Inconsistencies between recomended TLS deployment & what helm chart provides

I created an issue in Vault repository asking about if it would be possible to deploy Vault securely and at the same time make it accessible for the end-user managing it by publishing it with certificates signed with a trusted CA (like Let’s Encrypt, DigiCert or whichever).

Although the documentation states that the recommended way of deploying it is “End-to-End TLS”, the helm chart provides a way of securing it at the edge ( which seems confusing. End-to-end TLS recommended but at the same time chart provides a handy way of not making it as secure as what production hardening guides says?

Would it be possible to clarify?