--- charts-original/templates/_helpers.tpl
+++ charts/templates/_helpers.tpl
@@ -40,12 +40,35 @@
 {{- end }}
 {{- end -}}
 
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
+{{/*
 Output post install webhook probe container entry
 */}}
 {{- define "gatekeeper.postInstallWebhookProbeContainer" -}}
 - name: webhook-probe-post
-  image: "{{ .Values.postInstall.probeWebhook.image.repository }}:{{ .Values.postInstall.probeWebhook.image.tag }}"
+  image: "{{ template "system_default_registry" . }}{{ .Values.postInstall.probeWebhook.image.repository }}:{{ .Values.postInstall.probeWebhook.image.tag }}"
   imagePullPolicy: {{ .Values.postInstall.probeWebhook.image.pullPolicy }}
   command:
     - "curl"
@@ -69,10 +92,10 @@
   resources:
   {{- toYaml .Values.postInstall.resources | nindent 4 }}
   securityContext:
-    {{- if .Values.enableRuntimeDefaultSeccompProfile }}
+  {{- if .Values.enableRuntimeDefaultSeccompProfile }}
     seccompProfile:
       type: RuntimeDefault
-    {{- end }}
+  {{- end }}
   {{- toYaml .Values.postInstall.securityContext | nindent 4 }}
   volumeMounts:
   - mountPath: /certs