From a79f4561c7cfb4e4a86ac55ab4e94c36db22a9ee Mon Sep 17 00:00:00 2001
From: actions <actions@github.com>
Date: Mon, 5 Apr 2021 22:48:54 +0000
Subject: [PATCH] Strip 'nginx-' prefix from image tags when using
 semverCompare (#62)

* Revert rke2-ingress-nginx to 1.36.3
* Add trimPrefix calls to rke2-ingress-nginx daemonset manifest
* Add trimPrefix call to rke2-ingress-nginx deployment with defaultBackend disabled

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
---
 .../rke2-ingress-nginx-1.36.301.tgz           | Bin 0 -> 22435 bytes
 .../rke2-ingress-nginx/1.36.301/.helmignore   |  21 +
 .../rke2-ingress-nginx/1.36.301/Chart.yaml    |  17 +
 .../rke2-ingress-nginx/1.36.301/OWNERS        |   6 +
 .../rke2-ingress-nginx/1.36.301/README.md     | 361 +++++++++++
 .../ci/daemonset-customconfig-values.yaml     |   4 +
 .../ci/daemonset-customnodeport-values.yaml   |  15 +
 .../1.36.301/ci/daemonset-headers-values.yaml |   6 +
 .../ci/daemonset-nodeport-values.yaml         |   4 +
 ...set-tcp-udp-configMapNamespace-values.yaml |  14 +
 .../1.36.301/ci/daemonset-tcp-udp-values.yaml |  10 +
 .../1.36.301/ci/daemonset-tcp-values.yaml     |   6 +
 .../1.36.301/ci/deamonset-default-values.yaml |   2 +
 .../1.36.301/ci/deamonset-metrics-values.yaml |   4 +
 .../1.36.301/ci/deamonset-psp-values.yaml     |   5 +
 .../ci/deamonset-webhook-and-psp-values.yaml  |   7 +
 .../1.36.301/ci/deamonset-webhook-values.yaml |   4 +
 .../ci/deployment-autoscaling-values.yaml     |   3 +
 .../ci/deployment-customconfig-values.yaml    |   3 +
 .../ci/deployment-customnodeport-values.yaml  |  14 +
 .../ci/deployment-default-values.yaml         |   1 +
 .../ci/deployment-headers-values.yaml         |   5 +
 .../ci/deployment-metrics-values.yaml         |   3 +
 .../ci/deployment-nodeport-values.yaml        |   3 +
 .../1.36.301/ci/deployment-psp-values.yaml    |   2 +
 ...ent-tcp-udp-configMapNamespace-values.yaml |  13 +
 .../ci/deployment-tcp-udp-values.yaml         |   9 +
 .../1.36.301/ci/deployment-tcp-values.yaml    |   3 +
 .../ci/deployment-webhook-and-psp-values.yaml |   6 +
 .../ci/deployment-webhook-values.yaml         |   3 +
 .../1.36.301/templates/NOTES.txt              |  71 +++
 .../1.36.301/templates/_helpers.tpl           | 134 ++++
 .../templates/addheaders-configmap.yaml       |  14 +
 .../job-patch/clusterrole.yaml                |  30 +
 .../job-patch/clusterrolebinding.yaml         |  23 +
 .../job-patch/job-createSecret.yaml           |  55 ++
 .../job-patch/job-patchWebhook.yaml           |  57 ++
 .../admission-webhooks/job-patch/psp.yaml     |  39 ++
 .../admission-webhooks/job-patch/role.yaml    |  23 +
 .../job-patch/rolebinding.yaml                |  23 +
 .../job-patch/serviceaccount.yaml             |  15 +
 .../validating-webhook.yaml                   |  31 +
 .../1.36.301/templates/clusterrole.yaml       |  71 +++
 .../templates/clusterrolebinding.yaml         |  19 +
 .../templates/controller-configmap.yaml       |  22 +
 .../templates/controller-daemonset.yaml       | 257 ++++++++
 .../templates/controller-deployment.yaml      | 255 ++++++++
 .../1.36.301/templates/controller-hpa.yaml    |  34 ++
 .../templates/controller-metrics-service.yaml |  47 ++
 .../controller-poddisruptionbudget.yaml       |  19 +
 .../templates/controller-prometheusrules.yaml |  24 +
 .../1.36.301/templates/controller-psp.yaml    |  80 +++
 .../1.36.301/templates/controller-role.yaml   |  91 +++
 .../templates/controller-rolebinding.yaml     |  19 +
 .../templates/controller-service.yaml         |  94 +++
 .../templates/controller-serviceaccount.yaml  |  11 +
 .../templates/controller-servicemonitor.yaml  |  38 ++
 .../templates/controller-webhook-service.yaml |  44 ++
 .../templates/default-backend-deployment.yaml | 110 ++++
 .../default-backend-poddisruptionbudget.yaml  |  19 +
 .../templates/default-backend-psp.yaml        |  35 ++
 .../templates/default-backend-role.yaml       |  16 +
 .../default-backend-rolebinding.yaml          |  19 +
 .../templates/default-backend-service.yaml    |  45 ++
 .../default-backend-serviceaccount.yaml       |  11 +
 .../templates/proxyheaders-configmap.yaml     |  18 +
 .../1.36.301/templates/tcp-configmap.yaml     |  14 +
 .../1.36.301/templates/udp-configmap.yaml     |  14 +
 .../rke2-ingress-nginx/1.36.301/values.yaml   | 578 ++++++++++++++++++
 index.yaml                                    |  22 +
 70 files changed, 3095 insertions(+)
 create mode 100755 assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.301.tgz
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/.helmignore
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/Chart.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/OWNERS
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/README.md
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customconfig-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customnodeport-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-headers-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-nodeport-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-default-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-metrics-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-psp-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-and-psp-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-autoscaling-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customconfig-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customnodeport-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-default-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-headers-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-metrics-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-nodeport-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-psp-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-configMapNamespace-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-and-psp-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-values.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/NOTES.txt
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/_helpers.tpl
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/addheaders-configmap.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrole.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-createSecret.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/psp.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/role.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/rolebinding.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/serviceaccount.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/validating-webhook.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrole.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrolebinding.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-configmap.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-daemonset.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-deployment.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-hpa.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-metrics-service.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-poddisruptionbudget.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-prometheusrules.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-psp.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-role.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-rolebinding.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-service.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-serviceaccount.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-servicemonitor.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-webhook-service.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-deployment.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-poddisruptionbudget.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-psp.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-role.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-rolebinding.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-service.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-serviceaccount.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/proxyheaders-configmap.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/tcp-configmap.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/udp-configmap.yaml
 create mode 100755 charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/values.yaml

diff --git a/assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.301.tgz b/assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.301.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..774667f6666c1f50dcd10dc4bc095f77d7344d40
GIT binary patch
literal 22435
zcmV*HKxn@oiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ{a~n6(DEj@(zXFHK`D|r1eCg$I*L$xbIkE2Aipr9c{mN&{
z0%t%H(Qq&eU?_28pTGSUUNe~YkfJC%CaN}T4S_}jXf(PT-3@w+1`ZA;6fx!m6CB)k
zPp6Rb&H~Q-|5{J!^?JRdg9G{hy<RW-|NUOS_h0>k-u~dY-#;E4{a3Gla5U)s7wE02
z|H=|E4(WgO9^6-Ua9>G*A^sInhDk64^L`74Vf<&Wv)}9VS{`C9#UYp9P68l_1e`09
z0WJwRCBBa+;8Vy!#1I3gBpBn#TNnaP0ON!rz^6#Jbmfl`g#u!yH6=4N1XIpKHtcpM
zm`|fo$0f7wZ8SnOKpe4diauM|6_}V7QRoxsb?)#jo*@sz4xy8-_$w5DbzL%>k$`pi
zG@6aNZr45RUI-{3eKH{(HlK74d%f`9Nq_8w!K8JI7I%btY}j&u#-Qb>L9_&N@kBlQ
z`^$c(-|O_8-m}&W;($XOASxRMPz>*MiqZJQNB1!B5N$aC%^>!N;F_X2p`D*QzY*g7
zzZ3CMjJ*YPI}WFi!f8wWmEWr^Mk4AW+0!ypI5(*GJNrkS{a(NI)O5HlPg4r`{~Y=e
zVrx7As`>x^@zH)i!~YNay)FOWNZHvbV#}?a9q<l~8}jAu$S0%j3^I;rH#rbkSJ6|N
z;m^F*&Q2?-HH?{E@~s5`p1}zczX3o|NEqgXE{1@@z?~whAjfo@Y6$>`lObrUD(Vn(
zbi00ARtO{Cza&0(7ejD9z99UPB8CDkf7}6gcXy5lIRwt%L4-Zf@AVZTQE<ZEGen2+
zC+Pd+?vmm;_R$2rVlMQdIw?7gP^%@tT~9Fsci8vA7~ji-5Hl7bK*r$p<p~G~2P1@o
z34kLXi4&6|=*fCB#3^=JM}oN^9H}!FkHLaO00puE=3q=HK=+t&0mVb1PZl#2aJDCY
zyd%Lg@n3oiAd_HyI6^)HkRpI*vxo~Ys*m3gphz5<DDVJ7Tms|*e@^6xWLE*YvwIOu
zBZf}NEF=L6_!|L!2*%K7dInB41t8UbNGNBCL|`o+@G;{kV1NWIAPGXAq?d$pMGJx+
zhu}po{(}v{!NI=j<~K3N(DQ&BF-~S_k_JSIFmfdFu#agwA?S`Kb4=3bWjA7oI+F-{
zs2ii4fYuZ~gJD-;J;swE_~Wy}>MgvV;lKkvc2U3(xJ3(rgGcTHA-RB`5qX0-8h|s%
z;RrIsWHW=^$S0G|Ou>-*Z_w-i(CrVp{TE$^CjlN~7Y5vMr!bfx=5XRb*F}usVB)~Q
zb0Yb#2_nAeMH05@MT32#F#88u3_-hHJeN}hJwzE8p|KF>7z#W|8x)Sm*cAgBLH8B~
z9s|&I301$6Wu%fWrwAD~;t`j1(LJ1nK4M*k1pbenZuys^QECAYQgXkzLj1M*lFWU>
zQBcG}BG$$ljv!Ch$0*>b0SzC8Y<8gMS>u78mmA7E^zR5$<jEZvF$C@~pMukib0AjJ
z0|`0+2aH2sF(L+@v&fx_txp2P#HI#O2u2Ip0D80CJqe!Sz(o=q3_LI;jEh|gJjpy}
z_#P|}?|@SnfDsa#pCT7><N+d@RWGu=-h%P5?qL6iK~Hvz8JHnDL0${UPA?D_oXTdO
zzsP+HeSZNA86eF@Jm3XPF&Dvv;y;pEvm46|5_7XtKN5uY6Q+#+hWYfh>K)(!xR4>q
zVW)78z_T1)&lI!#aREFuhLO+rz}*!42*|A_#{mM>U{9WHg20F$Nj4-EB!RxD_KbnE
zi>nSeR~-EgvuTbe%Dy-Ow+Mv_&|LH);L4@Oo|=x^7cA*j5J<@g^-P)bucVfmz8@h)
z&J1zr3$`Y@qMEAa7{;S8-7d2=)cMgJL5d{&?#>)Thfk3sAUYbNM8c?=j6)tVa0eL}
z`7pQzBjiFcP(DTCC}SWX;0n<>b`e1LLTHeu7XlYQpI`j5NM*$VfSF?=id&`EQGC(M
z4IC$oMm}a!hw1LdKAeb2_XJ4BVc<dP0oNyyJV&FD0goUi4|^Df{-UMi8p<z-ht30z
zXaN25&^|VIz<Z{#P$%Y#p4^<`yaT|4NGP^QAB+)0V&&vXnZQt+N_=FhTIK}JouL+=
zA%VXTqJ|#ykBYr_l+@vYm%10(=xxM=5Ci@usWOBv`g`|pdTu_7Z-1Bd1llQRdbQ$X
zX9v9Ukt^5X{7ewNSYE;K^x8+E2RSmZkgj`vHUxQ5(D5Y;)o?GwHY8&uei=gWA(Om-
zl1R!{lth!M;t=WmCwkMZPDP`kHUmid)Z!E;@}$v6M<O2yDGrKLSB~C%l|qum-V1>U
z4i^hSHk^=n768#+h!sO1RX082E96EL^M#PUIJy@^<YN~jCMVR|1R?R5X@ZLOFed6a
z=8)a8F7#$N5Mmm2T*W)OY{6Xa$A5|r6u^Lp^N0jWR+Tbt;OQ-<8Zk4yA@K~x8sT_y
zcEE`cvl&Q<0cJJPz1loL)0=8xud|fBM+l5a6v(+1%<JspO7yDsv7tk`DKv!-V*<BP
zAag`1mcoGUUxP5+OHl~ReoWIwyF*U{03qblUsNyl#(0Bgn9B~COTw6z^K>eIE*(jX
zf&eYG9lawZ?RDNEA3=sX7p7W+1&GBM&;_=bBfiAl8SGqR8oXFPBHRrPLuOSta5q%*
z^O(p)UNdAOZ(YcE9#+B*5E>kmDo20-q?1VMX`*$gIbMbSESPX-(vhay5V?4~NS%FG
zS8sreD3^K%S8|dIrCg&LqkB%_37yCjXJ-e*Jl|o=cdVvE(9Y}#mm;n<gwWFyKo%oN
z28n_>rX-Lob`B{Pq%OzC5I3z~1#>n8AO0m-Wb#FEOkk|DKmGEH{sI&S{fUy<F#ZI9
z!t5Vt@eYmc@0#n{?adw=>PC)`*diLQ(wRKAuMh`>g0uKIFw}6118-=5*TW71!eOkx
zj*vJdP<&2U%-qX?Oukr9l7r`3(5gIE0pk>MG?D756jBWQ1RsgD8A43LviX&6og7I5
zB^*rN%b(+Uo5B0{0h~kZixnG!zWRYLLNo;L>?R7q84lhd=q;|0ON4qUked_ifm<x=
z%Ja);bazOaHK=G{(8~ZAf?mrA1w_cs#E+#~DQX}(M-(u3ioD3zYHUC}#FWY<PGioD
zurw}I2+fJ<3iT-DENuhpLMAkKCnTOD0C!`?l%Nt*EpQZ(wQtd)ZRU`Kq8_0`(0=vr
z2>PF1-DAdC{JW&$A!y70kH4bv7`c21+85+XjShXfq-cz&_2GiNx<_ur(er-iND6_w
z<_J0&k8vO*3c*`oz_A1Mm$lBuj)5x87x{jKf~^16v?j(UHVM!M1HpqsIWQr}3MncD
zWe?mTJehK#GT=Z`IF-6#-|6>y8eT}elYnD0=Ar%!62NB>#lhq%rjzqYK;qA85-|yq
zhK}xb2$EjpfloZs%Qd32q4g6`a^aPfbO}xWB(@TFr?2iq!NeueWPaDA1H&-$gH1u_
zLGDL&1CWI#8K!-1q<-flBtDreq!lT>_(BH}Jh4@>RMe;(xs|G03)6D>rKp(K>RBzF
z(~21_p3m~xOwDDxcrwkV<cQ92Aa~Nw6uRgVQ7lDi!RuniQdMaPj(Rpj)T&5cO8{!8
z#)nJohPUls#6u1<8e7cq#OHVwl4Jf2o})mB?t;?@W{%}wAtfWEXLCuGBb0cbK#z6B
zaUuTW_;`%mh3lj4POM}(vWs}$e2vGY_^Q@#46z?kbUmerO^NRf!M^-1C=)~f4EZoQ
zY5HoPhw16oUs)vWv=$_Fr@-+Hk%%YN6%47__j`lG18F<ZbMl2@Rx7R)>77dZE09ho
z3VrOtQxXNDhn70bPi)yi)-t!?vE<<kWhs{PfEz}V>CR#q1kL1i($T?NtYsDS?+CHR
zZNwQAal%|E*iEUnB}ET81~vqPmKJ}KPklYFkWLUky?p<kV_)kLmx#J3;BbP5;IL;^
zdn@rMuc?;6Xpq|W#nCMEmFYxjE7$r%f$kxd&eT`yW`I>_%IZcevyAZ}mi#Hi;Mjt^
zC(YFedVt}XkU2dftz;o3bAdku+N^MXsm&Xb+0HOOHQ!U3dQ#n>tT_tf;;cEp6tpP#
zEn)z2a5u&7G%G|Ky-muJv8ZZ5Ey48+pze;bQaCtdwzhA+pI<7GPt6yB-jC3Sfg6t_
z`}s<e{5yH)lQdKd@>-hsqy;_wktKF@ZSUcU`NZ6PNHftwUUjtJ5EuGwsW?(31!JK0
znwUot7&v;ZC<81C1v?N@Gv-Yvj7OYM41Jc&m+HmAVRt9~r!yurQK^M2?g*tp%*sg5
zN@_~4)qsqlJ0^zM9)mESA}Yk;0JVi?(>|3KKIfNhfX70Q?0|nH*DBJCWYl0zbi0lQ
z+V~`jN1#p1IGC7k-JLn6JW^C5rC<GnIF{})Qk27#ToOw|@yMnK`h0piMeeOQ$dxU)
z*NT~RGaInsGX+*-@!xbC`G2~VRN&rNG-~Es{bEqk9|QfTB^Iep_6NNez0@}*J}RrX
z`WPE<l(_Vw_o64Nyy(49Hm)>i16c2(7-syp0B3lUGRWxjM_LR{N$k(1b+U}D#r#~O
znTN#d<jt(sm6<QpYTtvQ6HF|VOxbq;nGvEpMpIOlhuOkm*h4O)=Im156iVJ43bxO9
zx=BeNnf7t5U{Z$Fu-6%MdZryTW*{T+mNm2MI1cogkbgO0+(R_;V{A)%`Q7u&U(P;W
zoV<N?b$N37YBvYma%eFsa4=8dqegGQ*jAiELy(ZNF!H^e9mxD}3HfvwTk1Pf>nZI{
zV*Mz6#ui2imH5#Ny%j=KvKUV6bQ3Nd!5pCPuv;9kq>Gtop@4T8op<Muc6~fb&2m>Y
z?W(3`%lvBhShQ(ulnS=W4B{Z!SQ+Xr!`Mc5SyZdAEJD!i<p%SJW+7jkVVdG8=K<zL
zd?op|rzI0<&58nJ-x7GhFtoXjsKGd-9BG^kO5${IW((_DB-zQMh%H9sUVqf~;vx9(
zj7^{IfoF~@{u>1x`ygOGA-7QoVo-k-G8%HH1l&O^&w8ONT0b)%p%4s2y#W37nG{Z-
zH^cJW`VEbygxs=Hp;_xO=G^`XV&Bp;Uc|>#N)#;?Jl7&?R!Ez9c~gDON_FaMiC9-7
z*r_Udu<A@VXQ4TCW87Ni2Fab8X^AH|mIqVLbs*zl_dDVoxl<{@ICpBPq|ttYg1CWn
zu$%Wgy-qLwR_RkG*Wogr<&a_`uO`(EtaOpkn@o49#vn-RcQT4W=zo~z@+vl^u@owj
z>W3mrgZ8f*7AV-#Ic2Qwf~6-6X4-?q+cT~tO5Xa9qgvv?zOjgXhWtgTs?>~t1$E94
zpQ1<#lgy=1ta)3kXS<}5!l*3=qlLrGZ-u1WdgY68$eDxg1>%VUCMG?teyvdfvk0nC
z30vcS{o#jx<%ZRj-;w~w*2qHEC|$$!@$@FGRA;Vsv)@vrZ`SKfDKkT$h^pXjQC<MV
z^{<Jk34LEV8HvRk6W=Fyu^mK8_ql%Kp9G;VQtU{<luj^n=nuhuFJ2)qB>|yksEP8L
zko&vHN9&w18u_V(R0iwoDPrns>35+#8plLcdk=(i+5q%mDDUWJf}Jf$L_vU%$1G3|
zfIbp5aZSiu7%UEZJ^N=ti=p%{?t$;YbHJk6b0xNa)Mnz3i5T+H7_I(L?lCX_Z~L(G
zm-c6{3%aspZNpu#3;qrcQwWR&k@RP&Z`y#9`X<PBj;Pc?U5Yt&p`WT?^RrCLR7}w|
zAz%iB1vvcYKUubmXf}i5Tzadd9~gkc|81_=q3_3bJK$jtP{bn|2snF+bL;y7wG@zZ
z6li6jY&j0ryBr5!^Ku-lX*mw+mZK#t?b;Y`&gSAnUIr!*-ycEuR#|ylJ3B3k=2(c9
zuQ3x+jC7Te#_ZNk%;dm9@4)ydi#BOTw4pYeo{tsp*t4YlPNB~lm}x7LJ~6%6D=j5(
z#nBDM3BsVTa)^VYAtiuJ#6!PxxLlw^Kt{w{2tH0tti#da;l7f8tY`=IaU0A~<dmY%
z?i1IQw-m~7PLcF)iO)Dm0!w+YNZitdXD&?Ao-M6dG3veO#Xg+o#!Ptu>B}^Aw`D^H
z2@y51(@Ot8V^=})#y(a=t?#BoC%&c9*J|B$-K*`d<M!&X@jcp6IVOdO94?8+)*EG6
zZ<Le+$e+#M^-J|A&Uy!An8;>b1S;;B3-EfRi{|t_v%WGmH^%0|c+k_A%-K8Us`}Zh
z)*|D;mwAtxo&8c>{)@dz1zG)F-$xbb?qyP{5G0LYsA5OtoX4){GE_uMFgH|b-8X7)
z#p_7MX@$I{>&bnZ_7LCM0k4z*_3p=$Qvo<cv|;eB9d#E6+|dzql?1Bd!5Tp_(OpMJ
zEzw>OZblMPzUfAqlCva!+0*sFe@mOfCGiq&uEf`5@3nRs9dYUwTl)Dh4a(8qS{Cco
z!f`8apv%j3nXxFDPE5TCG6RrOxDe|mMf=Oh_phWAFf%+?x~oz=7h|Ppf*Gd^0oN0n
z5cF9t?s{n{Oi28W?B3BGIi{m-D~pz-_T<7qc`Qp(YwdvR)6018ilaaga0oFKYtSG%
zTpqc2lp-)gD)}h!nDn?C3jNGn%I=u^-L_^drlup^{parRhhDEI_uTulr@=V#B*y0A
zcn5&PeeJjBum$5tb>esd8y@brTdj#tM$i{DrGC~b>N~wqa!+q4{=XpqgYgw&-HTtY
zUtM+hJ%3mqHTi#z21iGk{0~R_2M62y51T00aTGqzheu8!10#e26H$!3POJ6DAC6Gk
zHOpZ_epl`mZP58ur4F%dCwf12#Mucxe{TJZxVgj>5|@madH?PW7%c#ef<VV!GGy)~
z*)Z<$xe#Zb%lp)-o?`Ehj@azGyP{WV$0L-3*VosVA1{76d-d`1mv`4M|M;UhBmqZY
zf_#RmV1D;pY<8FXz;R*&GY~!Ht?QpZg9+k^znMe8?~DW?<kOe!KRPT#Zby3VeCYiv
zM(1-|Kr_44B)ZVcXOCkX`Mz`&1|9JE^RB`^@XSC~ol;gXr&lXZDyy8;t4E*K{(7f1
z#$Mumez^+PO1aOVj5(S~B2cE~PAq$i5$HcYw|Aw5%AFF>{uMLKmE%*l`<+H-_+6S-
zrE(~Z6xt+fZOS=@at%7|0+=iZ^lCY%SDkjU>?v+yJCHTvDCZo^-~w=XE0mlux)Z8f
z#I@cpc#REGC@xxEG|EV)^*=g>?GAG5J~Co9S9<m!^1Bl%m~*!hg*_{osaO$dgGb`L
zF*zHLrB&!zhG&(LbINP!a~n85Xu~jkSusz^#O%4oN?XEnq+`M7&wE;Ns)B0kRtkE1
zw*|mbqZL!-j0wGi)C1p{IaA`RR3QttW`A(p>2-RY{!mn_*g9szC`Qw=B4|ur18Gj5
z!CS<n7L^MSmUkR>zCWQb2QtK^JMWJWhy6GL@jQ-6F)NfeL+HDqw2Bf_vkH?hUKcx*
zUa?JcOQOdVf6=$IV?u<m93ofWm&i+6jesMQ91OwT-Cf5xM5-ius>qp+|55?g%>E!i
zjLba{$P~SeE^PF!VwbAIx+$YUy5Aw_YV(S`NMSnJ0cI-QLL3Q&$Kd+S6~M-}WwI_9
zmUeE%3~~D^P)$Z|cx7_~ETu0Vp2L0CYMsX@lytraAW({=t=>wSv*Lqc;K`In^12NA
zjM#T(Ig*?wB&a~=C@{!jT1YEN1MahqD;DH$BgoLv0YHIEJmg6%{~lM7*3N8|TeJ{0
zl;I~$=yHy<7*#;xCezU8&#j$x7Yz{r@Y~6|i}Q=0hu|jP^-UtaC;58*SC(W!24Y;!
zdD5ODF~8EbYIl@LyL8jZLtN*mE%x`+TGOAWRO<g9r^pWxWgQ+qBo$<}{@?E%^amOJ
z|9CLyZ}tC8lt2FHeh=n&HdL3+*hhldy%gLUx>Ga+-*=^k*8RTq>OK_AT;}bwvgx=o
zU35#=bAX4&I4F_YoTQGtBj~7H(=s`aVWOgD9KH4la2f?JINF#0#IvhtJjVB+?Igei
zPZ0lBSe`0NvcyW^DUj9)ZvkY=^gdc7xGS@J?FeMuq}Pz*fR91@e>3NQvvztU>ficM
z1E1vel8_PGe`$mE$M))@g7M4=6=4DX9YG(DG4iBSxEO7x^&3*qWqmIC5SX(#TNWcT
zWQR4$Ig)_{%8NqYX_*KX%)oO!S7#SjqOQEk43WEAJ7I|y<0KXbv&!bjc%@C9(h7|x
zO(;p`kMHEjhA*2_n}uhrW+^Bsfj_}D^>t|kvm}&)rutomQp*0_kb*3`-xo$mg_?26
zBtFN1>qlM%F?M!KRmG+DrJ7cm0w|V@;RySf%e*PX5S2_Xp;lH+k-7VW@qM52x05`A
z)y_s*Q_XIhqB}zHDcJ&L6k9?xBw(CIuCg2m1tuP9CIeol)%tNEXlSmS`qYxk>rQ<i
zZM=n3Ie#p-HktQF%-k%t!dS<QxsL-A6d(#^uuJPb6C$<?gXESwNG4uj3Wb_1bZE?z
z1YJ|K0CzCpIw9B`LvT|-66xGv9Xl`AO-rp(Gonocx`ce1tlM`U8eb(UreIeIMR#*-
zLD?G0h`iW@w3~Fs5)^F4m_=f_$pH3FO!u*_(=F>$@P#p`Op3(yGN}yk<r$Sd#W~?E
z7xXS8SE7LH?2C0nPhXQ?lpXi!Y8`#u?`Yf4AAiIvywucWplWkp`k>9gH@C>`MnLLL
z)9iF+eO}UY2^?kRkq5xt6a~^Ysyz{O*ga;-NTO{nOHy9L)u?P$wKx_X>!CIy=2B{Y
zzzQZ9tN^=oVc#jAb!{l8B&1lfm)J(7J>QJiT>)>feoUIB)`6kf9MMxU3k4f$|NUjZ
z^Mlh9N(2m*2!Rpn{3Cf|r1LZ8rvDUAk=An7o%gFmOwi6-daK39y1Dq7k|>ljahdg{
zDVUI)zfH%0sGF7k!K%}uwo}ttdDv{&l#w56!}(}PC;i^TW~5;K*F!JK@RU!>N4*<A
z8uz0@PNY0xI)!d91*d1Xy<E%G*xJ=&cxp?`)09g4AM`wJOir>ctne;OjsH*YcyOGy
z{|)-v_rEq&%5N}|M+n5JnYpA<S2XcEUoHEN#*R*dVK}V1^iD2wRp87NQeN3WTj7!x
z<_dTS+Lf2U%I|lIC{~%W>|0zD(xqW)9l8>a{C#m8=~dAxeX;N8hb-*JAJilY5afU0
z%&%FPPXGrV3OE?plFc&AtY-h~oDC)u0PFrvMvjcl?`r>WN_<qq6KeMVAou>?;PCMH
zaJ&CEQS|<YfmcjwnWP<Y`u|3iC85MkGF*g?pxc2FpAxDQ*>!GT$g9<azbF!WM|_mx
zFlwJIvC(4GS_Li)?J4qS9X9O>q}xLfQsiid$35}yD4bB}p}mkWp8O#G(7)uNI3Ds5
zN801OJ=E!29F<K&=vSBod-5+CC5BY|=(ox_V|NZGRxT{>j(G93Bx%!%?lpb}(X^RE
zAA6AFV4^u!D&$T149pQ7SxqL0$N$#vOk@tnyxeY)b{cu`;aMU>Kl@h(P4MAaR`bWm
zR8we4L_R!=7|OJkRzQWdv(gU8c!6$j)W7Mnmh*pv<vUtsVnE&dzeoF7`Tw|oaI`)D
zH&MQp^Z!RhVp}ob&nyNIAL%TI<|M5klh{$vmJ*lO!4jHa(dc*NaxI7$Cq&zZY&jsV
zMsz7h#WFwQjULOZ^MCO#byc7|HOrO28vcK9c$DS;M+f^`{=bp(bo_rLsVL_4{~s9@
zF!vR<nI_5yu=p(_e;^|_j`~J_O5IkRT%KzhV4c^Hfwmz8=!a9-Z>zp{z=`-1j1lA!
zMf!cx+ZPP<JN-cm0M31#LFHsD->(cXn<7tTWJ!f&@l>k&v^V)0=uGq_Q?V?uCDK_a
z%xq^U)-nQu#M1X7b3&+w*^FRIQrl`2w*u8Qro0E)VeL?ngbJ5fo@`c!1gnCC55>b?
z0d{UxlPte>fQL>vY`B~$I<s$Tu1c@s#6&HJw*=ow5|x3^pNFeJ;BaEEF-USHm_%i(
zKur>zrGc9S<VkVzGpF*3PYL5y5n`qBc?nC{dsy>MnMBxOb2o=?EJ?mB6(qAw^pkX=
zWz|Sy{0ih(X^7&Ga<f{$1V5>KS^DR^3(D%kvf2{MGFLlcP%;atG(sufnr5vfTajgQ
zH6=_c3QpJs3EmOHQ&~+@8T1CdUhj)Ew>?b$m;ch!zq<T?G&tPK|4&r@gz~@awUPM0
zwd8CS0Aodb0I6*?fUO4b1R8+hbEbTw3cxa=e|E~0SZtoTXe<{O%c=>$6-0B1nKO&H
zytIC4C$LW{twny%_Nmj|>Z7eBlSY2>Q?IlnBid>QUzc{Uy8IuqroN!H{$B@K`~N|2
zd;hzcvO)R3ksFPzA*4OlwVsd*I9QL?u)PuflJyAa`{eGD;yL!w1ifM|^r3pK!W@)i
zrtXVXZz`9sc9NRGd-a5Yd01nH1CxuLMm`$K2SMKncHFX_6sIJ#)fROteDdZ^%Vyn0
zKs39T8JyqXAiB3}$r>lYLi`$qp^s)L;Lx{y-X4OzezHy>8^7Nx|1uBJ$v;9$en&2s
z#O3H5K=Pj+xeM+f^-eC&zes!4wyd|Te*QOb{MMz;|7-s+cm5Ch+xU--lrP%<YwP&^
zCqLh-9lv$1{sQ-Ibzs%Haa%X^+jFeAJdFR>IR5HV>;F6G=i-0%xA8w4DPKJQ-#Y$&
z1INH>j=x)v--nmg`M);h>J%qcM?f9_?;mIR|Iy%ZYyaCwc{=_dbNS4U+cNq;FQeZ|
z;$K=>mj5S#wdPyB4XBR)ANLQk@_+wuf6M<jQI>IyC}HGP@!6Tnn_pw<(Lhh_u<SKt
z5y{A24`Y@&^8XTZh$I6xdsIoY3Xa~cs3T#RhZj1jRQB;zf*o_8wZ^E=Nlbg{bAb3A
zp|?1g*kSo<<qVx<ASDk@sG{DG&DT49_v+;ORqE6G%QO2^&OD@Q>7gQpY06t+2!4WC
zJ&x}B7zJEW;V|u^kbr9<!P|AK39jA`JO-v;jL2u>>L#Om;E`I%|C^_HsVsH(|A)t!
z{O^Naf9wCdnPSQR&*L1zLi1L((_QsMSn3z~h^I;_yQX|D8x@DYDE7Uw1w78j#^O&X
z@Is<r1J`_+cqsWxKZ6YFEa*OFi3$BK_HZrN5+y-YX@;sokmi?54mfVjQZ=k}D6)OY
z<8wI#+GTeKDc`PTag67?@KR#wOAhsZSlum0YQ1#kn)LFObe%iR9nj7l<!!KIysi)a
zQif{!ux*NKC35BSg61eFrrcCySK{rtslj*Et8qn`SqX){tbCJA&;MpOJ;kL?{~P4)
zfBFZ9$J_IN6XmJS|DtQ1Z&?g@g48E#yZ$K3I^MD0^=o?l@#V0^Z>Ci9|KxR!N6i1*
zKg#KU{p0?Y|8Jyd{!eI;*sK;EJSSBCujpBj^b>#;FCiAbx|5``-Q6Y`Uf0o5YGI0#
z3pY#o41krGxSV@;AC&Jn|0elE2~D9c>pKkb#~6SDUOt5Ktt9JI<aXB8O7l9e{Q|8i
z|Mwu8k$_dD`6?~d{C{wCbaa&C{|8(DuZ@&s(>+K3E}}@mghBgEF8>wc?cM5%KN3D|
z?;2A5E@J34Vf>O%4u&s_nk9r~*NtDSn(8mCws}%BtC^(scggE4l0T{gCm!pcRXLFZ
zNZ$c<ts^d(-G`kvX%7t1Z8h&pR>qEuk6Gb?6%WMXP)z|=J{b2V75~0;^!o!Qvz+Ni
z44s;Jm94Be|Hdnj2{)x^js?lS#*7oXc!Ot{r$VNSDyXK)2zA9N<Y=;}d1WA7*;)n#
zYlee&2zm>hf}t#EJ5#MmK8Et?Y?L!00V3n5z<0N3u?N1J3uq-gqztZfJQD4}=g)G0
z8p<c|?}+fKu>Hr#&hP*VT|tIjmPTt=PVLWH0Vt`N1YV~WBsH;$AC&j&1?)5yycC4^
zQw{wmO=}Wwcmb<UTo6}C(}#s|oB=^)Qng4h`%4khxz;ry>lMqiRMv|UGAaVn&QDt<
zv0SC&=_>;5>xd}}sZlt8Ro0DWZYY&I%<@xMQ_ha&xjCBV;3!$#f^2(j3rzW<`gn}o
zh3jX=AAhb{$)tI_fc-%lRBjbPNfMB5YSo+qMwS~$=4HXuvkx|C$H_cSXr9L{O$1V<
ze3m{d+9?>h&vJQ1^dO#Ro{{@ouQTX(dTsEWQ#`w*NWL7Zx^7p}%<k@zLpH(Gpj{~M
z*~2r!EoMop+7(cFQp)b76I%ZpFk^0vN5NdmIW9S9n!u=|kB6X^CH&Hl=CUXEwqURG
zL#OAA5Qm-qYP3=RY;eWK$-F1sFcW9d)5=A=qhux?V-^a=Cbbnz0tb5~3vFtgpM7!2
z$9z(p=OyUtI`YW>;sy|3U97}}tMuC(b13LtLE8`xB@=DtjJshGirfv&wqp;(G-EI2
zZnz|hkynUf<UJOOk+&?0rJhd(cuN<TbUv`cr}!1(O<kv&V4J$pw*U$uk@5@Tq4R(v
z8bJR%+%2p*C5&GvkC@$pp(#L4Ks@AN4a&ix13gd7a|x#?>VA1bZtA9<#W^3n@UnRh
zJ3@Ign2w7m$7Ae5j$U>nM!P<7q2IMWGx<joShr|V3gZ?nR-d>Tyr1E~dxKpRF!T?!
zC>oru<oK$V#HPg3Qw^>ZxyDu+bk8X~p%Ydj=IX`;gGj76FB2n9nS58-{$X-g(RtTD
zT8kuJnt)CeH<QLFT|7#{{8y9eC|#iE6;-`>b^Y<j^NX{OSFhgvdVcyURmIA4SE;<3
zYT0Qn&;3*duB=sq)k48Mt1>Fp|MHi!j~6FzUu9-M($i0r%<@w+#>n@yUr*t0m(s)E
zm_Q|;uk8Bj^5pc9`<LfTBMu^W<f~v_Z`Dg`E~mcxc#Z<Z*d-++lpe&C^YCZHvm?_X
z6H^3zKK)PjM?!fS*`&HEWcC0scZ$SnyuQA^O#Ord%rW%OkPquD;^}@08fLo<5yjGu
z)f{T7NfsW*Gejc36u@+wEJPXE%GmXkA~q$y*9>O1RTioa*;x{5wpALcSk@E^T<Qdh
z&4QPOqCjjPEIKSKqvEBZ!s3%i`Yv$d5`PG;PcJjSnZwS$EX@HhSD~^OvET0Pi&Tl;
zr&tax!(!><tw<<9oMN{^BvW&ytJO|eMGwUrwrnOJPsUUO(!$#+18OFCt}wJ}GA~pO
zgV@fmNm?j$?RvT{r2q9&b#Wid(QNgM6l$XR8Hv0#%*gw*r=Jmupocef*rxk>#M3s@
z(YlV?EdCEaZ!-|rbKquxuIt3jfGs+5jmA^rS1R4;uC;-t6Xz+Fw}oZm<F7Kc>01&7
zywLrxlu2h)rMU%X*wA^e3f~-$m<iCAI&_!2-LzL-hR78|Q7WIQ;wTg|HN~v|68H<9
zM!XT?s~%iV&N>0?VYSN)5?M~T3eNe(ZlqnLT3A{}(Um<&2Xa*ckLzVsmzoir#&^ig
z@VDxxJRh3R*?E9@y4QqVo?18B^|)jpmEohnTV}#ChGA6!wN6t@Cg`sLkiYNG44@nl
zPJEM-Ai=}>Sc8V$`~g_N@mMUNb+nr=HT}m8Ydc^1S%%7h9{@O_GaSgF|4gBaF4ITq
zQSXa79%>*m>-dPXYp?axa2g&0F@Urf7F0Yzv&_MTIhy5sC2movTT>bA0!y-y6jc%u
zJ`4Rd9$z&_mkM-Gk4t@P{`yEJJ;$=g*it80HTz$C@~p=G|B2i5(g6T9{{P4Q{cQa2
zpua!Z`u}gDH1+?Fm%n)cz(ZW{;~HBZ{A%$anahR_wz&pb&+d$Pu(kkzt@D2(!L8=}
zuluqC^6kSi;)J=-$H63hOi~p3*o76Q2l@M{5S>6)!hb-x0ow)|Yy%Cxsz8JEifkhd
zwvh(gNP}&p!8Xz$J@Rd&!8X#M;a&PR(qJ2D@U2D~Ea&H)GR;0wT*8-v@w%fJmKzs$
z!{x`e`M8JW1{HY^AJn%NDUm{XH<KPwCqXP)GHK6nR4&lmL++ak*(kzo8?&*E+1SQx
zY-2XIF&pcRnW*e~8?#}`HfCcRv+<3^Y-|H2wgD6MM731F#8(&3unjlZh8t|d4YuJ1
zHrCs4gKfCMHr!wvZt(cw2E{Z|+2~6<Qnn!qnzd|06u!X_g>8An(lq{K8p4&IfUSG~
zb-%ZtegE~af3S`J*hG26_>T&vS?sEwdQ?2A(wz_NH^g5PivJ^|MgNj`C%PJ<+t-0)
z(+7lW#PJnkKCdC2ARb>stQ5;58s_48z=IyiHUR<E5e+tdS=DuWc)wKpq`Gde45&)N
zy2E^02Z76}JiUDXo?~A><addvivmFgW}+Ox7a<ygcUl2#rS-=2Yve=VhEe=Qb#O9A
z6i$%Ui5ecrAJNURev4*=F4l?oOhQ~8_pPL{*3$I+*Hmwuk(QDLYR>=tgZ^RW{NL{#
zZr^{}NLlJCs_=b2eR5gnZ#_&yMKBu;m5H!g>Z-36c%v|@Vjh!-6wL?cHw#26X_k(I
z%a~BMGEFma!LY4XDtxOXfHJ!fWQMtZVE6noA&#=cGuzxvH;w;PN%_VA{Ts9$g=SmK
zvG!z=$6i8_;s>+t<tJe?f<*V)d+$<j2<t<Qb*~CkDWxv4RS5Kcggy-1WWv(lO6jl`
zRQus5T}esionS;PkDUGMlG9k)NyYBB{2_|n0jh37vk2(_Pdi5_nM_^wCZN+{*GqDs
zjl{_-IkX|2h{{>&c<RIW2})D>FC?Ca8I3}5o{l1KvcyZEb?-kP46^Tk9`p{j?>}#(
zSoWWi*tQ~L&GQK_^gl0CyahYsyP&_jTiP_0g&?k<l{!Ni3)-FcZHv$)@y=q}{87^8
z(^-R-iDmy%#ilPa)y6V&JHx@r9AaOPYemY4xXw3gQfSQoDVZTYMG>QskJvi(|NilQ
z_Wl3;!S?<C%@iy2sDTZj%AYhQkav-f%B%)65@1fKI3HX>5fPwf-Po3JnF5kx;t#SJ
z*Ngob^fO^(@t?I`wUuBB4GQ0$KEJ|xK+nVCbccS!^e#=|RA#?2$6yn+Khu%qk_zO6
zk|>l5-8i$yckvtxFhhxe87ue%f;7$#F^f0m|15m0``?4X{&DX9_wZ=T|2I)GJJHHx
zqtdPzMqZWAFW;ynt>0y~;&L25$JYNe`2Y>0kr8mnJIw|E6~^m@CRENF0uyIk9(gBS
zVgc9zC!z`v$FKGllZF%4X<6Q5s?TS!$J8_VWyb-}&@AMOGfbbEIw2*$BbOsD{-S)B
zk|rLx3+^EGPA<>I$K^dZ6D75#Zc$<rh-M^Uh<9>NDa22rR9W>4P<cr3(M~#i!V#KE
zL157g-e<mMnS4ctn6eQsg?j=ec{ygiBWP-oO*z!<SQg2o>xOYo2B!wq*WvuP1L6wC
z^{*D~>S(5l0hBk)45eXMlfBG3pM|y5R{T%A(E8g_-NivksqR#!iIuvG#cM&e=a;7m
zXOv`oewKVlf}9nn0`F8dD8Q#EiFpE?h?-LVBM}Fb5T0;e$u*UjHU!V!MvT7`P%lXE
zju6QLSrmponxTM0|L0f|%r{Z&lImLoW$)MlKM^{@9uQ({Fp-GK{-sFSX&LWQIZyrA
zr$SEA(c$6#VGDpUlf7=XQxk|GCgCUSBb8__nR<ra;2^qBAtezy2^P=3O+(BRm8SAP
zCH`_wA6BXJ|JXk|$jbl6{jLAUMoQ*zleukNiiFteWMqE%8;tmrQ0=7ExqTt6u(AE-
z9m!a2{xlN$^6H6F-Q_t3Lu|8t@u}Tzfpl1y`6ad)sr%eHq9g0q3F6Cxj1xz(_)|!{
z<PRmVCx4^B3keQ*1qSNhK4!@uGK16d$eHw3OZBCaEH&#I-E$NO5>5u#4wOWXgNdf$
zHrN5TFBs@|`Uih0LshTzlDKXfxvok*RfJ<aZ4V<LQ$yzCN@_JoI9QUdwkWG##q_Re
z7?~av+gl!L<!*_Au5T1*j+%8AO2TVu;W6r5f{TLl;aR=0M>bG=@7cdHcpE5!<LHL+
z78fI?>#9+JxO{jPF_eL$NDY7wjT!L2Y&kOix3d*0Q)L<XZ-fJ(5iBhR*4_X053=&#
zU~sT~|79a({qo<Bib}R(pcVs(k8~J~VU!h9*)kC`Qj%W2Hx`Y4M=sZLXUaiahfmAV
z*MhAKxz5~%79|_s^4qVZH0A%R#C@1j!~c&D4zuwe{ewY&%l|h~Dl+!wGpRo~{^L>N
zKAtMxW63y=ZG6Y0IVx7ib*vcA@#VyEtRa45O>rA*h}U>%oW`TZXRIEV@kiBz7yZt$
z(`$o{eXrm7M>Im3n|6N2T>rB;uXlF&t|=Ukv8xpD-83<zeyd%E!dA<#21D}h@g$W!
zDD$xvmpqUnEFO7^Rd&JCDROTwh$kas^aL0DQg#_z0jw&XM|}T|A#Un2apFBM&&`mE
zWoesM<rx~%_1{=T-cFKJH<bupa~>y@G>&ak&dnPERZ&O=kQ{nvY5^+FdT9qFRYOc_
zX5pHAPJ(>WbNpPK8_%U*OBLwAG?0LI?QGsbLvl!iNaL2t&ebScSAIcQ(TX$)49hPG
zd#p8KkG3dm4XeVMEz42~Vrvq^hQ(=B>t?+enx4|{8Vxv=#8$Ty2i*M<?bAr7CjDWc
zvT5UT^S{JmSjlf|lHS%XMv~jMY%vmOOD#q!LGKESA=<BLG4i0AFUD6MC;E-Whc0RV
zfyyAboEfOb{?j|m*?$Jd$GxrnXA>pwTAMcgmR$y9%|FJv{H<F3OAY2<xFLMW{jcM<
z*1G=($NSm*fBU_`{&xRwqO2|cPZP*nO(3hq|6QekY%=~YgZ`@Vf7M{N@qdlu|1uM~
za{ON%oJR3~v4@Wdj0rQjQGm>Q&JmqMe@PNyE`_0bSZ@yfoC44s(3Av(CbOfUSRdmE
zphEF|wcU|UoSyr<TsE9?=++`R8e{9>w}Nhg$yQL{p;mZZU8%#YBk#eI8*t^_wXC+%
z^!zues~;o(-+saQf3VH}yOFYDaMOctg7eTH<!*S1Zq{;J{Ouj)4@l0Jq^oaoja$By
zOJ3}j1A6+a-g4X?aQWK|=nB`t<$xb>LA(UehL@DhAg=8ad4=wlOZO+QDV+3^c}gNZ
zIM^?+O(!+Ka@%bA%zh)*+Vz)8`A<K<?u?*&ivrKFlD)4_{_FP#{ha^z@!{6~vyqbF
zntH{5R101v@il${Aea6BPih{n;c%IKRAd6lOnfq_RrZd$MwP~m2BKRA{@0KsuzFe}
zhEC10$d*Z;D=lC=m9*$ZiA?9I441mq9E;uZ8Z%Dl;tihRw6{W01=Z9{i=K3ATh+}$
zNW7E0?vqoqK%+-x8^Ug+TNPY0XK$TTJYyx&dSC|173ieViY&3qliK;0_6p|A?9u`>
z<g5Fak?&ur_}>Id_Lm}wH`lrdopSj+J1U9^#e5+{K+|u(<$g-bhYbL=^Up}uu80Y8
zJS71~_f~dnmj0n=YU-iY%$2bjCa-9k)oq+Yu9Jzj&EOQ|p4XG>IRt6QDsjh0-S{I#
z6U;bWDDdUbB`m@42*ZMLiEUq3o5M)~LW01GTv-c2gmGodkSaGVoh<o;d{z*;=M<jM
zN$zcA<Ka{IEW868Ct-XqOP`OA6FOD4&o?Q01U&aKN3S-RBnM8#!KGKzRL%EUAwY_G
zdlk$x^M-<XgME`U&b)<NGh!dl(PO?Wp4;AQeNH?BJvEqzy(nG@dDTb7D}g@XUGYk|
z4|-a>5^~Y&;?{O~>__W2N?PlDt-c!cnuu$Cuhv%sUMG1qc)dPN54i_!bFTHKq|ys6
zPew)l#h~t~^4#c3o+}5nN5g6lZ&v|X|I5>v-YTP_t4F)a>)sV0mVMzn18TWfzRMan
znD3gmxsQ5VgYDCnrR={eJ_1vh|6{+`%fA0|bhN$y-$>DX!hV#c%4}sGX31KFzw&ok
zitIK|d~N;}+FqBQ<kDAKGK1f~)beO$IsU)eBLH>$|KK>E|D(6f|GAM;;Qw8oA+F|@
zFdHNC1w0a9F`GZlbz|zWfWlP&Ce3m>_p_Dd*-58smS;zj&RHd7j*~>oiz=BJ+dHEq
z%sx)wfRi_G^69iQKy*gz;@r<B^>bCa><3_Py=q``K)!`4!?=0PK>iWGWY9{IqRM|-
z4;Xyu@jT0xrTG7fNucZa|6q`n|NDpg+xWkYlmh;5=Kx&$nXpYFz0&bjm`qx+zOOYu
zs~OwB{%kDut13(L{}qzJ*4lsiS^mG@JKFmHZKQmm{C}H7w)hy>WHQ;f*L5Y8UFJ4r
zn`3q}Whwr@ViMT8_`m*PHvVrg*x$bYxRJ7w|9A6<zv3;wh8Vx5fWP{vzGA<<FCwz9
z$rVLGOkc^;HHqRYY5GKQdnMQ`8>!a-Ow-uB5>U%V<240S6@S+N#=|1+mhE8q7`s;D
zlv8y(m836~|9_cswy8_vr~COL1M~71cKPVMlDXK%<9#J%75Q)3ByctIU+?H}kk$W>
z`dj~xjg$iYzeEPC+47luaocopYf*(CoqbmB|B#aV#S}pgQRc*tr>*_{r~O`b{|^TH
z$J_nCiIUI%XvN#h^}j;=wIYF{Dw;Y<_xovl-TGu({p(7XlCi<L5#wa$$dz#PWVh;)
z>txrhE?HW(ek>{vbW`)%d`X%>Lj=!DQnzH_@75wTEkUG6DSPT2^mUg?{?Fa;0c<}m
z_3~ft{pbDd`%jxG8786=!f#pmBd~JrhB4;`JoLfy3<KnDxGODEB~0%z*1vN9N8Z!z
z|Ly(nMoMP?>o*9t`~MO4f8^Ed|H%6y_J3!J{287EgrfEIQMdmO`x*c5{$X!>|F@a4
z11=%whz1OB0@SL5yD195D8jyng9!+sdkZIsby_>%dWxC!(Up(%uqpC=F!9Mqg`VJG
zvM2Tv<amx`<g@i123~6i1ZX0!=fLxjqA|Wlp1R@rU%MUfOW-d631mxw5(p6mJ`PZ)
z)j7NRc*O}ttsQVmW-}6iUr(=qhbe1yCYX2Se--+z&geh1EB|XgOebCOAM+=h2i*kF
z2)egX2*%h)to40|-G#01J0p18`o6<wVe9+<+u8xYLW)Vm!1>uL*6L_S;Z_HG2zFIH
zN`C(uRgr@I|I2R|uijm)v5&g_-_PcM>+c_J?LV6-FbpY~%M>#XIGtiNKJn2#3_L_z
z4&ZPKDV(+_nqzcVSL><AvMtM(g8l#Q)ydi0SDl%+u0E>w|IzW$e#ZZ^f6zbPp8p#u
zJ0K;qwpt%jfB);bOg200b|;umqmg{BBe^i{rYL6@U<P0S&ecaNu`A$H$U(#qOSA|f
zZ!mGB13pCx3mu#jsVoPbR_mIGMtcByo~(6~zN?Pa1RpXsR4{HVUn0@Pf<!dNDE4~q
zv|2km;QGy9&))sD)w;R4aY?|4k6PaWA^idzFb;hmFb+pP>Za%D=H^B=KNrLEB3E?P
zYDv*ZDlA|`2xpwaP)<jxF-Vd$0ulfSKKvsdlA7#cx0@Q}uJLC95fkE=n1>Iqkv~h;
zMxfkb(_JH~ff)?o1W`50ONwOt7Q-B|mh|CF`UL&X(O>jv<d97lr(z^>1<YKCuWEc!
zViSLAy-2D;;AXaP^oN^a)ucL(te;e`nC5HIDVfb+;OVJjnF$rkJVo}9%zR<>i@s~i
z5El@TKcv3>>-kRV?_I!<TwLH|#+d{bLJDVyBgzy_yD$JF6vIXy@FFVaP!HBn^54Pt
z-(TbK`|pR~4Q3pOdC;S0dSP$mB#EvRdA$#C*^)%&r>=*5#MKtE=ief;!lls7k{0>d
zrf5dyhyk<o_5>R>oB_xfaWUjZj!%e0t(Y$xShS*O^3<MZ)$f@2KDm=)m2uw5oX3kI
zK3fYw#tG|)$sy^SPZ6f^>d%#q-D+JL0N@iiL(HXE<|mMU$*L{Kalj`K|F?CMu`k?!
zPm1C-0v4Z(X9j!%R<oNFjBIv10WSqZr}a@8@PL&@?-RKBcLW!L_a!_cKE4we>7C?M
zBf{aN1_KT!qU&B~zt`y%fk+bX)j$#zb+QNn@qBzi_$5UQ1-x*MOiZZ&D|64CpB2n{
zNQo=X0U!-2g7#71#hgKgn*t9rPVp#`YaKD<i5-f))FN7#b_9C;UO$ahE`O}R>o>%w
z;)o;im`W%>TE+k)68!7S6Ui&?2)zXi2`c8uUw|>8_DIyGN%;nV?=J{PL*S9%85iUo
zh!qis4IYcr4NT!2iE{?}6hUtRXcPou8(Aj}WB?1c?fW1=$kY2#x@w5&$j@lf_IoiA
zGN3p;6{+M?^5tAH7h)sJY*Ugs<~E0!VzIYTAXi9CfP4+vB|)IrEt8Y~qF2`;dsvSw
z*X6;%ey-0kmb*jACm&+zWhud^JMzh>JA>j>>UzXw-H0LTOd{-=LoapkbQ7cd%-aPh
z;1o*_#()GUh2WGheu224DuLy>#S!iG?*b2^83`ETfK5r{dxA>L1`$A>F%T#?N$5of
zoDu1{E1F4)lZK(2if81{FWHTd0!0f!%Ti!dx7YH!+;~v3b&3>0ju3!y1?3$0*yVDC
z<eCa10H1U`yWMYkk7$dosA|~#LGJ))w>6XW>#vgbkq1cNFU01#De-iAsXDxoBbX~Y
zIQSdrbq4)T?-RIbx6@SO1uS8H=i~S|PuAuorxCi@i+3*pH`>+tCrlat4fE-1Rr{s`
zt`GtrLgGDRzzdk>mI=M3MPNxyE(u%|a@N%&WsY7;989`iz?_i8&U@V*`G=!E3(&iA
zzCFYtmPv(EsO3g_8gB{ZngBxLf%tn4dqv5Qg1rKr!~T!YX`IFJN#)Dp@{u(`q+#ts
zF~qt2t*EuBB*`~~Oi3wYAI9~afOyEkx`l&72YR012RCBv)3*fLri!$%!#L!Tlx>9I
zWfT{pBCtejQOQ6C=a)c3HZ4TYEItE7<%^%sFaBAelyy?mBpr}33C_>N<e0z2dCR2|
zCa2j#FbX}$k(ltjl;QZ&e<QsPaW+>09|jAMyu}AlFvpYxl2^?k#bO`I!3sX2#rTkT
zh3hNfp2n$?1@tTIAs1TgpPAEH&z~(j5Kj~B8^IypoSj?_hZjFvRSH?XFDm;U44q(N
z3tlDPcLmc!_iz^asB{p&$~+ZsNfdB7jFV)7=GIRIgP1`aSchG82gR_9z>2M12J1Y)
zJU#2lUwhzgirp!I6v=aDgvLhChhb<hi>Sdkq(XoA1a3b3D<cIe(vrEnvr=~~@cVKH
z5<p2LH6co($yA+J)>uA)8)Y9zbufeXGaPttu!{nQ{(&S5f2%$MUws9)Xd&Qx<Sy_D
z^uW)Eyulm|z!~IlBs4fpK_@b8sMvSn<WSrtuI%Z`2|0~?GBFrPq8jx2KXm(pZvRD>
z;YonU*o6Ui)TzN7P8?`@aA4p$vIl2^h%b6@Ob@KP3kr@Y=8_PZLr#p-m(K~vJuQC9
zO>AoN^pW`d4sx-wg3}l|f$bLb6aQ+~O@(c80u%(nPE1b<S@2x2nXFksHrvh9-wB;$
z3As@4gLD$jq^ep#$+tL=Ghr+fkXetF?13{WG+iMM2n9b9J{2&M3YoJp{%$>ipm<#p
zlg5dZcRV462$D)fv;yp4#0hhu(Esga6G9%1&>m2()(pHR6#qvI*aw%y11GwfT(`XF
zWJ8_d;GKTCLPNHG1-j2YwU@>i`JOtbW;npJXl7o$0Itprcrz#;zzp86)D^rh?yBD}
z?@I;PoL;_v&#|v#qAwA3QNZCu66Ce40ZuR9gD9y3!nl$=e8eP5;ymoN>w0^OW`r*4
zI-JQ`tMvg47xU;Di||4X72={$g!EkIi5fF-6VvaFo>(cdsJT{Rj{+g~;`Qle_eD=K
zF7eNUgZ*N`J4V7ZXR-2^!J`CUftVDaw2?+AvP@_;j!ee1Cp6Vq8Zw>88F^7YBWYyV
zCa^g;*w3J2CFqq*k9Y_OE~Jla^(z9;bv7+#o7DdPvfnw{Ejj~Dx?KaZD^6woQD}uV
z;Id4mG9$0(V@mG8Ovq<U=hc=h8}s-SHvq&jXGDafjIu5n3-lIMa8+ZWlNr9K>=(M9
zTbx)v19Z>#jAb>EJTslz$)Mu}Q2t3;r4+iSI9ba$Zu<S28s=RlkY=A@l1Ht=A}xhl
z+~0Uql^|6ENDM4F@oHdYo+6R*vi>B2pnDEX0-#E<xkTBDlf^1^oMDPQ5Ja;PqC&z*
z!;ll$&(Tht?Nh)or%eI_#>qgl(8Mwqq@6A3CB6#ESS-cB%x^O99b%k;|5n0M;d<v@
zoXJAWy+|WuQS7Io_;`%mh3n^96CsG|-++Aeun38Q0QfBVW=xH`MHMhVOLomcgwe>y
zY<gwvLy7o;jrfwGD0wz1OB0G;Tn7}ngeJCJoY#jb8jCFt_>?eY>RFf-*e)~3g^*8w
znIlTECug7Ne;a|=*pzfLV~bGQNRgmjIA{+uWnKzMjGi%oDM`-LwgAikVj*%d^!<g<
zy~mNCH@(Hjyqq&)pZ3c1R(JR@`}F&yUWYFlMjTGBBxP-Ru!U`X-)2U2ehHo%q}onf
z+B~G01O_VMqPmRPE!+o%=>SB}&(Baukt^nD7hDrSjPi10AvmUFmL;reS}3$&eky8j
zYFI`Wq50L?NK-aiYrPV&V?9>VoaB%l+BFqogPXEd7S-pA5GmTYARbb35~1McjTKt2
zY-DQ0VlZ!r3w^oLTD<(AS?KvC2q_Yv^&M-4C6Gs)Pz?RV6xdZz92|Cc;(t10LY>%H
zc!&Aa5h#n}Ud)G5el_isY)yvbJF+L1Z1pNoRwviT;zT~b1VWb<YKW{FzmU+8xkbf-
z+?>j)g6_ohT#!Ia+gMCY2UIZz^%%_Q6uGy_3_ol+a$CM;@hv)3OP5~H4`L4~F9HuJ
zbRAdVYwlVQNN858755>rts9TGz8x`BBOeC0djJ9o15cWvX>2OACQ4<IiMNoH{*<k$
zY;n?AF66o-MphvYNf_c^(ik+-Rl#$y^2#$-aHxho*eNQMO@?uC?wntO)AO@;OlA2M
z>_A$6nsi&r1|)&M*2)?lt0{ZYGdDsb1W1U)><G?caZSmnYCtj@rcfSN2b!eENL0%!
zqk<(rstdmv3}efsHgP|T2Uc*4Sk?(!u@|K$=Wh;8KVg0tW)kGBXQ<W5GCacq3~c}`
zhER%v;vb)6@{WuIZXj`@MGyff#a9X;26}sys{T3Fg|NIMujODh3b^UG+1i)wzcl(q
z#)7BDUsF~60Jxjp9&ra^w+V48;B+BGWJFQmA`grfK&UadXrW}K8x5gU2T1ygyodIs
zA>{h1edF#%dgu5sHV&8;AQVl+jH_1a9--f>03T)z9<RwAAY+asPY)3t6RKoL1-k}Z
z`Vlhe4<ZD>q`j!X0ExsVJ*)tfeRNFTL}=C56~en4$*>At53%@0PWMB!BO1dV5<0i8
zD3k{{7V`NN&T%l2ua^m3;}hstpp$*5tPCApuNE8CYZ?=YA@US5`&DbEC8XHdL)!vk
zpN|YZ$n##gd;k*2q4oxc2N?rE-RpNbs*9U6BD<<L@K&L_%Gd8|2(MoS>B%Xt=8e1!
zlU{b+>S!-Z6-|h5hB(D8%a{mmv}1u*p)M(zAwESB1G;{R4r`z_Gy)aCt+3=|fv3y?
zM)fZfkqz9{?E%^DA7~dS7;u9L%@_wNCa};*P$ZRSyC}4^t*|_gr@mD6v;j3H+r5=;
zuVzh*g#5z~{rzf~Sy8zHXi8*G2(k+NTM}SSsJ-d0Y#WL)2ql28Qq8hkmxPEy_3UK>
z5;lD&PB+P&f^~&%t`{uVc4>@aB#VtvsXfeGGM9XIw6O83r&WW~lmvt(=vaROcS;D;
z4&<u!GiHz^0dR@$V<s7!@;+C$tg1q1xtS?(Sh$lmI9+$92OnP$BwDUE;Y!tZiU5N%
z%YOkt9kpN#*vnyLUuu2GeJ%7)atTF5X7JMM;TU>R&ZzTVXaAtn>z)x;x<@F#QyAjT
z%-cykJ9HPjk}6G%1Gp39kyKLm))a<vFDN^{`cqz-B7c_m=#WmBjb=fClHPZ7=*Kqb
zITYl_?+^-Xs*|<F0sjfy?DtCMIhmDrk&hbh$8@vYS=w+zW;$PeLuS!=$d1e)Rk;_k
z{XWuW$e<)&K#?0j{wpE+q+V=iOg?pGA`{+CyH`UWQI3PjM+vICt3}478NdPfpOd$5
z#1hXS-vi3_sbWZCeOI~jbqX)-y&0Bf<KNIo-r3nicB;t9cx1+P!JVlLeuX~v)E&G2
zsFqjZVc&$YMZn>G8L!LZp@rt;65uEG!9-=q!R0U#;6=qc=tfvR$wIIUU0G9C9!iNE
zdy<i3b7)q{N#(sfP@=5FqS2D9Bw3etySl7hj#@?l&M)uM@^5)xk0-%4>oY6MzFEI4
zTaHLZsx6=BQnPP4Y$M%XYw5O}gqjGq1)CpocUtJFD0x@J<Q*nO(oz}{#$&%r#bY=D
z6BH;XDF{waWIb1~>M<6((e^~2=NY8&8Q4?srI)F^3f6~F%**0H#nY2c@l{0G*oq?e
z-X-CA8BckGn2=W{>gWN#labsGza!3(JC(O&j;`p4u})C13@$o&4_w2^GTqPnom?ni
zbw}wCzw=x)Uz1+T!~M$oF7&Or)E~9$caxs$If3pk=Kz*HbnKpfC!<m?u(BSqPHGp#
zLvi|d*@KDQNVcasKqWz&0cE>W!8q4C6ICaE<<jy;(qZ@7QB1k-=@=d*j>UPb3MQ-!
zzIK^Uz~7>U-9-|PRs|h;p3V)L12$Ceb%YR8W&{49QP-(L3-6t^K9pn%(BXJZqwl&q
z(DO{z)m`oRr)|Lu$rq}G^c#|Zq1Z=GxepZjiKVijeqke38D<&cwd0j8ab~zW#*P(?
zcbbgz?A7JFSEnb}ug><sdxk*ew1`6iL1~!H!BoDVS6rMC6G?gUFlKSU78!$gL^_VX
zS8k$A*Dc&M_AZI_o$ENJJf0p)c`0-H;%-<0kGo;w(Xb5I$g2VydCPz;4tKm!q1CaM
zn~9oCg|h1-vfweAY*<bun9PF$d5A>^Y#w4&eEjVT)|t3e>Vm4FdA$J6yrYA%F7-KD
z*O!ij?{^N%0Hx2#I(XIb@Wqq!gfa0yF5(f%WG(?25l^}(Qn_7^4iEPWrnoq4e)?yL
zn@@LK7CWEaeI-Fm<rI^TWGVvrfC$UXIE-W?m6uFcM$dm8`>^O+u|&hqv{?5Y|9-Eg
zi`DL1D?u)M*Ix<jX>MIBQF@At*9=1Izm?A~>Vq%l^Go}XyZKsZUj(H*^&S0D4x=@O
zTV)`xBjhS8Dy<fqlw-TA#wTR}ttCb&kKDuJlyVeT7fX~qEA4=y46tQ_iVDHjL>A?6
zx1x&*;57*`%1&>QDI^QJD%dE$Tn`8Z%XVCXbVHAnEVQg0zwX_~RAfp{f_iXxN|P5W
zm%liu7<7ruSYnMY15|B`Z}iCHgRSpNzS6i(-;s)^32h&bve_%Ofj4>oEaT9n0l{1+
z<|#du`&x&3Y5hcM94bhbnO&(>MNVX14a)%2Dc9072pXkbnmH`Ry#zIFRhBUqCeBI4
zn&^SXF=TrHDu9^9c6`rDT4~bZ$Ckh~jryi_Bh}N($oH>=a>i4+Le!^(;aZlpkm9*m
z7m6lA6JCgQ@=zcoPL}L`>plG9W&Lkyc7ONd$!U^c)LIVNUM9uJH1|~GSPF_}6qNYt
zn#38Ym+(8vH6iv&kojI_BOS@Dt~5%MeY}i48FUb$+(1sefl?`bnCw?&1hFrg#k^4D
zFH%>{)*+&d9wi=)sWDy>FF9vav-HFn=u2&_EZrJ`)3OpIYtnE}6og7_Vp}Mprf4pG
zn_gqa30=Gq(m{-5EVdBe15;H)MZ*f>mW*0(O(3urn?>g{ylEMS|LfDscuX1Nv&xOC
zK41or_?JW)G62(P%F|i9^}jzWg}5X@`?(D}F!y{c)Q36tRHhIE(m1|YVUyq{&V;JW
zN!q9^W-NXP<iawJwyvj$rLv1^ZyO;QAP>wj1h0`ld&a<x<1oZ;0Fh$glF5S$lHdLx
z_3*F&3d&uCU#j@ro10ea#Fyu~(69W3ATQ;rf_<d?gk<dS7;CpV%V{N(z}AdVPbs*Y
z3J{s3vofD*2mC~+ad_EVHeqtXn4Pgn$hv?tUk}Ti1Y+E`Dm~69ngGmLg!HYgfv7yR
za3FS@P8#Hs$s06BehV_8D!3GnkOw|Y5k(J7*2pP|M!wK<374sCyd8<z?g|r;S>)IX
z*qOf^$Z4<=1^*9;<Qkc@NJdimU`^e>o?CzHs(jCREv41EARHww>qUx8d_c<WBy%K=
zWS=-do{ZX;#?M42lMGFAJLwD`01}|RmU=3XgFER9HiNhFFFXqgV^|zLoCpTsMv7|-
zJy>VYnoQMFgPr64;J9$j#0+;OMY66Ui>|1vasbW<71TQ>Chc|X&GlAoC6#CR!gf7N
zg|SPYE@{ln`~7y-K=ey*bVC3_@3K(J==?=)?K-nz!x(`M$gmVGiy6YR`u;^bIqt~{
za>`V&LdHEfwvpFjlJ$yKtCyZj`PcvXsO6LpPEc3;Ta6ddR_jt6mLy^(U8hbC9cN^p
zLLpS91SHYE^ZiXaEjSqY#Jx57>trC`9UvpI=o|qrim!Q-Y}GnDn~=zY64DyBz861#
z=ym!>o&M_F=u~zkv&MNlz5Y>uS096%f#-8fc?5l#qzG^o?X4xdUEo1B9T7-9a0i)A
z?d`=_4fZ>|bzwEw?`f>8)dG;KTY~<J-iw}@R|uj2-vdV6Tg1T~8mZM(yeBcoKn{H3
zLSGE5(*h~Bc;iOY2aY2EIT}!x&qBQy6$*}m+Y!G5onk+RsA_7`x-l1ErFn#fV5QVh
ztkDwth0u7fumFc4;!4f`kjqW3W@??2t)xCjZ$s&E&3PE_jGZ0uO4|X>F0RZrO;dfV
zb>evd2H=BLwFXCr;R)*+6NBRgY&Y}rg1l$6^nAmdR6=@r?%P`gB)`kI<P!d*J^)~M
z)`5OFg`ISg0kNLyRW=Jx<EHD9StowF;pDd~@a7o2dh?@_E3U5Ifa@ePR;#7WtT{@6
z46rG=3(TEaW`+G@<)`xii9;G(yYP;6{bQ3S!SRpP0pD!ytl)MtcarSof2|M9`cg38
z=BOAUo}FoU$DEW7=`iL?|Ft22G#J7=HiYhM_|Jbj|NN);&+wn73@wkouKDN`{702l
za4|RjAtju+#2<pT7-xIcamgTj4TP-(CCN1IV9!U6z91TcXZuIJ-m^4a9)Js*F5e*!
zQ>0%Rxe@qK{Y7W}7!&FuC;fxWMhq#E%BfDKtU!t`bUGTjJ%QPu9m!eMJvRY7qJexF
ze5{^*7BYx+pDek#vN|YE<7mbwO%sHAidP!>PxRJN@|SEW1}M|k7~O3K!%%e`zXYQ>
zZj$0gpdlKnF9!$v%QWxxZoqS$RcTjhxB<9B>Ja%(4dJ7@)s|=n%CjV%c|d{$6S-XJ
z{ipb;+Bx=03_)93GumJ$?oMNIqjRYc!(T+hRG%$FXUX&q!6!|BI>J<p?63M09)st=
z9t?O1Ui82&_(NBa&t1xu-S52shDCiR_~v)|BI092v4Qtl4J=8!ug0f%$%|gg;v)wK
z`wCk%wxPu90enfrSqp0_U<cfNI5#*r*k2ij;*{+LiKqi<uo4`;2+<I<1Ao*`@ei2?
z`EcKndxFaMVv^9UvO_s>ivEypFE+iMwyF3$yCtE}lMyn<m~6$mX;{0~OHLk{K^&-i
zEK6>X49yFew%as2@9Z~d0q_E`I=bg}83iT%4?(+FTxeS_J*ne8amP1ay{*=7V&cl)
zTZx|!=ye8%f7!F#VG9({ka#+alDdmBIq;;~E;*fXZMK%{Ch>&VZpkUp?#8~N9wW#l
z5fBhkG)DmkBk0AbNRf4fl<%>=L{=`X(k9)h8!J}B?0m1hwWJs?@w~O4o9Z9@Wlz*Q
z0%Lp+KIn`oELze^6Gpz@JvbcnmC@t1(8m#_gsKE=Q8=N{!@)$clH{sz2+jjJWy%0G
z1nqXKb*}VXabCs^ZS_&k42&1k#2xlJ`~8l}ncMFSIs-9VfrK=J3owx;VU3iJZ<Y6%
zqUhEu@pTB^U;g~=<m?sr>E!&)tFvJ&p11!WQLM>rE4LPjd4nMhbq;0GXf}(aeL_+5
znS3chsK-;Gf(0J9n=a(Yg)UgL8n*pKE<k_(=-_A<j3Tbo5JvpD_Odhf0fsoZxxc@^
zFS|EQE;Uqqp{y(o=yoPYE3b?ez2(GqTCEeQ?3=Z@>30T4o!(8_0I&x}3&8L!^cPYh
zQZ`SOseJ+BnN$<F2W}oV(^@VG2=GZT5gM)QMiej{xb|JJXdYMPDgkaF-C;T#drPz6
z{YMvf<9v~h@;z59#j#9{%k)wE{%h|z^ZxswzdzW%|G0^gK2_C2?{Om0j9eQro$xOu
zNzn+kw@<%*t)<!iH>np_;{bL0e?R;F`(SW5=xz7^CQ9A@PwQ_|<1jh!<fk}2oRO=!
z8xCV_^M_uqHw62=-VZ(fE%MSo_tnq+R!cWjP1^ddtIHAN!xz05y>_dm+p1PYHJ*Ah
zzrs?t|8)@8sz<*pwdeoQQD*=5dxzWee<P)C|0j`|YTN$P`H8|Aa()SwHVr%!ELs3$
zqWI#<gx*2wA<wxKB7?H@u<b_uVoKfqf7r>dO5OhN9Uo-(|KR9&yZ<*)9&-LaHSXK;
z@KU$`xf?o>7drVE<mMcqUjEPO{|ASI?f&0LSz-Ujrn{CU?dR!ZX#CY$megNWZL0x1
zL20`GA5;Dx^!hpZzt`XH|4oz!?f>nL{pw4T{r`}?|6fh?|NX4|-y3Z0f14@Q`@epJ
zZ@2c>T}t*pf_nd(j6IKe{`d9^?0;MNe<P)O|35W$+w$0@ZvX3GjmO>p$NSm+-|ubh
z{~IZF^1ohxCI9OXouPUw^r=zbmNk^R{U5Ro$p5`TUjE;n{~IYa@_#PAU)0*Nfj>{F
z+y5ptH4MC!c|q;|Kg`<y1_#^yznM~h|DQ=?T_g!?*~C{{n(qHc_5bN*{r~#CqoeKq
z-$Yr<{(tI0Y|F}}Z2z0Aj}DADVJ`G>@M!-3y~CXUZ~tJs|2I<7``=pZ?LPk|O6~q%
zLjX|i{y)m?|NZ^#{@+L`k7D0O`+N(f;r@S+8*ttJALQ)+gX6)$cK>gpRArIbM*IBv
zOYQz&g9AYA`G1i2|KHyKZ>H>kH)zbk$cKSUxheKnoM=+5`F5lIiA(MNUqb+3t^KcH
z{~v7k|3*qi|KCRYePg9||F6LTsNVjU^Zy?lZ}<O3N_ziqy?ws5QoH}x5CB}i|Fix-
z{ez>e{=bpZT>pP+Ot<ARO6~q%g9Bi_{-3q~^$zy8`+p;4>$&r7m)iZmh6Dh0`+snp
zz5hEn-rwKu|4o$I^M4!d|EDgE_y1$s{|>YHKl+3I_Wa*SSz`ZhckG|AG}`}<E&u1v
z|K7piaJ&CEQMLj8-*&0p|7!>Usy+V)x%}TpTls%8C42w3jrRGrO5^?inD>82x%mIV
m@izW{BV~pC|I{dN%eHLGwrtB9%Ksk#0RR7wP-`9lx&i>_%jszV

literal 0
HcmV?d00001

diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/.helmignore b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/.helmignore
new file mode 100755
index 0000000..f0c1319
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/Chart.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/Chart.yaml
new file mode 100755
index 0000000..0a3fe5a
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/Chart.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+appVersion: 0.30.0
+description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration.
+home: https://github.com/kubernetes/ingress-nginx
+icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
+keywords:
+- ingress
+- nginx
+kubeVersion: '>=1.10.0-0'
+maintainers:
+- name: ChiefAlexander
+- email: Trevor.G.Wood@gmail.com
+  name: taharah
+name: rke2-ingress-nginx
+sources:
+- https://github.com/kubernetes/ingress-nginx
+version: 1.36.301
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/OWNERS b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/OWNERS
new file mode 100755
index 0000000..0001de3
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/OWNERS
@@ -0,0 +1,6 @@
+approvers:
+- ChiefAlexander
+- taharah
+reviewers:
+- ChiefAlexander
+- taharah
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/README.md b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/README.md
new file mode 100755
index 0000000..87dfdb4
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/README.md
@@ -0,0 +1,361 @@
+# nginx-ingress
+
+[nginx-ingress](https://github.com/kubernetes/ingress-nginx) is an Ingress controller that uses ConfigMap to store the nginx configuration.
+
+To use, add the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
+
+## TL;DR;
+
+```console
+$ helm install stable/nginx-ingress
+```
+
+## Introduction
+
+This chart bootstraps an nginx-ingress deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+  - Kubernetes 1.6+
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install --name my-release stable/nginx-ingress
+```
+
+The command deploys nginx-ingress on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the nginx-ingress chart and their default values.
+
+Parameter | Description | Default
+--- | --- | ---
+`controller.name` | name of the controller component | `controller`
+`controller.image.repository` | controller container image repository | `quay.io/kubernetes-ingress-controller/nginx-ingress-controller`
+`controller.image.tag` | controller container image tag | `0.30.0`
+`controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent`
+`controller.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. | `101`
+`controller.useComponentLabel` | Wether to add component label so the HPA can work separately for controller and defaultBackend. *Note: don't change this if you have an already running deployment as it will need the recreation of the controller deployment* | `false`
+`controller.containerPort.http` | The port that the controller container listens on for http connections. | `80`
+`controller.containerPort.https` | The port that the controller container listens on for https connections. | `443`
+`controller.config` | nginx [ConfigMap](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md) entries | none
+`controller.hostNetwork` | If the nginx deployment / daemonset should run on the host's network namespace. Do not set this when `controller.service.externalIPs` is set and `kube-proxy` is used as there will be a port-conflict for port `80` | false
+`controller.defaultBackendService` | default 404 backend service; needed only if `defaultBackend.enabled = false` and version < 0.21.0| `""`
+`controller.dnsPolicy` | If using `hostNetwork=true`, change to `ClusterFirstWithHostNet`. See [pod's dns policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for details | `ClusterFirst`
+`controller.dnsConfig` | custom pod dnsConfig. See [pod's dns config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-config) for details | `{}`
+`controller.reportNodeInternalIp` | If using `hostNetwork=true`, setting `reportNodeInternalIp=true`, will pass the flag `report-node-internal-ip-address` to nginx-ingress. This sets the status of all Ingress objects to the internal IP address of all nodes running the NGINX Ingress controller.
+`controller.electionID` | election ID to use for the status update | `ingress-controller-leader`
+`controller.extraEnvs` | any additional environment variables to set in the pods | `{}`
+`controller.extraContainers` | Sidecar containers to add to the controller pod. See [LemonLDAP::NG controller](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller) as example | `{}`
+`controller.extraVolumeMounts` | Additional volumeMounts to the controller main container | `{}`
+`controller.extraVolumes` | Additional volumes to the controller pod | `{}`
+`controller.extraInitContainers` | Containers, which are run before the app containers are started | `[]`
+`controller.ingressClass` | name of the ingress class to route through this controller | `nginx`
+`controller.maxmindLicenseKey` | Maxmind license key to download GeoLite2 Databases. See [Accessing and using GeoLite2 database](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/) | `""`
+`controller.scope.enabled` | limit the scope of the ingress controller | `false` (watch all namespaces)
+`controller.scope.namespace` | namespace to watch for ingress | `""` (use the release namespace)
+`controller.extraArgs` | Additional controller container arguments | `{}`
+`controller.kind` | install as Deployment, DaemonSet or Both | `Deployment`
+`controller.deploymentAnnotations` | annotations to be added to deployment | `{}`
+`controller.autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | false
+`controller.autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2`
+`controller.autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `11`
+`controller.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage to scale | `"50"`
+`controller.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage to scale | `"50"`
+`controller.daemonset.useHostPort` | If `controller.kind` is `DaemonSet`, this will enable `hostPort` for TCP/80 and TCP/443 | false
+`controller.daemonset.hostPorts.http` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"80"`
+`controller.daemonset.hostPorts.https` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"443"`
+`controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
+`controller.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}`
+`controller.terminationGracePeriodSeconds` | how many seconds to wait before terminating a pod | `60`
+`controller.minReadySeconds` | how many seconds a pod needs to be ready before killing the next, during update | `0`
+`controller.nodeSelector` | node labels for pod assignment | `{}`
+`controller.podAnnotations` | annotations to be added to pods | `{}`
+`controller.deploymentLabels` | labels to add to the deployment metadata | `{}`
+`controller.podLabels` | labels to add to the pod container metadata | `{}`
+`controller.podSecurityContext` | Security context policies to add to the controller pod | `{}`
+`controller.replicaCount` | desired number of controller pods | `1`
+`controller.minAvailable` | minimum number of available controller pods for PodDisruptionBudget | `1`
+`controller.resources` | controller pod resource requests & limits | `{}`
+`controller.priorityClassName` | controller priorityClassName | `nil`
+`controller.lifecycle` | controller pod lifecycle hooks | `{}`
+`controller.service.annotations` | annotations for controller service | `{}`
+`controller.service.labels` | labels for controller service | `{}`
+`controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `false`
+`controller.publishService.pathOverride` | override of the default publish-service name | `""`
+`controller.service.enabled` | if disabled no service will be created. This is especially useful when `controller.kind` is set to `DaemonSet` and `controller.daemonset.useHostPorts` is `true` | true
+`controller.service.clusterIP` | internal controller cluster service IP (set to `"-"` to pass an empty value) | `nil`
+`controller.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the controller service | `false`
+`controller.service.externalIPs` | controller service external IP addresses. Do not set this when `controller.hostNetwork` is set to `true` and `kube-proxy` is used as there will be a port-conflict for port `80` | `[]`
+`controller.service.externalTrafficPolicy` | If `controller.service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `"Cluster"`
+`controller.service.sessionAffinity` | Enables client IP based session affinity. Must be `ClientIP` or `None` if set.  | `""`
+`controller.service.healthCheckNodePort` | If `controller.service.type` is `NodePort` or `LoadBalancer` and `controller.service.externalTrafficPolicy` is set to `Local`, set this to [the managed health-check port the kube-proxy will expose](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport). If blank, a random port in the `NodePort` range will be assigned | `""`
+`controller.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
+`controller.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
+`controller.service.enableHttp` | if port 80 should be opened for service | `true`
+`controller.service.enableHttps` | if port 443 should be opened for service | `true`
+`controller.service.targetPorts.http` | Sets the targetPort that maps to the Ingress' port 80 | `80`
+`controller.service.targetPorts.https` | Sets the targetPort that maps to the Ingress' port 443 | `443`
+`controller.service.ports.http` | Sets service http port | `80`
+`controller.service.ports.https` | Sets service https port | `443`
+`controller.service.type` | type of controller service to create | `LoadBalancer`
+`controller.service.nodePorts.http` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 80 | `""`
+`controller.service.nodePorts.https` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 | `""`
+`controller.service.nodePorts.tcp` | Sets the nodePort for an entry referenced by its key from `tcp` | `{}`
+`controller.service.nodePorts.udp` | Sets the nodePort for an entry referenced by its key from `udp` | `{}`
+`controller.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 10
+`controller.livenessProbe.periodSeconds` | How often to perform the probe | 10
+`controller.livenessProbe.timeoutSeconds` | When the probe times out | 5
+`controller.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
+`controller.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
+`controller.livenessProbe.port` | The port number that the liveness probe will listen on. | 10254
+`controller.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 10
+`controller.readinessProbe.periodSeconds` | How often to perform the probe | 10
+`controller.readinessProbe.timeoutSeconds` | When the probe times out | 1
+`controller.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
+`controller.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
+`controller.readinessProbe.port` | The port number that the readiness probe will listen on. | 10254
+`controller.metrics.enabled` | if `true`, enable Prometheus metrics | `false`
+`controller.metrics.service.annotations` | annotations for Prometheus metrics service | `{}`
+`controller.metrics.service.clusterIP` | cluster IP address to assign to service (set to `"-"` to pass an empty value) | `nil`
+`controller.metrics.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the metrics service | `false`
+`controller.metrics.service.externalIPs` | Prometheus metrics service external IP addresses | `[]`
+`controller.metrics.service.labels` | labels for metrics service | `{}`
+`controller.metrics.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
+`controller.metrics.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
+`controller.metrics.service.servicePort` | Prometheus metrics service port | `9913`
+`controller.metrics.service.type` | type of Prometheus metrics service to create | `ClusterIP`
+`controller.metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false`
+`controller.metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}`
+`controller.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false`
+`controller.metrics.serviceMonitor.namespace` | namespace where servicemonitor resource should be created | `the same namespace as nginx ingress`
+`controller.metrics.serviceMonitor.namespaceSelector` | [namespaceSelector](https://github.com/coreos/prometheus-operator/blob/v0.34.0/Documentation/api.md#namespaceselector) to configure what namespaces to scrape | `will scrape the helm release namespace only`
+`controller.metrics.serviceMonitor.scrapeInterval` | interval between Prometheus scraping | `30s`
+`controller.metrics.prometheusRule.enabled` | Set this to `true` to create prometheusRules for Prometheus operator | `false`
+`controller.metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}`
+`controller.metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `the same namespace as nginx ingress`
+`controller.metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be prometheus in YAML format, check values for an example. | `[]`
+`controller.admissionWebhooks.enabled` | Create Ingress admission webhooks. Validating webhook will check the ingress syntax. | `false`
+`controller.admissionWebhooks.failurePolicy` | Failure policy for admission webhooks | `Fail`
+`controller.admissionWebhooks.port` | Admission webhook port | `8080`
+`controller.admissionWebhooks.service.annotations` | Annotations for admission webhook service | `{}`
+`controller.admissionWebhooks.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the admission webhook service | `false`
+`controller.admissionWebhooks.service.clusterIP` | cluster IP address to assign to admission webhook service (set to `"-"` to pass an empty value) | `nil`
+`controller.admissionWebhooks.service.externalIPs` | Admission webhook service external IP addresses | `[]`
+`controller.admissionWebhooks.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
+`controller.admissionWebhooks.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]`
+`controller.admissionWebhooks.service.servicePort` | Admission webhook service port | `443`
+`controller.admissionWebhooks.service.type` | Type of admission webhook service to create | `ClusterIP`
+`controller.admissionWebhooks.patch.enabled` | If true, will use a pre and post install hooks to generate a CA and certificate to use for validating webhook endpoint, and patch the created webhooks with the CA. | `true`
+`controller.admissionWebhooks.patch.image.repository` | Repository to use for the webhook integration jobs | `jettech/kube-webhook-certgen`
+`controller.admissionWebhooks.patch.image.tag` |  Tag to use for the webhook integration jobs | `v1.0.0`
+`controller.admissionWebhooks.patch.image.pullPolicy` | Image pull policy for the webhook integration jobs | `IfNotPresent`
+`controller.admissionWebhooks.patch.priorityClassName` | Priority class for the webhook integration jobs | `""`
+`controller.admissionWebhooks.patch.podAnnotations` | Annotations for the webhook job pods | `{}`
+`controller.admissionWebhooks.patch.nodeSelector` | Node selector for running admission hook patch jobs | `{}`
+`controller.customTemplate.configMapName` | configMap containing a custom nginx template | `""`
+`controller.customTemplate.configMapKey` | configMap key containing the nginx template | `""`
+`controller.addHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers) added before sending response to the client | `{}`
+`controller.proxySetHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#proxy-set-headers) added before sending request to the backends| `{}`
+`controller.headers` | DEPRECATED, Use `controller.proxySetHeaders` instead. | `{}`
+`controller.updateStrategy` | allows setting of RollingUpdate strategy | `{}`
+`controller.configMapNamespace` | The nginx-configmap namespace name | `""`
+`controller.tcp.configMapNamespace` | The tcp-services-configmap namespace name | `""`
+`controller.udp.configMapNamespace` | The udp-services-configmap namespace name | `""`
+`defaultBackend.enabled` | Use default backend component | `true`
+`defaultBackend.name` | name of the default backend component | `default-backend`
+`defaultBackend.image.repository` | default backend container image repository | `k8s.gcr.io/defaultbackend-amd64`
+`defaultBackend.image.tag` | default backend container image tag | `1.5`
+`defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent`
+`defaultBackend.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. By default uses nobody user. | `65534`
+`defaultBackend.useComponentLabel` | Whether to add component label so the HPA can work separately for controller and defaultBackend. *Note: don't change this if you have an already running deployment as it will need the recreation of the defaultBackend deployment* | `false`
+`defaultBackend.extraArgs` | Additional default backend container arguments | `{}`
+`defaultBackend.extraEnvs` | any additional environment variables to set in the defaultBackend pods | `[]`
+`defaultBackend.port` | Http port number | `8080`
+`defaultBackend.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30
+`defaultBackend.livenessProbe.periodSeconds` | How often to perform the probe | 10
+`defaultBackend.livenessProbe.timeoutSeconds` | When the probe times out | 5
+`defaultBackend.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
+`defaultBackend.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
+`defaultBackend.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 0
+`defaultBackend.readinessProbe.periodSeconds` | How often to perform the probe | 5
+`defaultBackend.readinessProbe.timeoutSeconds` | When the probe times out | 5
+`defaultBackend.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
+`defaultBackend.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6
+`defaultBackend.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
+`defaultBackend.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}`
+`defaultBackend.nodeSelector` | node labels for pod assignment | `{}`
+`defaultBackend.podAnnotations` | annotations to be added to pods | `{}`
+`defaultBackend.deploymentLabels` | labels to add to the deployment metadata | `{}`
+`defaultBackend.podLabels` | labels to add to the pod container metadata | `{}`
+`defaultBackend.replicaCount` | desired number of default backend pods | `1`
+`defaultBackend.minAvailable` | minimum number of available default backend pods for PodDisruptionBudget | `1`
+`defaultBackend.resources` | default backend pod resource requests & limits | `{}`
+`defaultBackend.priorityClassName` | default backend  priorityClassName | `nil`
+`defaultBackend.podSecurityContext` | Security context policies to add to the default backend | `{}`
+`defaultBackend.service.annotations` | annotations for default backend service | `{}`
+`defaultBackend.service.clusterIP` | internal default backend cluster service IP (set to `"-"` to pass an empty value) | `nil`
+`defaultBackend.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the default backend service | `false`
+`defaultBackend.service.externalIPs` | default backend service external IP addresses | `[]`
+`defaultBackend.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
+`defaultBackend.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
+`defaultBackend.service.type` | type of default backend service to create | `ClusterIP`
+`defaultBackend.serviceAccount.create` | if `true`, create a backend service account. Only useful if you need a pod security policy to run the backend. | `true`
+`defaultBackend.serviceAccount.name` | The name of the backend service account to use. If not set and `create` is `true`, a name is generated using the fullname template. Only useful if you need a pod security policy to run the backend. | ``
+`imagePullSecrets` | name of Secret resource containing private registry credentials | `nil`
+`rbac.create` | if `true`, create & use RBAC resources | `true`
+`rbac.scope` | if `true`, do not create & use clusterrole and -binding. Set to `true` in combination with `controller.scope.enabled=true` to disable load-balancer status updates and scope the ingress entirely. | `false`
+`podSecurityPolicy.enabled` | if `true`, create & use Pod Security Policy resources | `false`
+`serviceAccount.create` | if `true`, create a service account for the controller | `true`
+`serviceAccount.name` | The name of the controller service account to use. If not set and `create` is `true`, a name is generated using the fullname template. | ``
+`revisionHistoryLimit` | The number of old history to retain to allow rollback. | `10`
+`tcp` | TCP service key:value pairs. The value is evaluated as a template. | `{}`
+`udp` | UDP service key:value pairs The value is evaluated as a template. | `{}`
+`releaseLabelOverride` | If provided, the value will be used as the `release` label instead of .Release.Name | `""`
+
+These parameters can be passed via Helm's `--set` option
+```console
+$ helm install stable/nginx-ingress --name my-release \
+    --set controller.metrics.enabled=true
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install stable/nginx-ingress --name my-release -f values.yaml
+```
+
+A useful trick to debug issues with ingress is to increase the logLevel
+as described [here](https://github.com/kubernetes/ingress-nginx/blob/master/docs/troubleshooting.md#debug)
+
+```console
+$ helm install stable/nginx-ingress --set controller.extraArgs.v=2
+```
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## PodDisruptionBudget
+
+Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one,
+else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info.
+
+## Prometheus Metrics
+
+The Nginx ingress controller can export Prometheus metrics.
+
+```console
+$ helm install stable/nginx-ingress --name my-release \
+    --set controller.metrics.enabled=true
+```
+
+You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`.
+
+## nginx-ingress nginx\_status page/stats server
+
+Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller:
+* in [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
+* in [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
+  You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230) to re-enable the http server
+
+## ExternalDNS Service configuration
+
+Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
+
+```yaml
+controller:
+  service:
+    annotations:
+      external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
+```
+
+## AWS L7 ELB with SSL Termination
+
+Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/master/deploy/aws/l7/service-l7.yaml):
+
+```yaml
+controller:
+  service:
+    targetPorts:
+      http: http
+      https: http
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
+```
+
+## AWS L4 NLB with SSL Redirection
+
+`ssl-redirect` and `force-ssl-redirect` flag are not working with AWS Network Load Balancer. You need to turn if off and add additional port with `server-snippet` in order to make it work.
+
+The port NLB `80` will be mapped to nginx container port `80` and NLB port `443` will be mapped to nginx container port `8000` (special). Then we use `$server_port` to manage redirection on port `80`
+```
+controller:
+  config:
+    ssl-redirect: "false" # we use `special` port to control ssl redirection 
+    server-snippet: |
+      listen 8000;
+      if ( $server_port = 80 ) {
+         return 308 https://$host$request_uri;
+      }
+  containerPort:
+    http: 80
+    https: 443
+    special: 8000
+  service:
+    targetPorts:
+      http: http
+      https: special
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "your-arn"
+      service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+```
+
+## AWS route53-mapper
+
+To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label:
+
+```yaml
+controller:
+  service:
+    labels:
+      dns: "route53"
+    annotations:
+      domainName: "kubernetes-example.com"
+```
+
+## Ingress Admission Webhooks
+
+With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
+
+With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
+
+## Helm error when upgrading: spec.clusterIP: Invalid value: ""
+
+If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
+
+```
+Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable
+```
+
+Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
+
+As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customconfig-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customconfig-values.yaml
new file mode 100755
index 0000000..f12eac3
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customconfig-values.yaml
@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  config:
+    use-proxy-protocol: "true"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customnodeport-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customnodeport-values.yaml
new file mode 100755
index 0000000..382bc50
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customnodeport-values.yaml
@@ -0,0 +1,15 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: NodePort
+    nodePorts:
+      tcp:
+        9000: 30090
+      udp:
+        9001: 30091
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-headers-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-headers-values.yaml
new file mode 100755
index 0000000..a29690f
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-headers-values.yaml
@@ -0,0 +1,6 @@
+controller:
+  kind: DaemonSet
+  addHeaders:
+    X-Frame-Options: deny
+  proxySetHeaders:
+    X-Forwarded-Proto: https
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-nodeport-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-nodeport-values.yaml
new file mode 100755
index 0000000..ebc8f10
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-nodeport-values.yaml
@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: NodePort
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
new file mode 100755
index 0000000..3484704
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,14 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: ClusterIP
+  tcp:
+    configMapNamespace: default
+  udp:
+    configMapNamespace: default
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-values.yaml
new file mode 100755
index 0000000..e6866d7
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-values.yaml
@@ -0,0 +1,10 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: ClusterIP
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-values.yaml
new file mode 100755
index 0000000..f0a6060
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-values.yaml
@@ -0,0 +1,6 @@
+controller:
+  kind: DaemonSet
+
+tcp:
+  9000: "default/test:8080"
+  9001: "default/test:8080"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-default-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-default-values.yaml
new file mode 100755
index 0000000..ddb2562
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-default-values.yaml
@@ -0,0 +1,2 @@
+controller:
+  kind: DaemonSet
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-metrics-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-metrics-values.yaml
new file mode 100755
index 0000000..5ce435d
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-metrics-values.yaml
@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  metrics:
+    enabled: true
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-psp-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-psp-values.yaml
new file mode 100755
index 0000000..b441c1a
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-psp-values.yaml
@@ -0,0 +1,5 @@
+controller:
+  kind: DaemonSet
+
+podSecurityPolicy:
+  enabled: true
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-and-psp-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-and-psp-values.yaml
new file mode 100755
index 0000000..2cf9d6f
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-and-psp-values.yaml
@@ -0,0 +1,7 @@
+controller:
+  kind: DaemonSet
+  admissionWebhooks:
+    enabled: true
+
+podSecurityPolicy:
+  enabled: true
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-values.yaml
new file mode 100755
index 0000000..2d2cb47
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-values.yaml
@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  admissionWebhooks:
+    enabled: true
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-autoscaling-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-autoscaling-values.yaml
new file mode 100755
index 0000000..e9701da
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-autoscaling-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  autoscaling:
+    enabled: true
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customconfig-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customconfig-values.yaml
new file mode 100755
index 0000000..401aea4
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customconfig-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  config:
+    use-proxy-protocol: "true"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customnodeport-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customnodeport-values.yaml
new file mode 100755
index 0000000..6958eaa
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customnodeport-values.yaml
@@ -0,0 +1,14 @@
+controller:
+  service:
+    type: NodePort
+    nodePorts:
+      tcp:
+        9000: 30090
+      udp:
+        9001: 30091
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-default-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-default-values.yaml
new file mode 100755
index 0000000..b15f0e4
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-default-values.yaml
@@ -0,0 +1 @@
+# Left blank to test default values
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-headers-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-headers-values.yaml
new file mode 100755
index 0000000..f3873af
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-headers-values.yaml
@@ -0,0 +1,5 @@
+controller:
+  addHeaders:
+    X-Frame-Options: deny
+  proxySetHeaders:
+    X-Forwarded-Proto: https
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-metrics-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-metrics-values.yaml
new file mode 100755
index 0000000..9a93fa5
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-metrics-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  metrics:
+    enabled: true
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-nodeport-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-nodeport-values.yaml
new file mode 100755
index 0000000..ffdc47b
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-nodeport-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  service:
+    type: NodePort
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-psp-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-psp-values.yaml
new file mode 100755
index 0000000..7aae860
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-psp-values.yaml
@@ -0,0 +1,2 @@
+podSecurityPolicy:
+  enabled: true
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-configMapNamespace-values.yaml
new file mode 100755
index 0000000..7b06c1e
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,13 @@
+controller:
+  service:
+    type: ClusterIP
+  tcp:
+    configMapNamespace: default
+  udp:
+    configMapNamespace: default
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-values.yaml
new file mode 100755
index 0000000..7c55d44
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-values.yaml
@@ -0,0 +1,9 @@
+controller:
+  service:
+    type: ClusterIP
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-values.yaml
new file mode 100755
index 0000000..c8bc204
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-values.yaml
@@ -0,0 +1,3 @@
+tcp:
+  9000: "default/test:8080"
+  9001: "default/test:8080"
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-and-psp-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-and-psp-values.yaml
new file mode 100755
index 0000000..0590d7c
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-and-psp-values.yaml
@@ -0,0 +1,6 @@
+controller:
+  admissionWebhooks:
+    enabled: true
+
+podSecurityPolicy:
+  enabled: true
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-values.yaml
new file mode 100755
index 0000000..07e1a92
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  admissionWebhooks:
+    enabled: true
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/NOTES.txt b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/NOTES.txt
new file mode 100755
index 0000000..e18a901
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/NOTES.txt
@@ -0,0 +1,71 @@
+The nginx-ingress controller has been installed.
+
+{{- if contains "NodePort" .Values.controller.service.type }}
+Get the application URL by running these commands:
+
+{{- if (not (empty .Values.controller.service.nodePorts.http)) }}
+  export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
+{{- else }}
+  export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ template "nginx-ingress.controller.fullname" . }})
+{{- end }}
+{{- if (not (empty .Values.controller.service.nodePorts.https)) }}
+  export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
+{{- else }}
+  export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ template "nginx-ingress.controller.fullname" . }})
+{{- end }}
+  export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
+
+  echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
+  echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
+{{- else if contains "LoadBalancer" .Values.controller.service.type }}
+It may take a few minutes for the LoadBalancer IP to be available.
+You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ template "nginx-ingress.controller.fullname" . }}'
+{{- else if contains "ClusterIP"  .Values.controller.service.type }}
+Get the application URL by running these commands:
+  export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "nginx-ingress.name" . }},component={{ .Values.controller.name }},release={{ template "nginx-ingress.releaseLabel" . }}")
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+  echo "Visit http://127.0.0.1:8080 to access your application."
+{{- end }}
+
+An example Ingress that makes use of the controller:
+
+  apiVersion: extensions/v1beta1
+  kind: Ingress
+  metadata:
+    annotations:
+      kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }}
+    name: example
+    namespace: foo
+  spec:
+    rules:
+      - host: www.example.com
+        http:
+          paths:
+            - backend:
+                serviceName: exampleService
+                servicePort: 80
+              path: /
+    # This section is only required if TLS is to be enabled for the Ingress
+    tls:
+        - hosts:
+            - www.example.com
+          secretName: example-tls
+
+If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
+
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: example-tls
+    namespace: foo
+  data:
+    tls.crt: <base64 encoded cert>
+    tls.key: <base64 encoded key>
+  type: kubernetes.io/tls
+
+{{- if .Values.controller.headers }}
+#################################################################################
+######   WARNING: `controller.headers` has been deprecated!                 #####
+######            It has been renamed to `controller.proxySetHeaders`.      #####
+#################################################################################
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/_helpers.tpl b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/_helpers.tpl
new file mode 100755
index 0000000..1881171
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/_helpers.tpl
@@ -0,0 +1,134 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nginx-ingress.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nginx-ingress.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "nginx-ingress.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified controller name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "nginx-ingress.controller.fullname" -}}
+{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Allow for the ability to override the release name used as a label in many places.
+*/}}
+{{- define "nginx-ingress.releaseLabel" -}}
+{{- .Values.releaseLabelOverride | default .Release.Name | trunc 63 -}}
+{{- end -}}
+
+{{/*
+Construct the path for the publish-service.
+
+By convention this will simply use the <namespace>/<controller-name> to match the name of the
+service generated.
+
+Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
+
+*/}}
+
+{{- define "nginx-ingress.controller.publishServicePath" -}}
+{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "nginx-ingress.controller.fullname" .) -}}
+{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
+{{- print $servicePath | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified default backend name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "nginx-ingress.defaultBackend.fullname" -}}
+{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "nginx-ingress.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "nginx-ingress.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
+*/}}
+{{- define "nginx-ingress.defaultBackend.serviceAccountName" -}}
+{{- if .Values.defaultBackend.serviceAccount.create -}}
+    {{ default (printf "%s-backend" (include "nginx-ingress.fullname" .)) .Values.defaultBackend.serviceAccount.name }}
+{{- else -}}
+    {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for deployment.
+*/}}
+{{- define "deployment.apiVersion" -}}
+{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "apps/v1" -}}
+{{- else -}}
+{{- print "extensions/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiGroup for PodSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiGroup" -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy" -}}
+{{- else -}}
+{{- print "extensions" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for podSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy/v1beta1" -}}
+{{- else -}}
+{{- print "extensions/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/addheaders-configmap.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/addheaders-configmap.yaml
new file mode 100755
index 0000000..534b133
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/addheaders-configmap.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.controller.addHeaders }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}-custom-add-headers
+data:
+{{ toYaml .Values.controller.addHeaders | indent 2 }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrole.yaml
new file mode 100755
index 0000000..a248326
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrole.yaml
@@ -0,0 +1,30 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+rules:
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+    verbs:
+      - get
+      - update
+{{- if .Values.podSecurityPolicy.enabled }}
+  - apiGroups: ['extensions']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames:
+    - {{ template "nginx-ingress.fullname" . }}-admission
+{{- end }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
new file mode 100755
index 0000000..c99fdf8
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "nginx-ingress.fullname" . }}-admission
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.fullname" . }}-admission
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-createSecret.yaml
new file mode 100755
index 0000000..e0d2c04
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -0,0 +1,55 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}-admission-create
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name: {{ template "nginx-ingress.fullname" . }}-admission-create
+{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
+      annotations:
+{{ toYaml .  | indent 8 }}
+{{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        chart: {{ template "nginx-ingress.chart" . }}
+        component: "{{ .Values.controller.name }}"
+        heritage: {{ .Release.Service }}
+        release: {{ template "nginx-ingress.releaseLabel" . }}
+    spec:
+      {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
+      priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
+      {{- end }}
+      containers:
+        - name: create
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
+          imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
+          args:
+            - create
+            - --host={{ template "nginx-ingress.controller.fullname" . }}-admission,{{ template "nginx-ingress.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc
+            - --namespace={{ .Release.Namespace }}
+            - --secret-name={{ template "nginx-ingress.fullname". }}-admission
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission
+      {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 2000
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
new file mode 100755
index 0000000..4f60fd9
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -0,0 +1,57 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}-admission-patch
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name:   {{ template "nginx-ingress.fullname" . }}-admission-patch
+{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
+      annotations:
+{{ toYaml .  | indent 8 }}
+{{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        chart: {{ template "nginx-ingress.chart" . }}
+        component: "{{ .Values.controller.name }}"
+        heritage: {{ .Release.Service }}
+        release: {{ template "nginx-ingress.releaseLabel" . }}
+    spec:
+      {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
+      priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
+      {{- end }}
+      containers:
+        - name: patch
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
+          imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }}
+          args:
+            - patch
+            - --webhook-name={{ template "nginx-ingress.fullname" . }}-admission
+            - --namespace={{ .Release.Namespace }}
+            - --patch-mutating=false
+            - --secret-name={{ template "nginx-ingress.fullname". }}-admission
+            - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission
+      {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 2000
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/psp.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/psp.yaml
new file mode 100755
index 0000000..a23f927
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/psp.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+spec:
+  allowPrivilegeEscalation: false
+  fsGroup:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    rule: MustRunAsNonRoot
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/role.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/role.yaml
new file mode 100755
index 0000000..665769f
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/role.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - create
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/rolebinding.yaml
new file mode 100755
index 0000000..0e4873f
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/rolebinding.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "nginx-ingress.fullname" . }}-admission
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.fullname" . }}-admission
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/serviceaccount.yaml
new file mode 100755
index 0000000..c0822f9
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/validating-webhook.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/validating-webhook.yaml
new file mode 100755
index 0000000..cd962e5
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/validating-webhook.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.controller.admissionWebhooks.enabled }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}-admission
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "admission-webhook"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}-admission
+webhooks:
+  - name: validate.nginx.ingress.kubernetes.io
+    rules:
+      - apiGroups:
+          - extensions
+          - networking.k8s.io
+        apiVersions:
+          - v1beta1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+    failurePolicy: Fail
+    clientConfig:
+      service:
+        namespace: {{ .Release.Namespace }}
+        name: {{ template "nginx-ingress.controller.fullname" . }}-admission
+        path: /extensions/v1beta1/ingresses
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrole.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrole.yaml
new file mode 100755
index 0000000..14667eb
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrole.yaml
@@ -0,0 +1,71 @@
+{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - endpoints
+      - nodes
+      - pods
+      - secrets
+    verbs:
+      - list
+      - watch
+{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    resourceNames:
+      - "{{ .Values.controller.scope.namespace }}"
+    verbs:
+      - get
+{{- end }}
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - update
+      - watch
+  - apiGroups:
+      - extensions
+      - "networking.k8s.io" # k8s 1.14+
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - extensions
+      - "networking.k8s.io" # k8s 1.14+
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+{{- end -}}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrolebinding.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrolebinding.yaml
new file mode 100755
index 0000000..39decda
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "nginx-ingress.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-configmap.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-configmap.yaml
new file mode 100755
index 0000000..25625b4
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-configmap.yaml
@@ -0,0 +1,22 @@
+{{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+data:
+{{- if .Values.controller.addHeaders }}
+  add-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-add-headers
+{{- end }}
+{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
+  proxy-set-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
+{{- end }}
+{{- if .Values.controller.config }}
+{{ toYaml .Values.controller.config | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-daemonset.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-daemonset.yaml
new file mode 100755
index 0000000..21e96b2
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-daemonset.yaml
@@ -0,0 +1,257 @@
+{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") }}
+{{- $useHostPort := .Values.controller.daemonset.useHostPort -}}
+{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
+apiVersion: {{ template "deployment.apiVersion" . }}
+kind: DaemonSet
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+    app.kubernetes.io/component: controller
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+  annotations:    
+{{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ template "nginx-ingress.releaseLabel" . }}
+    {{- if .Values.controller.useComponentLabel }}
+      app.kubernetes.io/component: controller
+    {{- end }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  updateStrategy:
+{{ toYaml .Values.controller.updateStrategy | indent 4 }}
+  minReadySeconds: {{ .Values.controller.minReadySeconds }}
+  template:
+    metadata:
+      {{- if .Values.controller.podAnnotations }}
+      annotations:
+      {{- range $key, $value := .Values.controller.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
+      {{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        release: {{ template "nginx-ingress.releaseLabel" . }}
+        component: "{{ .Values.controller.name }}"
+        app.kubernetes.io/component: controller
+        {{- if .Values.controller.podLabels }}
+{{ toYaml .Values.controller.podLabels | indent 8}}
+        {{- end }}
+    spec:
+{{- if .Values.controller.dnsConfig }}
+      dnsConfig:
+{{ toYaml .Values.controller.dnsConfig | indent 8 }}
+{{- end }}
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: "{{ .Values.controller.priorityClassName }}"
+{{- end }}
+      {{- if .Values.controller.podSecurityContext }}
+      securityContext:
+{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+          imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
+          {{- if .Values.controller.lifecycle }}
+          lifecycle:
+{{ toYaml .Values.controller.lifecycle | indent 12 }}
+          {{- end }}
+          args:
+            - /nginx-ingress-controller
+          {{- if .Values.defaultBackend.enabled }}
+            - --default-backend-service={{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }}
+          {{- else }}
+            {{- if (semverCompare "<0.21.0" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+            - --default-backend-service={{ required ".Values.controller.defaultBackendService is required if .Values.defaultBackend.enabled=false and .Values.controller.image.tag < 0.21.0" .Values.controller.defaultBackendService }}
+            {{- else if .Values.controller.defaultBackendService }}
+            - --default-backend-service={{ .Values.controller.defaultBackendService }}
+            {{- end }}
+          {{- end }}
+          {{- if and (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) .Values.controller.publishService.enabled }}
+            - --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+            - --election-id={{ .Values.controller.electionID }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+            - --ingress-class={{ .Values.controller.ingressClass }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+            - --configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
+          {{- else }}
+            - --nginx-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
+          {{- end }}
+          {{- if .Values.tcp }}
+            - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
+          {{- end }}
+          {{- if .Values.udp }}
+            - --udp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-udp
+          {{- end }}
+          {{- if .Values.controller.scope.enabled }}
+            - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
+          {{- end }}
+          {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork)}}
+            - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
+          {{- end }}
+          {{- if .Values.controller.admissionWebhooks.enabled }}
+            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
+            - --validating-webhook-certificate=/usr/local/certificates/cert
+            - --validating-webhook-key=/usr/local/certificates/key
+          {{- end }}
+          {{- if .Values.controller.maxmindLicenseKey }}
+            - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
+          {{- end }}
+          {{- range $key, $value := .Values.controller.extraArgs }}
+            {{- if $value }}
+            - --{{ $key }}={{ $value }}
+            {{- else }}
+            - --{{ $key }}
+            {{- end }}
+          {{- end }}
+          {{- if (semverCompare ">=0.16.0" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+          securityContext:
+            capabilities:
+                drop:
+                - ALL
+                add:
+                - NET_BIND_SERVICE
+            runAsUser: {{ .Values.controller.image.runAsUser }}
+            allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
+          {{- end }}
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.controller.extraEnvs }}
+{{ toYaml .Values.controller.extraEnvs | indent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.livenessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
+          ports:
+          {{- range $key, $value := .Values.controller.containerPort }}
+            - name: {{ $key }}
+              containerPort: {{ $value }}
+              protocol: TCP
+              {{- if $useHostPort }}
+              hostPort: {{ index $hostPorts $key | default $value }}
+              {{- end }}
+          {{- end }}
+          {{- if .Values.controller.metrics.enabled }}
+            - name: metrics
+              containerPort: {{ .Values.controller.metrics.port }}
+              protocol: TCP
+          {{- end }}
+          {{- if .Values.controller.admissionWebhooks.enabled }}
+            - name: webhook
+              containerPort: {{ .Values.controller.admissionWebhooks.port }}
+              protocol: TCP
+          {{- end }}
+          {{- range $key, $value := .Values.tcp }}
+            - name: "{{ $key }}-tcp"
+              containerPort: {{ $key }}
+              protocol: TCP
+              {{- if $useHostPort }}
+              hostPort: {{ $key }}
+              {{- end }}
+          {{- end }}
+          {{- range $key, $value := .Values.udp }}
+            - name: "{{ $key }}-udp"
+              containerPort: {{ $key }}
+              protocol: UDP
+              {{- if $useHostPort }}
+              hostPort: {{ $key }}
+              {{- end }}
+          {{- end }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.readinessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
+{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
+          volumeMounts:
+{{- end }}
+{{- if .Values.controller.customTemplate.configMapName }}
+            - mountPath: /etc/nginx/template
+              name: nginx-template-volume
+              readOnly: true
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+            - name: webhook-cert
+              mountPath: "/usr/local/certificates/"
+              readOnly: true
+{{- end }}
+{{- if .Values.controller.extraVolumeMounts }}
+{{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
+{{- end }}
+          resources:
+{{ toYaml .Values.controller.resources | indent 12 }}
+{{- if .Values.controller.extraContainers }}
+{{ toYaml .Values.controller.extraContainers | indent 8}}
+{{- end }}
+{{- if .Values.controller.extraInitContainers }}
+      initContainers:
+{{ toYaml .Values.controller.extraInitContainers | indent 8}}
+{{- end }}
+      hostNetwork: {{ .Values.controller.hostNetwork }}
+    {{- if .Values.controller.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.controller.nodeSelector | indent 8 }}
+    {{- end }}
+    {{- if .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml .Values.controller.tolerations | indent 8 }}
+    {{- end }}
+    {{- if .Values.controller.affinity }}
+      affinity:
+{{ toYaml .Values.controller.affinity | indent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }}
+      terminationGracePeriodSeconds: 60
+{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
+      volumes:
+{{- end }}
+{{- if .Values.controller.customTemplate.configMapName }}
+        - name: nginx-template-volume
+          configMap:
+            name: {{ .Values.controller.customTemplate.configMapName }}
+            items:
+            - key: {{ .Values.controller.customTemplate.configMapKey }}
+              path: nginx.tmpl
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+        - name: webhook-cert
+          secret:
+            secretName: {{ template "nginx-ingress.fullname". }}-admission
+{{- end }}
+{{- if .Values.controller.extraVolumes }}
+{{ toYaml .Values.controller.extraVolumes | indent 8}}
+{{- end }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-deployment.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-deployment.yaml
new file mode 100755
index 0000000..62cbcde
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-deployment.yaml
@@ -0,0 +1,255 @@
+{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
+apiVersion: {{ template "deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+    app.kubernetes.io/component: controller
+    {{- if .Values.controller.deploymentLabels }}
+{{ toYaml .Values.controller.deploymentLabels | indent 4 }}
+    {{- end }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+  annotations:
+{{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ template "nginx-ingress.releaseLabel" . }}
+    {{- if .Values.controller.useComponentLabel }}
+      app.kubernetes.io/component: controller
+    {{- end }}
+{{- if not .Values.controller.autoscaling.enabled }}
+  replicas: {{ .Values.controller.replicaCount }}
+{{- end }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  strategy:
+{{ toYaml .Values.controller.updateStrategy | indent 4 }}
+  minReadySeconds: {{ .Values.controller.minReadySeconds }}
+  template:
+    metadata:
+      {{- if .Values.controller.podAnnotations }}
+      annotations:
+      {{- range $key, $value := .Values.controller.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
+      {{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        release: {{ template "nginx-ingress.releaseLabel" . }}
+        component: "{{ .Values.controller.name }}"
+        app.kubernetes.io/component: controller
+        {{- if .Values.controller.podLabels }}
+{{ toYaml .Values.controller.podLabels | indent 8 }}
+        {{- end }}
+    spec:
+{{- if .Values.controller.dnsConfig }}
+      dnsConfig:
+{{ toYaml .Values.controller.dnsConfig | indent 8 }}
+{{- end }}
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: "{{ .Values.controller.priorityClassName }}"
+{{- end }}
+      {{- if .Values.controller.podSecurityContext }}
+      securityContext:
+{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+          imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
+          {{- if .Values.controller.lifecycle }}
+          lifecycle:
+{{ toYaml .Values.controller.lifecycle | indent 12 }}
+          {{- end }}
+          args:
+            - /nginx-ingress-controller
+          {{- if .Values.defaultBackend.enabled }}
+            - --default-backend-service={{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }}
+          {{- else }}
+            {{- if (semverCompare "<0.21.0" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+            - --default-backend-service={{ required ".Values.controller.defaultBackendService is required if .Values.defaultBackend.enabled=false and .Values.controller.image.tag < 0.21.0" .Values.controller.defaultBackendService }}
+            {{- else if .Values.controller.defaultBackendService }}
+            - --default-backend-service={{ .Values.controller.defaultBackendService }}
+            {{- end }}
+          {{- end }}
+          {{- if and (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) .Values.controller.publishService.enabled }}
+            - --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+            - --election-id={{ .Values.controller.electionID }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+            - --ingress-class={{ .Values.controller.ingressClass }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+            - --configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }}
+          {{- else }}
+            - --nginx-configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }}
+          {{- end }}
+          {{- if .Values.tcp }}
+            - --tcp-services-configmap={{ default .Release.Namespace .Values.controller.tcp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
+          {{- end }}
+          {{- if .Values.udp }}
+            - --udp-services-configmap={{ default .Release.Namespace .Values.controller.udp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-udp
+          {{- end }}
+          {{- if .Values.controller.scope.enabled }}
+            - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
+          {{- end }}
+          {{- if and (.Values.controller.scope.enabled) (.Values.rbac.scope) }}
+            - --update-status=false
+          {{- end }}
+          {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork) }}
+            - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
+          {{- end }}
+          {{- if .Values.controller.admissionWebhooks.enabled }}
+            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
+            - --validating-webhook-certificate=/usr/local/certificates/cert
+            - --validating-webhook-key=/usr/local/certificates/key
+          {{- end }}
+          {{- if .Values.controller.maxmindLicenseKey }}
+            - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
+          {{- end }}
+          {{- range $key, $value := .Values.controller.extraArgs }}
+            {{- if $value }}
+            - --{{ $key }}={{ $value }}
+            {{- else }}
+            - --{{ $key }}
+            {{- end }}
+          {{- end }}
+          {{- if (semverCompare ">=0.16.0" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
+          securityContext:
+            capabilities:
+                drop:
+                - ALL
+                add:
+                - NET_BIND_SERVICE
+            runAsUser: {{ .Values.controller.image.runAsUser }}
+            allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
+          {{- end }}
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.controller.extraEnvs }}
+{{ toYaml .Values.controller.extraEnvs | indent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.livenessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
+          ports:
+          {{- range $key, $value := .Values.controller.containerPort }}
+            - name: {{ $key }}
+              containerPort: {{ $value }}
+              protocol: TCP
+          {{- end }}
+          {{- if .Values.controller.metrics.enabled }}
+            - name: metrics
+              containerPort: {{ .Values.controller.metrics.port }}
+              protocol: TCP
+          {{- end }}
+          {{- if .Values.controller.admissionWebhooks.enabled }}
+            - name: webhook
+              containerPort: {{ .Values.controller.admissionWebhooks.port }}
+              protocol: TCP
+          {{- end }}
+          {{- range $key, $value := .Values.tcp }}
+            - name: "{{ $key }}-tcp"
+              containerPort: {{ $key }}
+              protocol: TCP
+          {{- end }}
+          {{- range $key, $value := .Values.udp }}
+            - name: "{{ $key }}-udp"
+              containerPort: {{ $key }}
+              protocol: UDP
+          {{- end }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.readinessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
+{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
+          volumeMounts:
+{{- end }}
+{{- if .Values.controller.customTemplate.configMapName }}
+            - mountPath: /etc/nginx/template
+              name: nginx-template-volume
+              readOnly: true
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+            - name: webhook-cert
+              mountPath: "/usr/local/certificates/"
+              readOnly: true
+{{- end }}
+{{- if .Values.controller.extraVolumeMounts }}
+{{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
+{{- end }}
+          resources:
+{{ toYaml .Values.controller.resources | indent 12 }}
+{{- if .Values.controller.extraContainers }}
+{{ toYaml .Values.controller.extraContainers | indent 8}}
+{{- end }}
+{{- if .Values.controller.extraInitContainers }}
+      initContainers:
+{{ toYaml .Values.controller.extraInitContainers | indent 8}}
+{{- end }}
+      hostNetwork: {{ .Values.controller.hostNetwork }}
+    {{- if .Values.controller.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.controller.nodeSelector | indent 8 }}
+    {{- end }}
+    {{- if .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml .Values.controller.tolerations | indent 8 }}
+    {{- end }}
+    {{- if .Values.controller.affinity }}
+      affinity:
+{{ toYaml .Values.controller.affinity | indent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }}
+      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
+{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
+      volumes:
+{{- end }}
+{{- if .Values.controller.customTemplate.configMapName }}
+        - name: nginx-template-volume
+          configMap:
+            name: {{ .Values.controller.customTemplate.configMapName }}
+            items:
+            - key: {{ .Values.controller.customTemplate.configMapKey }}
+              path: nginx.tmpl
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+        - name: webhook-cert
+          secret:
+            secretName: {{ template "nginx-ingress.fullname". }}-admission
+{{- end }}
+{{- if .Values.controller.extraVolumes }}
+{{ toYaml .Values.controller.extraVolumes | indent 8}}
+{{- end }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-hpa.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-hpa.yaml
new file mode 100755
index 0000000..77d3533
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-hpa.yaml
@@ -0,0 +1,34 @@
+{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
+{{- if .Values.controller.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: {{ template "deployment.apiVersion" . }}
+    kind: Deployment
+    name: {{ template "nginx-ingress.controller.fullname" . }}
+  minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
+  metrics:
+{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-metrics-service.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-metrics-service.yaml
new file mode 100755
index 0000000..9e991d6
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-metrics-service.yaml
@@ -0,0 +1,47 @@
+{{- if .Values.controller.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.metrics.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.controller.metrics.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+{{- if .Values.controller.metrics.service.labels }}
+{{ toYaml .Values.controller.metrics.service.labels | indent 4 }}
+{{- end }}
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}-metrics
+spec:
+{{- if not .Values.controller.metrics.service.omitClusterIP }}
+  {{- with .Values.controller.metrics.service.clusterIP }}
+  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
+  {{- end }}
+{{- end }}
+{{- if .Values.controller.metrics.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.controller.metrics.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.controller.metrics.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+  ports:
+    - name: metrics
+      port: {{ .Values.controller.metrics.service.servicePort }}
+      targetPort: metrics
+  selector:
+    app: {{ template "nginx-ingress.name" . }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+    app.kubernetes.io/component: controller
+  type: "{{ .Values.controller.metrics.service.type }}"
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-poddisruptionbudget.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-poddisruptionbudget.yaml
new file mode 100755
index 0000000..888515a
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-poddisruptionbudget.yaml
@@ -0,0 +1,19 @@
+{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    app.kubernetes.io/component: controller
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ template "nginx-ingress.releaseLabel" . }}
+      app.kubernetes.io/component: controller
+  minAvailable: {{ .Values.controller.minAvailable }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-prometheusrules.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-prometheusrules.yaml
new file mode 100755
index 0000000..4a43957
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-prometheusrules.yaml
@@ -0,0 +1,24 @@
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+  {{- if .Values.controller.metrics.prometheusRule.namespace }}
+  namespace: {{ .Values.controller.metrics.prometheusRule.namespace }}
+  {{- end }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+    {{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
+{{ toYaml .Values.controller.metrics.prometheusRule.additionalLabels | indent 4 }}
+    {{- end }}
+spec:
+  {{- with .Values.controller.metrics.prometheusRule.rules }}
+  groups:
+  - name: {{ template "nginx-ingress.name" $ }}
+    rules: {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-psp.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-psp.yaml
new file mode 100755
index 0000000..ccbf636
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-psp.yaml
@@ -0,0 +1,80 @@
+{{- if .Values.podSecurityPolicy.enabled}}
+apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+spec:
+  allowedCapabilities:
+    - NET_BIND_SERVICE
+  privileged: false
+  allowPrivilegeEscalation: true
+  # Allow core volume types.
+  volumes:
+    - 'configMap'
+    #- 'emptyDir'
+    - 'projected'
+    - 'secret'
+    #- 'downwardAPI'
+  hostNetwork: {{ .Values.controller.hostNetwork }}
+{{- if or .Values.controller.hostNetwork .Values.controller.daemonset.useHostPort }}
+  hostPorts:
+{{- if .Values.controller.hostNetwork }}
+{{- range $key, $value := .Values.controller.containerPort }}
+  # {{ $key }}
+  - min: {{ $value }}
+    max: {{ $value }}
+{{- end }}
+{{- else if .Values.controller.daemonset.useHostPort }}
+{{- range $key, $value := .Values.controller.daemonset.hostPorts }}
+  # {{ $key }}
+  - min: {{ $value }}
+    max: {{ $value }}
+{{- end }}
+{{- end }}
+{{- if .Values.controller.metrics.enabled }}
+  # metrics
+  - min: {{ .Values.controller.metrics.port }}
+    max: {{ .Values.controller.metrics.port }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+  # admission webhooks
+  - min: {{ .Values.controller.admissionWebhooks.port }}
+    max: {{ .Values.controller.admissionWebhooks.port }}
+{{- end }}
+{{- range $key, $value := .Values.tcp }}
+  # {{ $key }}-tcp
+  - min: {{ $key }}
+    max: {{ $key }}
+{{- end }}
+{{- range $key, $value := .Values.udp }}
+  # {{ $key }}-udp
+  - min: {{ $key }}
+    max: {{ $key }}
+{{- end }}
+{{- end }}
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: 'MustRunAsNonRoot'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  seLinux:
+    rule: 'RunAsAny'
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-role.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-role.yaml
new file mode 100755
index 0000000..bb9ff14
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-role.yaml
@@ -0,0 +1,91 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - endpoints
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - update
+      - watch
+  - apiGroups:
+      - extensions
+      - "networking.k8s.io" # k8s 1.14+
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - "networking.k8s.io" # k8s 1.14+
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    resourceNames:
+      - {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+    verbs:
+      - create
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+{{- if .Values.podSecurityPolicy.enabled }}
+  - apiGroups:      ['{{ template "podSecurityPolicy.apiGroup" . }}']
+    resources:      ['podsecuritypolicies']
+    verbs:          ['use']
+    resourceNames:  [{{ template "nginx-ingress.fullname" . }}]
+{{- end }}
+
+{{- end -}}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-rolebinding.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-rolebinding.yaml
new file mode 100755
index 0000000..c1186c0
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-rolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "nginx-ingress.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-service.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-service.yaml
new file mode 100755
index 0000000..15d51a0
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-service.yaml
@@ -0,0 +1,94 @@
+{{- if .Values.controller.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.controller.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+{{- if .Values.controller.service.labels }}
+{{ toYaml .Values.controller.service.labels | indent 4 }}
+{{- end }}
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+spec:
+{{- if not .Values.controller.service.omitClusterIP }}
+  {{- with .Values.controller.service.clusterIP }}
+  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
+  {{- end }}
+{{- end }}
+{{- if .Values.controller.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.controller.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.controller.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.externalTrafficPolicy) }}
+  externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}"
+{{- end }}
+{{- if .Values.controller.service.sessionAffinity }}
+  sessionAffinity: "{{ .Values.controller.service.sessionAffinity }}"
+{{- end }}
+{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.healthCheckNodePort) }}
+  healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
+{{- end }}
+  ports:
+    {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
+    {{- if .Values.controller.service.enableHttp }}
+    - name: http
+      port: {{ .Values.controller.service.ports.http }}
+      protocol: TCP
+      targetPort: {{ .Values.controller.service.targetPorts.http }}
+      {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
+      nodePort: {{ .Values.controller.service.nodePorts.http }}
+      {{- end }}
+    {{- end }}
+    {{- if .Values.controller.service.enableHttps }}
+    - name: https
+      port: {{ .Values.controller.service.ports.https }}
+      protocol: TCP
+      targetPort: {{ .Values.controller.service.targetPorts.https }}
+      {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
+      nodePort: {{ .Values.controller.service.nodePorts.https }}
+      {{- end }}
+    {{- end }}
+  {{- range $key, $value := .Values.tcp }}
+    - name: "{{ $key }}-tcp"
+      port: {{ $key }}
+      protocol: TCP
+      targetPort: "{{ $key }}-tcp"
+     {{- if $.Values.controller.service.nodePorts.tcp }}
+      {{- if index $.Values.controller.service.nodePorts.tcp $key }}
+      nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
+      {{- end }}
+     {{- end }}
+  {{- end }}
+  {{- range $key, $value := .Values.udp }}
+    - name: "{{ $key }}-udp"
+      port: {{ $key }}
+      protocol: UDP
+      targetPort: "{{ $key }}-udp"
+     {{- if $.Values.controller.service.nodePorts.udp }}
+      {{- if index $.Values.controller.service.nodePorts.udp $key }}
+      nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
+      {{- end }}
+     {{- end }}
+  {{- end }}
+  selector:
+    app: {{ template "nginx-ingress.name" . }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+    app.kubernetes.io/component: controller
+  type: "{{ .Values.controller.service.type }}"
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-serviceaccount.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-serviceaccount.yaml
new file mode 100755
index 0000000..7b688e6
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if or .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.serviceAccountName" . }}
+{{- end -}}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-servicemonitor.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-servicemonitor.yaml
new file mode 100755
index 0000000..f3129ea
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-servicemonitor.yaml
@@ -0,0 +1,38 @@
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+  {{- if .Values.controller.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
+  {{- end }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+    {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
+{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - port: metrics
+      interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
+      {{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
+      honorLabels: true
+      {{- end }}
+  {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
+  namespaceSelector:
+{{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | indent 4 -}}
+  {{ else }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      component: "{{ .Values.controller.name }}"
+      release: {{ template "nginx-ingress.releaseLabel" . }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-webhook-service.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-webhook-service.yaml
new file mode 100755
index 0000000..5c4ad85
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-webhook-service.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.controller.admissionWebhooks.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.admissionWebhooks.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.controller.admissionWebhooks.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}-admission
+spec:
+{{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }}
+  {{- with .Values.controller.admissionWebhooks.service.clusterIP }}
+  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
+  {{- end }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+  ports:
+    - name: https-webhook
+      port: 443
+      targetPort: webhook
+  selector:
+    app: {{ template "nginx-ingress.name" . }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+    app.kubernetes.io/component: controller
+  type: "{{ .Values.controller.admissionWebhooks.service.type }}"
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-deployment.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-deployment.yaml
new file mode 100755
index 0000000..a4c8d23
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-deployment.yaml
@@ -0,0 +1,110 @@
+{{- if .Values.defaultBackend.enabled }}
+apiVersion: {{ template "deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+    app.kubernetes.io/component: default-backend
+    {{- if .Values.defaultBackend.deploymentLabels }}
+{{ toYaml .Values.defaultBackend.deploymentLabels | indent 4 }}
+    {{- end }}
+  name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ template "nginx-ingress.releaseLabel" . }}
+    {{- if .Values.defaultBackend.useComponentLabel }}
+      app.kubernetes.io/component: default-backend
+    {{- end }}
+  replicas: {{ .Values.defaultBackend.replicaCount }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  template:
+    metadata:
+    {{- if .Values.defaultBackend.podAnnotations }}
+      annotations:
+      {{- range $key, $value := .Values.defaultBackend.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
+    {{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        release: {{ template "nginx-ingress.releaseLabel" . }}
+        app.kubernetes.io/component: default-backend
+        {{- if .Values.defaultBackend.podLabels }}
+{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
+        {{- end }}
+    spec:
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+{{- if .Values.defaultBackend.priorityClassName }}
+      priorityClassName: "{{ .Values.defaultBackend.priorityClassName }}"
+{{- end }}
+      {{- if .Values.defaultBackend.podSecurityContext }}
+      securityContext:
+{{ toYaml .Values.defaultBackend.podSecurityContext | indent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ template "nginx-ingress.name" . }}-{{ .Values.defaultBackend.name }}
+          image:  {{ template "system_default_registry" . }}{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}
+          imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}"
+          args:
+          {{- range $key, $value := .Values.defaultBackend.extraArgs }}
+            {{- if $value }}
+            - --{{ $key }}={{ $value }}
+            {{- else }}
+            - --{{ $key }}
+            {{- end }}
+          {{- end }}
+          securityContext:
+            runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
+          {{- if .Values.defaultBackend.extraEnvs }}
+          env:
+{{ toYaml .Values.defaultBackend.extraEnvs | indent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.defaultBackend.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.defaultBackend.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.defaultBackend.port }}
+              protocol: TCP
+          resources:
+{{ toYaml .Values.defaultBackend.resources | indent 12 }}
+    {{- if .Values.defaultBackend.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
+    {{- if .Values.defaultBackend.tolerations }}
+      tolerations:
+{{ toYaml .Values.defaultBackend.tolerations | indent 8 }}
+    {{- end }}
+    {{- if .Values.defaultBackend.affinity }}
+      affinity:
+{{ toYaml .Values.defaultBackend.affinity | indent 8 }}
+    {{- end }}
+      terminationGracePeriodSeconds: 60
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-poddisruptionbudget.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-poddisruptionbudget.yaml
new file mode 100755
index 0000000..0713c01
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-poddisruptionbudget.yaml
@@ -0,0 +1,19 @@
+{{- if gt (.Values.defaultBackend.replicaCount | int) 1 }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    app.kubernetes.io/component: default-backend
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ template "nginx-ingress.releaseLabel" . }}
+      app.kubernetes.io/component: default-backend
+  minAvailable: {{ .Values.defaultBackend.minAvailable }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-psp.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-psp.yaml
new file mode 100755
index 0000000..38191d4
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-psp.yaml
@@ -0,0 +1,35 @@
+{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}-backend
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+spec:
+  allowPrivilegeEscalation: false
+  fsGroup:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    rule: MustRunAsNonRoot
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+{{- end -}}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-role.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-role.yaml
new file mode 100755
index 0000000..11fbba9
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-role.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}-backend
+rules:
+  - apiGroups:      ['{{ template "podSecurityPolicy.apiGroup" . }}']
+    resources:      ['podsecuritypolicies']
+    verbs:          ['use']
+    resourceNames:  [{{ template "nginx-ingress.fullname" . }}-backend]
+{{- end -}}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-rolebinding.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-rolebinding.yaml
new file mode 100755
index 0000000..7d03ef4
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-rolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}-backend
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "nginx-ingress.fullname" . }}-backend
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-service.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-service.yaml
new file mode 100755
index 0000000..23dba19
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-service.yaml
@@ -0,0 +1,45 @@
+{{- if .Values.defaultBackend.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.defaultBackend.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.defaultBackend.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.defaultBackend.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
+spec:
+{{- if not .Values.defaultBackend.service.omitClusterIP }}
+  {{- with .Values.defaultBackend.service.clusterIP }}
+  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
+  {{- end }}
+{{- end }}
+{{- if .Values.defaultBackend.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.defaultBackend.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+  ports:
+    - name: http
+      port: {{ .Values.defaultBackend.service.servicePort }}
+      protocol: TCP
+      targetPort: http
+  selector:
+    app: {{ template "nginx-ingress.name" . }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+    app.kubernetes.io/component: default-backend
+  type: "{{ .Values.defaultBackend.service.type }}"
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-serviceaccount.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-serviceaccount.yaml
new file mode 100755
index 0000000..94689a6
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.defaultBackend.enabled  .Values.defaultBackend.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/proxyheaders-configmap.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/proxyheaders-configmap.yaml
new file mode 100755
index 0000000..ae918ae
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/proxyheaders-configmap.yaml
@@ -0,0 +1,18 @@
+{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
+data:
+{{- if .Values.controller.proxySetHeaders }}
+{{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
+{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
+{{ toYaml .Values.controller.headers | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/tcp-configmap.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/tcp-configmap.yaml
new file mode 100755
index 0000000..96de14f
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/tcp-configmap.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.tcp }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}-tcp
+data:
+{{ tpl (toYaml .Values.tcp) . | indent 2 }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/udp-configmap.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/udp-configmap.yaml
new file mode 100755
index 0000000..69ee361
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/udp-configmap.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.udp }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ template "nginx-ingress.releaseLabel" . }}
+  name: {{ template "nginx-ingress.fullname" . }}-udp
+data:
+{{ tpl (toYaml .Values.udp) . | indent 2 }}
+{{- end }}
diff --git a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/values.yaml b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/values.yaml
new file mode 100755
index 0000000..da74bbe
--- /dev/null
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/values.yaml
@@ -0,0 +1,578 @@
+## nginx configuration
+## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md
+##
+controller:
+  name: controller
+  image:
+    repository: rancher/nginx-ingress-controller
+    tag: "nginx-0.30.0-rancher1"
+    pullPolicy: IfNotPresent
+    # www-data -> uid 101
+    runAsUser: 101
+    allowPrivilegeEscalation: true
+
+  # This will fix the issue of HPA not being able to read the metrics.
+  # Note that if you enable it for existing deployments, it won't work as the labels are immutable.
+  # We recommend setting this to true for new deployments.
+  useComponentLabel: false
+
+  # Configures the ports the nginx-controller listens on
+  containerPort:
+    http: 80
+    https: 443
+
+  # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
+  config: {}
+
+  # Maxmind license key to download GeoLite2 Databases
+  # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases
+  maxmindLicenseKey: ""
+
+  # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
+  proxySetHeaders: {}
+
+  # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
+  addHeaders: {}
+
+  # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
+  # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
+  # is merged
+  hostNetwork: true
+
+  # Optionally customize the pod dnsConfig.
+  dnsConfig: {}
+
+  # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
+  # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
+  # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
+  dnsPolicy: ClusterFirstWithHostNet
+
+  # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
+  # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
+  reportNodeInternalIp: false
+
+  ## Use host ports 80 and 443
+  daemonset:
+    useHostPort: false
+
+    hostPorts:
+      http: 80
+      https: 443
+
+  ## Required only if defaultBackend.enabled = false
+  ## Must be <namespace>/<service_name>
+  ##
+  defaultBackendService: ""
+
+  ## Election ID to use for status update
+  ##
+  electionID: ingress-controller-leader
+
+  ## Name of the ingress class to route through this controller
+  ##
+  ingressClass: nginx
+
+  # labels to add to the deployment metadata
+  deploymentLabels: {}
+
+  # labels to add to the pod container metadata
+  podLabels: {}
+  #  key: value
+
+  ## Security Context policies for controller pods
+  ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
+  ## notes on enabling and using sysctls
+  ##
+  podSecurityContext: {}
+
+  ## Allows customization of the external service
+  ## the ingress will be bound to via DNS
+  publishService:
+    enabled: false
+    ## Allows overriding of the publish service to bind to
+    ## Must be <namespace>/<service_name>
+    ##
+    pathOverride: ""
+
+  ## Limit the scope of the controller
+  ##
+  scope:
+    enabled: false
+    namespace: ""   # defaults to .Release.Namespace
+
+  ## Allows customization of the configmap / nginx-configmap namespace
+  ##
+  configMapNamespace: ""   # defaults to .Release.Namespace
+
+  ## Allows customization of the tcp-services-configmap namespace
+  ##
+  tcp:
+    configMapNamespace: ""   # defaults to .Release.Namespace
+
+  ## Allows customization of the udp-services-configmap namespace
+  ##
+  udp:
+    configMapNamespace: ""   # defaults to .Release.Namespace
+
+  ## Additional command line arguments to pass to nginx-ingress-controller
+  ## E.g. to specify the default SSL certificate you can use
+  ## extraArgs:
+  ##   default-ssl-certificate: "<namespace>/<secret_name>"
+  extraArgs: {}
+
+  ## Additional environment variables to set
+  extraEnvs: []
+  # extraEnvs:
+  #   - name: FOO
+  #     valueFrom:
+  #       secretKeyRef:
+  #         key: FOO
+  #         name: secret-resource
+
+  ## DaemonSet or Deployment
+  ##
+  kind: Deployment
+
+  ## Annotations to be added to the controller deployment
+  ##
+  deploymentAnnotations: {}
+
+  # The update strategy to apply to the Deployment or DaemonSet
+  ##
+  updateStrategy: {}
+  #  rollingUpdate:
+  #    maxUnavailable: 1
+  #  type: RollingUpdate
+
+  # minReadySeconds to avoid killing pods before we are ready
+  ##
+  minReadySeconds: 0
+
+
+  ## Node tolerations for server scheduling to nodes with taints
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  ##
+  tolerations: []
+  #  - key: "key"
+  #    operator: "Equal|Exists"
+  #    value: "value"
+  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+  ## Affinity and anti-affinity
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+    # # An example of preferred pod anti-affinity, weight is in the range 1-100
+    # podAntiAffinity:
+    #   preferredDuringSchedulingIgnoredDuringExecution:
+    #   - weight: 100
+    #     podAffinityTerm:
+    #       labelSelector:
+    #         matchExpressions:
+    #         - key: app
+    #           operator: In
+    #           values:
+    #           - nginx-ingress
+    #       topologyKey: kubernetes.io/hostname
+
+    # # An example of required pod anti-affinity
+    # podAntiAffinity:
+    #   requiredDuringSchedulingIgnoredDuringExecution:
+    #   - labelSelector:
+    #       matchExpressions:
+    #       - key: app
+    #         operator: In
+    #         values:
+    #         - nginx-ingress
+    #     topologyKey: "kubernetes.io/hostname"
+
+  ## terminationGracePeriodSeconds
+  ##
+  terminationGracePeriodSeconds: 60
+
+  ## Node labels for controller pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Liveness and readiness probe values
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+  ##
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+    port: 10254
+  readinessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+    port: 10254
+
+  ## Annotations to be added to controller pods
+  ##
+  podAnnotations: {}
+
+  replicaCount: 1
+
+  minAvailable: 1
+
+  resources: {}
+  #  limits:
+  #    cpu: 100m
+  #    memory: 64Mi
+  #  requests:
+  #    cpu: 100m
+  #    memory: 64Mi
+
+  autoscaling:
+    enabled: false
+    minReplicas: 2
+    maxReplicas: 11
+    targetCPUUtilizationPercentage: 50
+    targetMemoryUtilizationPercentage: 50
+
+  ## Override NGINX template
+  customTemplate:
+    configMapName: ""
+    configMapKey: ""
+
+  service:
+    enabled: false
+
+    annotations: {}
+    labels: {}
+    ## Deprecated, instead simply do not provide a clusterIP value
+    omitClusterIP: false
+    # clusterIP: ""
+
+    ## List of IP addresses at which the controller services are available
+    ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+    ##
+    externalIPs: []
+
+    loadBalancerIP: ""
+    loadBalancerSourceRanges: []
+
+    enableHttp: true
+    enableHttps: true
+
+    ## Set external traffic policy to: "Local" to preserve source IP on
+    ## providers supporting it
+    ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
+    externalTrafficPolicy: ""
+
+    # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
+    # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+    sessionAffinity: ""
+
+    healthCheckNodePort: 0
+
+    ports:
+      http: 80
+      https: 443
+
+    targetPorts:
+      http: http
+      https: https
+
+    type: LoadBalancer
+
+    # type: NodePort
+    # nodePorts:
+    #   http: 32080
+    #   https: 32443
+    #   tcp:
+    #     8080: 32808
+    nodePorts:
+      http: ""
+      https: ""
+      tcp: {}
+      udp: {}
+
+  extraContainers: []
+  ## Additional containers to be added to the controller pod.
+  ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
+  #  - name: my-sidecar
+  #    image: nginx:latest
+  #  - name: lemonldap-ng-controller
+  #    image: lemonldapng/lemonldap-ng-controller:0.2.0
+  #    args:
+  #      - /lemonldap-ng-controller
+  #      - --alsologtostderr
+  #      - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
+  #    env:
+  #      - name: POD_NAME
+  #        valueFrom:
+  #          fieldRef:
+  #            fieldPath: metadata.name
+  #      - name: POD_NAMESPACE
+  #        valueFrom:
+  #          fieldRef:
+  #            fieldPath: metadata.namespace
+  #    volumeMounts:
+  #    - name: copy-portal-skins
+  #      mountPath: /srv/var/lib/lemonldap-ng/portal/skins
+
+  extraVolumeMounts: []
+  ## Additional volumeMounts to the controller main container.
+  #  - name: copy-portal-skins
+  #   mountPath: /var/lib/lemonldap-ng/portal/skins
+
+  extraVolumes: []
+  ## Additional volumes to the controller pod.
+  #  - name: copy-portal-skins
+  #    emptyDir: {}
+
+  extraInitContainers: []
+  ## Containers, which are run before the app containers are started.
+  # - name: init-myservice
+  #   image: busybox
+  #   command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
+
+  admissionWebhooks:
+    enabled: false
+    failurePolicy: Fail
+    port: 8443
+
+    service:
+      annotations: {}
+      ## Deprecated, instead simply do not provide a clusterIP value
+      omitClusterIP: false
+      # clusterIP: ""
+      externalIPs: []
+      loadBalancerIP: ""
+      loadBalancerSourceRanges: []
+      servicePort: 443
+      type: ClusterIP
+
+    patch:
+      enabled: true
+      image:
+        repository: jettech/kube-webhook-certgen
+        tag: v1.0.0
+        pullPolicy: IfNotPresent
+      ## Provide a priority class name to the webhook patching job
+      ##
+      priorityClassName: ""
+      podAnnotations: {}
+      nodeSelector: {}
+
+  metrics:
+    port: 10254
+    # if this port is changed, change healthz-port: in extraArgs: accordingly
+    enabled: false
+
+    service:
+      annotations: {}
+      # prometheus.io/scrape: "true"
+      # prometheus.io/port: "10254"
+
+      ## Deprecated, instead simply do not provide a clusterIP value
+      omitClusterIP: false
+      # clusterIP: ""
+
+      ## List of IP addresses at which the stats-exporter service is available
+      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+      ##
+      externalIPs: []
+
+      loadBalancerIP: ""
+      loadBalancerSourceRanges: []
+      servicePort: 9913
+      type: ClusterIP
+
+    serviceMonitor:
+      enabled: false
+      additionalLabels: {}
+      namespace: ""
+      namespaceSelector: {}
+      # Default: scrape .Release.Namespace only
+      # To scrape all, use the following:
+      # namespaceSelector:
+      #   any: true
+      scrapeInterval: 30s
+      # honorLabels: true
+
+    prometheusRule:
+      enabled: false
+      additionalLabels: {}
+      namespace: ""
+      rules: []
+        # # These are just examples rules, please adapt them to your needs
+        # - alert: TooMany500s
+        #   expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
+        #   for: 1m
+        #   labels:
+        #     severity: critical
+        #   annotations:
+        #     description: Too many 5XXs
+        #     summary: More than 5% of the all requests did return 5XX, this require your attention
+        # - alert: TooMany400s
+        #   expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
+        #   for: 1m
+        #   labels:
+        #     severity: critical
+        #   annotations:
+        #     description: Too many 4XXs
+        #     summary: More than 5% of the all requests did return 4XX, this require your attention
+
+
+  lifecycle: {}
+
+  priorityClassName: ""
+
+## Rollback limit
+##
+revisionHistoryLimit: 10
+
+## Default 404 backend
+##
+defaultBackend:
+
+  ## If false, controller.defaultBackendService must be provided
+  ##
+  enabled: true
+
+  name: default-backend
+  image:
+    repository: rancher/nginx-ingress-controller-defaultbackend
+    tag: "1.5-rancher1"
+    pullPolicy: IfNotPresent
+    # nobody user -> uid 65534
+    runAsUser: 65534
+
+  # This will fix the issue of HPA not being able to read the metrics.
+  # Note that if you enable it for existing deployments, it won't work as the labels are immutable.
+  # We recommend setting this to true for new deployments.
+  useComponentLabel: false
+
+  extraArgs: {}
+
+  serviceAccount:
+    create: true
+    name:
+  ## Additional environment variables to set for defaultBackend pods
+  extraEnvs: []
+
+  port: 8080
+
+  ## Readiness and liveness probes for default backend
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+  ##
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 5
+  readinessProbe:
+    failureThreshold: 6
+    initialDelaySeconds: 0
+    periodSeconds: 5
+    successThreshold: 1
+    timeoutSeconds: 5
+
+  ## Node tolerations for server scheduling to nodes with taints
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  ##
+  tolerations: []
+  #  - key: "key"
+  #    operator: "Equal|Exists"
+  #    value: "value"
+  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+  affinity: {}
+
+  ## Security Context policies for controller pods
+  ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
+  ## notes on enabling and using sysctls
+  ##
+  podSecurityContext: {}
+
+  # labels to add to the deployment metadata
+  deploymentLabels: {}
+
+  # labels to add to the pod container metadata
+  podLabels: {}
+  #  key: value
+
+  ## Node labels for default backend pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Annotations to be added to default backend pods
+  ##
+  podAnnotations: {}
+
+  replicaCount: 1
+
+  minAvailable: 1
+
+  resources: {}
+  # limits:
+  #   cpu: 10m
+  #   memory: 20Mi
+  # requests:
+  #   cpu: 10m
+  #   memory: 20Mi
+
+  service:
+    annotations: {}
+    ## Deprecated, instead simply do not provide a clusterIP value
+    omitClusterIP: false
+    # clusterIP: ""
+
+    ## List of IP addresses at which the default backend service is available
+    ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+    ##
+    externalIPs: []
+
+    loadBalancerIP: ""
+    loadBalancerSourceRanges: []
+    servicePort: 80
+    type: ClusterIP
+
+  priorityClassName: ""
+
+# If provided, the value will be used as the `release` label instead of .Release.Name
+releaseLabelOverride: ""
+
+## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266
+rbac:
+  create: true
+  scope: false
+
+# If true, create & use Pod Security Policy resources
+# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+podSecurityPolicy:
+  enabled: false
+
+serviceAccount:
+  create: true
+  name:
+
+## Optional array of imagePullSecrets containing private registry credentials
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# - name: secretName
+
+# TCP service key:value pairs
+# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
+##
+tcp: {}
+#  8080: "default/example-tcp-svc:9000"
+
+# UDP service key:value pairs
+# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
+##
+udp: {}
+#  53: "kube-system/kube-dns:53"
+
+global:
+  systemDefaultRegistry: ""
diff --git a/index.yaml b/index.yaml
index 6c617ae..e02cc18 100755
--- a/index.yaml
+++ b/index.yaml
@@ -210,6 +210,28 @@ entries:
     urls:
     - assets/rke2-ingress-nginx/rke2-ingress-nginx-3.3.000.tgz
     version: 3.3.000
+  - apiVersion: v1
+    appVersion: 0.30.0
+    created: "2021-04-05T22:48:54.777720244Z"
+    description: An nginx Ingress controller that uses ConfigMap to store the nginx
+      configuration.
+    digest: 9fb2f542e0e30850088db477fa6f9004f2252b1e0ae9b25623e5c53e1b605bb9
+    home: https://github.com/kubernetes/ingress-nginx
+    icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
+    keywords:
+    - ingress
+    - nginx
+    kubeVersion: '>=1.10.0-0'
+    maintainers:
+    - name: ChiefAlexander
+    - email: Trevor.G.Wood@gmail.com
+      name: taharah
+    name: rke2-ingress-nginx
+    sources:
+    - https://github.com/kubernetes/ingress-nginx
+    urls:
+    - assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.301.tgz
+    version: 1.36.301
   - apiVersion: v1
     appVersion: 0.30.0
     created: "2021-02-25T17:59:12.93704-08:00"