cloud-connect"
+        dynamic "host_aliases" {
+          for_each = var.host_alias_ip != "" ? [1] : []
+          content {
+            ip = var.host_alias_ip
+            hostnames = [var.host_alias_name]
+          }
+        }
+
         volume {
           name = "secret"
           secret {
@@ -51,14 +59,23 @@ resource "kubernetes_deployment_v1" "altinitycloud_cloud_connect" {
           name              = "cloud-connect"
           image             = var.image != "" ? var.image : "altinity/cloud-connect:${local.version}"
           image_pull_policy = var.image_pull_policy != "" ? var.image_pull_policy : local.version == "latest-master" ? "Always" : "IfNotPresent"
-          args = [
-            "-u",
-            var.url,
-            "-i",
-            "/etc/cloud-connect/cloud-connect.pem",
-            "--debug-addr",
-            ":7777"
-          ]
+
+          args = concat(
+            [
+              "-u",
+              var.url,
+              "-i",
+              "/etc/cloud-connect/cloud-connect.pem",
+              "--debug-addr",
+              ":7777",
+              "--dual-tcp-udp",
+              "--ca-crt",
+              "/etc/cloud-connect/ca.crt"
+            ],
+            var.ca_crt != "" ? ["--ca-crt", "/etc/cloud-connect/ca.crt"] : [],
+            var.dual_tcp_udp ? ["--dual-tcp-udp"] : []
+          )
+
           volume_mount {
             name       = "secret"
             mount_path = "/etc/cloud-connect"
diff --git a/variables.tf b/variables.tf
index b2c6398..71eb682 100644
--- a/variables.tf
+++ b/variables.tf
@@ -56,3 +56,29 @@ variable "namespace_labels" {
   description = "Map of labels for `altinity-cloud-*` namespaces"
   default     = {}
 }
+
+variable "ca_crt" {
+  type        = string
+  description = <<EOT
+The certificate authority of dev environment. This is only mean for local development, should be omitted in production.
+EOT
+  default     = ""
+}
+
+variable "host_alias_ip" {
+  type        = string
+  description = "The IP address of the host alias. This is only mean for local development, should be omitted in production."
+  default     = ""
+}
+
+variable "host_alias_name" {
+  type        = string
+  description = "The hostname of the host alias. This is only mean for local development, should be omitted in production."
+  default     = ""
+}
+
+variable "dual_tcp_udp" {
+  type        = bool
+  description = "Enable dual TCP/UDP mode. This is only mean for local development, should be omitted in production."
+  default     = false
+}
\ No newline at end of file