--- charts-original/values.yaml
+++ charts/values.yaml
@@ -1,9 +1,24 @@
+global:
+  cattle:
+    psp:
+      enabled: false
+    systemDefaultRegistry: ""
+
 rbac:
   create: true
   ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true)
   # useExistingRole: name-of-some-(cluster)role
-  pspEnabled: true
-  pspUseAppArmor: true
+  pspAnnotations: {}
+  ## Specify pod annotations
+  ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
+  ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
+  ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
+  ##
+  # seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
+  # seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
+  # apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+  # apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
+
   namespaced: false
   extraRoleRules: []
   # - apiGroups: []
@@ -73,9 +88,9 @@
 # schedulerName: "default-scheduler"
 
 image:
-  repository: grafana/grafana
+  repository: rancher/mirrored-grafana-grafana
   # Overrides the Grafana image tag whose default is the chart appVersion
-  tag: ""
+  tag: 9.1.5
   sha: ""
   pullPolicy: IfNotPresent
 
@@ -88,13 +103,16 @@
   #   - myRegistrKeySecretName
 
 testFramework:
-  enabled: true
-  image: "bats/bats"
+  enabled: false
+  image: "rancher/mirrored-bats-bats"
   tag: "v1.4.1"
   imagePullPolicy: IfNotPresent
-  securityContext: {}
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
 
 securityContext:
+  runAsNonRoot: true
   runAsUser: 472
   runAsGroup: 472
   fsGroup: 472
@@ -127,7 +145,7 @@
 # priorityClassName:
 
 downloadDashboardsImage:
-  repository: curlimages/curl
+  repository: rancher/mirrored-curlimages-curl
   tag: 7.85.0
   sha: ""
   pullPolicy: IfNotPresent
@@ -204,7 +222,7 @@
   labels: {}
   path: /
 
-  # pathType is only for k8s >= 1.1=
+  # pathType is only for k8s >= 1.18
   pathType: Prefix
 
   hosts:
@@ -328,7 +346,7 @@
   ## initChownData container image
   ##
   image:
-    repository: busybox
+    repository: rancher/mirrored-library-busybox
     tag: "1.31.1"
     sha: ""
     pullPolicy: IfNotPresent
@@ -739,7 +757,7 @@
 ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
 sidecar:
   image:
-    repository: quay.io/kiwigrid/k8s-sidecar
+    repository: rancher/mirrored-kiwigrid-k8s-sidecar
     tag: 1.19.2
     sha: ""
   imagePullPolicy: IfNotPresent
@@ -852,10 +870,10 @@
     reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload"
     # Absolute path to shell script to execute after a datasource got reloaded
     script: null
-    skipReload: false
+    skipReload: true
     # Deploy the datasource sidecar as an initContainer in addition to a container.
     # This is needed if skipReload is true, to load any datasources defined at startup time.
-    initDatasources: false
+    initDatasources: true
     # Sets the size limit of the datasource sidecar emptyDir volume
     sizeLimit: {}
   plugins:
@@ -934,9 +952,9 @@
   replicas: 1
   image:
     # image-renderer Image repository
-    repository: grafana/grafana-image-renderer
+    repository: rancher/mirrored-grafana-grafana-image-renderer
     # image-renderer Image tag
-    tag: latest
+    tag: 3.0.1
     # image-renderer Image sha (optional)
     sha: ""
     # image-renderer ImagePullPolicy