Strip 'nginx-' prefix from image tags when using semverCompare (#62)

* Revert rke2-ingress-nginx to 1.36.3 * Add trimPrefix calls to rke2-ingress-nginx daemonset manifest * Add trimPrefix call to rke2-ingress-nginx deployment with defaultBackend disabled Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-05 22:48:54 +00:00 · 2021-04-05 22:48:54 +00:00 · a79f4561c7
parent 6e3d2fa779
commit a79f4561c7
70 changed files with 3095 additions and 0 deletions
--- a/assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.301.tgz
+++ b/assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.301.tgz
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/.helmignore
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/.helmignore
@ -0,0 +1,21 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/Chart.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/Chart.yaml
@ -0,0 +1,17 @@
 apiVersion: v1
 appVersion: 0.30.0
 description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration.
 home: https://github.com/kubernetes/ingress-nginx
 icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
 keywords:
 - ingress
 - nginx
 kubeVersion: '>=1.10.0-0'
 maintainers:
 - name: ChiefAlexander
 - email: Trevor.G.Wood@gmail.com
  name: taharah
 name: rke2-ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
 version: 1.36.301
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/OWNERS
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/OWNERS
@ -0,0 +1,6 @@
 approvers:
 - ChiefAlexander
 - taharah
 reviewers:
 - ChiefAlexander
 - taharah
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/README.md
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/README.md
@ -0,0 +1,361 @@
 # nginx-ingress
 [nginx-ingress](https://github.com/kubernetes/ingress-nginx) is an Ingress controller that uses ConfigMap to store the nginx configuration.
 To use, add the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
 ## TL;DR;
 ```console
 $ helm install stable/nginx-ingress
 ```
 ## Introduction
 This chart bootstraps an nginx-ingress deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
  - Kubernetes 1.6+
 ## Installing the Chart
 To install the chart with the release name `my-release`:
 ```console
 $ helm install --name my-release stable/nginx-ingress
 ```
 The command deploys nginx-ingress on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
 > **Tip**: List all releases using `helm list`
 ## Uninstalling the Chart
 To uninstall/delete the `my-release` deployment:
 ```console
 $ helm delete my-release
 ```
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 ## Configuration
 The following table lists the configurable parameters of the nginx-ingress chart and their default values.
 Parameter | Description | Default
 --- | --- | ---
 `controller.name` | name of the controller component | `controller`
 `controller.image.repository` | controller container image repository | `quay.io/kubernetes-ingress-controller/nginx-ingress-controller`
 `controller.image.tag` | controller container image tag | `0.30.0`
 `controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent`
 `controller.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. | `101`
 `controller.useComponentLabel` | Wether to add component label so the HPA can work separately for controller and defaultBackend. *Note: don't change this if you have an already running deployment as it will need the recreation of the controller deployment* | `false`
 `controller.containerPort.http` | The port that the controller container listens on for http connections. | `80`
 `controller.containerPort.https` | The port that the controller container listens on for https connections. | `443`
 `controller.config` | nginx [ConfigMap](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md) entries | none
 `controller.hostNetwork` | If the nginx deployment / daemonset should run on the host's network namespace. Do not set this when `controller.service.externalIPs` is set and `kube-proxy` is used as there will be a port-conflict for port `80` | false
 `controller.defaultBackendService` | default 404 backend service; needed only if `defaultBackend.enabled = false` and version < 0.21.0| `""`
 `controller.dnsPolicy` | If using `hostNetwork=true`, change to `ClusterFirstWithHostNet`. See [pod's dns policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for details | `ClusterFirst`
 `controller.dnsConfig` | custom pod dnsConfig. See [pod's dns config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-config) for details | `{}`
 `controller.reportNodeInternalIp` | If using `hostNetwork=true`, setting `reportNodeInternalIp=true`, will pass the flag `report-node-internal-ip-address` to nginx-ingress. This sets the status of all Ingress objects to the internal IP address of all nodes running the NGINX Ingress controller.
 `controller.electionID` | election ID to use for the status update | `ingress-controller-leader`
 `controller.extraEnvs` | any additional environment variables to set in the pods | `{}`
 `controller.extraContainers` | Sidecar containers to add to the controller pod. See [LemonLDAP::NG controller](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller) as example | `{}`
 `controller.extraVolumeMounts` | Additional volumeMounts to the controller main container | `{}`
 `controller.extraVolumes` | Additional volumes to the controller pod | `{}`
 `controller.extraInitContainers` | Containers, which are run before the app containers are started | `[]`
 `controller.ingressClass` | name of the ingress class to route through this controller | `nginx`
 `controller.maxmindLicenseKey` | Maxmind license key to download GeoLite2 Databases. See [Accessing and using GeoLite2 database](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/) | `""`
 `controller.scope.enabled` | limit the scope of the ingress controller | `false` (watch all namespaces)
 `controller.scope.namespace` | namespace to watch for ingress | `""` (use the release namespace)
 `controller.extraArgs` | Additional controller container arguments | `{}`
 `controller.kind` | install as Deployment, DaemonSet or Both | `Deployment`
 `controller.deploymentAnnotations` | annotations to be added to deployment | `{}`
 `controller.autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | false
 `controller.autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2`
 `controller.autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `11`
 `controller.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage to scale | `"50"`
 `controller.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage to scale | `"50"`
 `controller.daemonset.useHostPort` | If `controller.kind` is `DaemonSet`, this will enable `hostPort` for TCP/80 and TCP/443 | false
 `controller.daemonset.hostPorts.http` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"80"`
 `controller.daemonset.hostPorts.https` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"443"`
 `controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
 `controller.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}`
 `controller.terminationGracePeriodSeconds` | how many seconds to wait before terminating a pod | `60`
 `controller.minReadySeconds` | how many seconds a pod needs to be ready before killing the next, during update | `0`
 `controller.nodeSelector` | node labels for pod assignment | `{}`
 `controller.podAnnotations` | annotations to be added to pods | `{}`
 `controller.deploymentLabels` | labels to add to the deployment metadata | `{}`
 `controller.podLabels` | labels to add to the pod container metadata | `{}`
 `controller.podSecurityContext` | Security context policies to add to the controller pod | `{}`
 `controller.replicaCount` | desired number of controller pods | `1`
 `controller.minAvailable` | minimum number of available controller pods for PodDisruptionBudget | `1`
 `controller.resources` | controller pod resource requests & limits | `{}`
 `controller.priorityClassName` | controller priorityClassName | `nil`
 `controller.lifecycle` | controller pod lifecycle hooks | `{}`
 `controller.service.annotations` | annotations for controller service | `{}`
 `controller.service.labels` | labels for controller service | `{}`
 `controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `false`
 `controller.publishService.pathOverride` | override of the default publish-service name | `""`
 `controller.service.enabled` | if disabled no service will be created. This is especially useful when `controller.kind` is set to `DaemonSet` and `controller.daemonset.useHostPorts` is `true` | true
 `controller.service.clusterIP` | internal controller cluster service IP (set to `"-"` to pass an empty value) | `nil`
 `controller.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the controller service | `false`
 `controller.service.externalIPs` | controller service external IP addresses. Do not set this when `controller.hostNetwork` is set to `true` and `kube-proxy` is used as there will be a port-conflict for port `80` | `[]`
 `controller.service.externalTrafficPolicy` | If `controller.service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `"Cluster"`
 `controller.service.sessionAffinity` | Enables client IP based session affinity. Must be `ClientIP` or `None` if set.  | `""`
 `controller.service.healthCheckNodePort` | If `controller.service.type` is `NodePort` or `LoadBalancer` and `controller.service.externalTrafficPolicy` is set to `Local`, set this to [the managed health-check port the kube-proxy will expose](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport). If blank, a random port in the `NodePort` range will be assigned | `""`
 `controller.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
 `controller.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
 `controller.service.enableHttp` | if port 80 should be opened for service | `true`
 `controller.service.enableHttps` | if port 443 should be opened for service | `true`
 `controller.service.targetPorts.http` | Sets the targetPort that maps to the Ingress' port 80 | `80`
 `controller.service.targetPorts.https` | Sets the targetPort that maps to the Ingress' port 443 | `443`
 `controller.service.ports.http` | Sets service http port | `80`
 `controller.service.ports.https` | Sets service https port | `443`
 `controller.service.type` | type of controller service to create | `LoadBalancer`
 `controller.service.nodePorts.http` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 80 | `""`
 `controller.service.nodePorts.https` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 | `""`
 `controller.service.nodePorts.tcp` | Sets the nodePort for an entry referenced by its key from `tcp` | `{}`
 `controller.service.nodePorts.udp` | Sets the nodePort for an entry referenced by its key from `udp` | `{}`
 `controller.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 10
 `controller.livenessProbe.periodSeconds` | How often to perform the probe | 10
 `controller.livenessProbe.timeoutSeconds` | When the probe times out | 5
 `controller.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
 `controller.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
 `controller.livenessProbe.port` | The port number that the liveness probe will listen on. | 10254
 `controller.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 10
 `controller.readinessProbe.periodSeconds` | How often to perform the probe | 10
 `controller.readinessProbe.timeoutSeconds` | When the probe times out | 1
 `controller.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
 `controller.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
 `controller.readinessProbe.port` | The port number that the readiness probe will listen on. | 10254
 `controller.metrics.enabled` | if `true`, enable Prometheus metrics | `false`
 `controller.metrics.service.annotations` | annotations for Prometheus metrics service | `{}`
 `controller.metrics.service.clusterIP` | cluster IP address to assign to service (set to `"-"` to pass an empty value) | `nil`
 `controller.metrics.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the metrics service | `false`
 `controller.metrics.service.externalIPs` | Prometheus metrics service external IP addresses | `[]`
 `controller.metrics.service.labels` | labels for metrics service | `{}`
 `controller.metrics.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
 `controller.metrics.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
 `controller.metrics.service.servicePort` | Prometheus metrics service port | `9913`
 `controller.metrics.service.type` | type of Prometheus metrics service to create | `ClusterIP`
 `controller.metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false`
 `controller.metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}`
 `controller.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false`
 `controller.metrics.serviceMonitor.namespace` | namespace where servicemonitor resource should be created | `the same namespace as nginx ingress`
 `controller.metrics.serviceMonitor.namespaceSelector` | [namespaceSelector](https://github.com/coreos/prometheus-operator/blob/v0.34.0/Documentation/api.md#namespaceselector) to configure what namespaces to scrape | `will scrape the helm release namespace only`
 `controller.metrics.serviceMonitor.scrapeInterval` | interval between Prometheus scraping | `30s`
 `controller.metrics.prometheusRule.enabled` | Set this to `true` to create prometheusRules for Prometheus operator | `false`
 `controller.metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}`
 `controller.metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `the same namespace as nginx ingress`
 `controller.metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be prometheus in YAML format, check values for an example. | `[]`
 `controller.admissionWebhooks.enabled` | Create Ingress admission webhooks. Validating webhook will check the ingress syntax. | `false`
 `controller.admissionWebhooks.failurePolicy` | Failure policy for admission webhooks | `Fail`
 `controller.admissionWebhooks.port` | Admission webhook port | `8080`
 `controller.admissionWebhooks.service.annotations` | Annotations for admission webhook service | `{}`
 `controller.admissionWebhooks.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the admission webhook service | `false`
 `controller.admissionWebhooks.service.clusterIP` | cluster IP address to assign to admission webhook service (set to `"-"` to pass an empty value) | `nil`
 `controller.admissionWebhooks.service.externalIPs` | Admission webhook service external IP addresses | `[]`
 `controller.admissionWebhooks.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
 `controller.admissionWebhooks.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]`
 `controller.admissionWebhooks.service.servicePort` | Admission webhook service port | `443`
 `controller.admissionWebhooks.service.type` | Type of admission webhook service to create | `ClusterIP`
 `controller.admissionWebhooks.patch.enabled` | If true, will use a pre and post install hooks to generate a CA and certificate to use for validating webhook endpoint, and patch the created webhooks with the CA. | `true`
 `controller.admissionWebhooks.patch.image.repository` | Repository to use for the webhook integration jobs | `jettech/kube-webhook-certgen`
 `controller.admissionWebhooks.patch.image.tag` |  Tag to use for the webhook integration jobs | `v1.0.0`
 `controller.admissionWebhooks.patch.image.pullPolicy` | Image pull policy for the webhook integration jobs | `IfNotPresent`
 `controller.admissionWebhooks.patch.priorityClassName` | Priority class for the webhook integration jobs | `""`
 `controller.admissionWebhooks.patch.podAnnotations` | Annotations for the webhook job pods | `{}`
 `controller.admissionWebhooks.patch.nodeSelector` | Node selector for running admission hook patch jobs | `{}`
 `controller.customTemplate.configMapName` | configMap containing a custom nginx template | `""`
 `controller.customTemplate.configMapKey` | configMap key containing the nginx template | `""`
 `controller.addHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers) added before sending response to the client | `{}`
 `controller.proxySetHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#proxy-set-headers) added before sending request to the backends| `{}`
 `controller.headers` | DEPRECATED, Use `controller.proxySetHeaders` instead. | `{}`
 `controller.updateStrategy` | allows setting of RollingUpdate strategy | `{}`
 `controller.configMapNamespace` | The nginx-configmap namespace name | `""`
 `controller.tcp.configMapNamespace` | The tcp-services-configmap namespace name | `""`
 `controller.udp.configMapNamespace` | The udp-services-configmap namespace name | `""`
 `defaultBackend.enabled` | Use default backend component | `true`
 `defaultBackend.name` | name of the default backend component | `default-backend`
 `defaultBackend.image.repository` | default backend container image repository | `k8s.gcr.io/defaultbackend-amd64`
 `defaultBackend.image.tag` | default backend container image tag | `1.5`
 `defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent`
 `defaultBackend.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. By default uses nobody user. | `65534`
 `defaultBackend.useComponentLabel` | Whether to add component label so the HPA can work separately for controller and defaultBackend. *Note: don't change this if you have an already running deployment as it will need the recreation of the defaultBackend deployment* | `false`
 `defaultBackend.extraArgs` | Additional default backend container arguments | `{}`
 `defaultBackend.extraEnvs` | any additional environment variables to set in the defaultBackend pods | `[]`
 `defaultBackend.port` | Http port number | `8080`
 `defaultBackend.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30
 `defaultBackend.livenessProbe.periodSeconds` | How often to perform the probe | 10
 `defaultBackend.livenessProbe.timeoutSeconds` | When the probe times out | 5
 `defaultBackend.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
 `defaultBackend.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
 `defaultBackend.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 0
 `defaultBackend.readinessProbe.periodSeconds` | How often to perform the probe | 5
 `defaultBackend.readinessProbe.timeoutSeconds` | When the probe times out | 5
 `defaultBackend.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
 `defaultBackend.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6
 `defaultBackend.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
 `defaultBackend.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}`
 `defaultBackend.nodeSelector` | node labels for pod assignment | `{}`
 `defaultBackend.podAnnotations` | annotations to be added to pods | `{}`
 `defaultBackend.deploymentLabels` | labels to add to the deployment metadata | `{}`
 `defaultBackend.podLabels` | labels to add to the pod container metadata | `{}`
 `defaultBackend.replicaCount` | desired number of default backend pods | `1`
 `defaultBackend.minAvailable` | minimum number of available default backend pods for PodDisruptionBudget | `1`
 `defaultBackend.resources` | default backend pod resource requests & limits | `{}`
 `defaultBackend.priorityClassName` | default backend  priorityClassName | `nil`
 `defaultBackend.podSecurityContext` | Security context policies to add to the default backend | `{}`
 `defaultBackend.service.annotations` | annotations for default backend service | `{}`
 `defaultBackend.service.clusterIP` | internal default backend cluster service IP (set to `"-"` to pass an empty value) | `nil`
 `defaultBackend.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the default backend service | `false`
 `defaultBackend.service.externalIPs` | default backend service external IP addresses | `[]`
 `defaultBackend.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
 `defaultBackend.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
 `defaultBackend.service.type` | type of default backend service to create | `ClusterIP`
 `defaultBackend.serviceAccount.create` | if `true`, create a backend service account. Only useful if you need a pod security policy to run the backend. | `true`
 `defaultBackend.serviceAccount.name` | The name of the backend service account to use. If not set and `create` is `true`, a name is generated using the fullname template. Only useful if you need a pod security policy to run the backend. | ``
 `imagePullSecrets` | name of Secret resource containing private registry credentials | `nil`
 `rbac.create` | if `true`, create & use RBAC resources | `true`
 `rbac.scope` | if `true`, do not create & use clusterrole and -binding. Set to `true` in combination with `controller.scope.enabled=true` to disable load-balancer status updates and scope the ingress entirely. | `false`
 `podSecurityPolicy.enabled` | if `true`, create & use Pod Security Policy resources | `false`
 `serviceAccount.create` | if `true`, create a service account for the controller | `true`
 `serviceAccount.name` | The name of the controller service account to use. If not set and `create` is `true`, a name is generated using the fullname template. | ``
 `revisionHistoryLimit` | The number of old history to retain to allow rollback. | `10`
 `tcp` | TCP service key:value pairs. The value is evaluated as a template. | `{}`
 `udp` | UDP service key:value pairs The value is evaluated as a template. | `{}`
 `releaseLabelOverride` | If provided, the value will be used as the `release` label instead of .Release.Name | `""`
 These parameters can be passed via Helm's `--set` option
 ```console
 $ helm install stable/nginx-ingress --name my-release \
    --set controller.metrics.enabled=true
 ```
 Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
 ```console
 $ helm install stable/nginx-ingress --name my-release -f values.yaml
 ```
 A useful trick to debug issues with ingress is to increase the logLevel
 as described [here](https://github.com/kubernetes/ingress-nginx/blob/master/docs/troubleshooting.md#debug)
 ```console
 $ helm install stable/nginx-ingress --set controller.extraArgs.v=2
 ```
 > **Tip**: You can use the default [values.yaml](values.yaml)
 ## PodDisruptionBudget
 Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one,
 else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info.
 ## Prometheus Metrics
 The Nginx ingress controller can export Prometheus metrics.
 ```console
 $ helm install stable/nginx-ingress --name my-release \
    --set controller.metrics.enabled=true
 ```
 You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`.
 ## nginx-ingress nginx\_status page/stats server
 Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller:
 * in [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
 * in [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
  You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230) to re-enable the http server
 ## ExternalDNS Service configuration
 Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
 ```yaml
 controller:
  service:
    annotations:
      external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
 ```
 ## AWS L7 ELB with SSL Termination
 Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/master/deploy/aws/l7/service-l7.yaml):
 ```yaml
 controller:
  service:
    targetPorts:
      http: http
      https: http
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
 ```
 ## AWS L4 NLB with SSL Redirection
 `ssl-redirect` and `force-ssl-redirect` flag are not working with AWS Network Load Balancer. You need to turn if off and add additional port with `server-snippet` in order to make it work.
 The port NLB `80` will be mapped to nginx container port `80` and NLB port `443` will be mapped to nginx container port `8000` (special). Then we use `$server_port` to manage redirection on port `80`
 ```
 controller:
  config:
    ssl-redirect: "false" # we use `special` port to control ssl redirection 
    server-snippet: |
      listen 8000;
      if ( $server_port = 80 ) {
         return 308 https://$host$request_uri;
      }
  containerPort:
    http: 80
    https: 443
    special: 8000
  service:
    targetPorts:
      http: http
      https: special
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "your-arn"
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
 ```
 ## AWS route53-mapper
 To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label:
 ```yaml
 controller:
  service:
    labels:
      dns: "route53"
    annotations:
      domainName: "kubernetes-example.com"
 ```
 ## Ingress Admission Webhooks
 With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
 With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
 ## Helm error when upgrading: spec.clusterIP: Invalid value: ""
 If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
 ```
 Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable
 ```
 Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
 As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customconfig-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customconfig-values.yaml
@ -0,0 +1,4 @@
 controller:
  kind: DaemonSet
  config:
    use-proxy-protocol: "true"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customnodeport-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-customnodeport-values.yaml
@ -0,0 +1,15 @@
 controller:
  kind: DaemonSet
  service:
    type: NodePort
    nodePorts:
      tcp:
        9000: 30090
      udp:
        9001: 30091
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-headers-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-headers-values.yaml
@ -0,0 +1,6 @@
 controller:
  kind: DaemonSet
  addHeaders:
    X-Frame-Options: deny
  proxySetHeaders:
    X-Forwarded-Proto: https
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-nodeport-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-nodeport-values.yaml
@ -0,0 +1,4 @@
 controller:
  kind: DaemonSet
  service:
    type: NodePort
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
@ -0,0 +1,14 @@
 controller:
  kind: DaemonSet
  service:
    type: ClusterIP
  tcp:
    configMapNamespace: default
  udp:
    configMapNamespace: default
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-udp-values.yaml
@ -0,0 +1,10 @@
 controller:
  kind: DaemonSet
  service:
    type: ClusterIP
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/daemonset-tcp-values.yaml
@ -0,0 +1,6 @@
 controller:
  kind: DaemonSet
 tcp:
  9000: "default/test:8080"
  9001: "default/test:8080"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-default-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-default-values.yaml
@ -0,0 +1,2 @@
 controller:
  kind: DaemonSet
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-metrics-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-metrics-values.yaml
@ -0,0 +1,4 @@
 controller:
  kind: DaemonSet
  metrics:
    enabled: true
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-psp-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-psp-values.yaml
@ -0,0 +1,5 @@
 controller:
  kind: DaemonSet
 podSecurityPolicy:
  enabled: true
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-and-psp-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-and-psp-values.yaml
@ -0,0 +1,7 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: true
 podSecurityPolicy:
  enabled: true
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deamonset-webhook-values.yaml
@ -0,0 +1,4 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: true
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-autoscaling-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-autoscaling-values.yaml
@ -0,0 +1,3 @@
 controller:
  autoscaling:
    enabled: true
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customconfig-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customconfig-values.yaml
@ -0,0 +1,3 @@
 controller:
  config:
    use-proxy-protocol: "true"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customnodeport-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-customnodeport-values.yaml
@ -0,0 +1,14 @@
 controller:
  service:
    type: NodePort
    nodePorts:
      tcp:
        9000: 30090
      udp:
        9001: 30091
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-default-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-default-values.yaml
@ -0,0 +1 @@
 # Left blank to test default values
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-headers-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-headers-values.yaml
@ -0,0 +1,5 @@
 controller:
  addHeaders:
    X-Frame-Options: deny
  proxySetHeaders:
    X-Forwarded-Proto: https
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-metrics-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-metrics-values.yaml
@ -0,0 +1,3 @@
 controller:
  metrics:
    enabled: true
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-nodeport-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-nodeport-values.yaml
@ -0,0 +1,3 @@
 controller:
  service:
    type: NodePort
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-psp-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-psp-values.yaml
@ -0,0 +1,2 @@
 podSecurityPolicy:
  enabled: true
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-configMapNamespace-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-configMapNamespace-values.yaml
@ -0,0 +1,13 @@
 controller:
  service:
    type: ClusterIP
  tcp:
    configMapNamespace: default
  udp:
    configMapNamespace: default
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-udp-values.yaml
@ -0,0 +1,9 @@
 controller:
  service:
    type: ClusterIP
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-tcp-values.yaml
@ -0,0 +1,3 @@
 tcp:
  9000: "default/test:8080"
  9001: "default/test:8080"
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-and-psp-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-and-psp-values.yaml
@ -0,0 +1,6 @@
 controller:
  admissionWebhooks:
    enabled: true
 podSecurityPolicy:
  enabled: true
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/ci/deployment-webhook-values.yaml
@ -0,0 +1,3 @@
 controller:
  admissionWebhooks:
    enabled: true
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/NOTES.txt
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/NOTES.txt
@ -0,0 +1,71 @@
 The nginx-ingress controller has been installed.
 {{- if contains "NodePort" .Values.controller.service.type }}
 Get the application URL by running these commands:
 {{- if (not (empty .Values.controller.service.nodePorts.http)) }}
  export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
 {{- else }}
  export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ template "nginx-ingress.controller.fullname" . }})
 {{- end }}
 {{- if (not (empty .Values.controller.service.nodePorts.https)) }}
  export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
 {{- else }}
  export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ template "nginx-ingress.controller.fullname" . }})
 {{- end }}
  export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
  echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
  echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
 {{- else if contains "LoadBalancer" .Values.controller.service.type }}
 It may take a few minutes for the LoadBalancer IP to be available.
 You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ template "nginx-ingress.controller.fullname" . }}'
 {{- else if contains "ClusterIP"  .Values.controller.service.type }}
 Get the application URL by running these commands:
  export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "nginx-ingress.name" . }},component={{ .Values.controller.name }},release={{ template "nginx-ingress.releaseLabel" . }}")
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
  echo "Visit http://127.0.0.1:8080 to access your application."
 {{- end }}
 An example Ingress that makes use of the controller:
  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }}
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                serviceName: exampleService
                servicePort: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - www.example.com
          secretName: example-tls
 If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls
 {{- if .Values.controller.headers }}
 #################################################################################
 ######   WARNING: `controller.headers` has been deprecated!                 #####
 ######            It has been renamed to `controller.proxySetHeaders`.      #####
 #################################################################################
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/_helpers.tpl
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/_helpers.tpl
@ -0,0 +1,134 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "nginx-ingress.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "nginx-ingress.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "nginx-ingress.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create a default fully qualified controller name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "nginx-ingress.controller.fullname" -}}
 {{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Allow for the ability to override the release name used as a label in many places.
 */}}
 {{- define "nginx-ingress.releaseLabel" -}}
 {{- .Values.releaseLabelOverride | default .Release.Name | trunc 63 -}}
 {{- end -}}
 {{/*
 Construct the path for the publish-service.
 By convention this will simply use the <namespace>/<controller-name> to match the name of the
 service generated.
 Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
 */}}
 {{- define "nginx-ingress.controller.publishServicePath" -}}
 {{- $defServiceName := printf "%s/%s" .Release.Namespace (include "nginx-ingress.controller.fullname" .) -}}
 {{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
 {{- print $servicePath | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified default backend name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "nginx-ingress.defaultBackend.fullname" -}}
 {{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create the name of the controller service account to use
 */}}
 {{- define "nginx-ingress.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create -}}
    {{ default (include "nginx-ingress.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
 */}}
 {{- define "nginx-ingress.defaultBackend.serviceAccountName" -}}
 {{- if .Values.defaultBackend.serviceAccount.create -}}
    {{ default (printf "%s-backend" (include "nginx-ingress.fullname" .)) .Values.defaultBackend.serviceAccount.name }}
 {{- else -}}
    {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Return the appropriate apiVersion for deployment.
 */}}
 {{- define "deployment.apiVersion" -}}
 {{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
 {{- print "apps/v1" -}}
 {{- else -}}
 {{- print "extensions/v1beta1" -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Return the appropriate apiGroup for PodSecurityPolicy.
 */}}
 {{- define "podSecurityPolicy.apiGroup" -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 {{- print "policy" -}}
 {{- else -}}
 {{- print "extensions" -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Return the appropriate apiVersion for podSecurityPolicy.
 */}}
 {{- define "podSecurityPolicy.apiVersion" -}}
 {{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
 {{- print "policy/v1beta1" -}}
 {{- else -}}
 {{- print "extensions/v1beta1" -}}
 {{- end -}}
 {{- end -}}
 {{- define "system_default_registry" -}}
 {{- if .Values.global.systemDefaultRegistry -}}
 {{- printf "%s/" .Values.global.systemDefaultRegistry -}}
 {{- else -}}
 {{- "" -}}
 {{- end -}}
 {{- end -}}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/addheaders-configmap.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/addheaders-configmap.yaml
@ -0,0 +1,14 @@
 {{- if .Values.controller.addHeaders }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}-custom-add-headers
 data:
 {{ toYaml .Values.controller.addHeaders | indent 2 }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrole.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrole.yaml
@ -0,0 +1,30 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name:  {{ template "nginx-ingress.fullname" . }}-admission
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 rules:
  - apiGroups:
      - admissionregistration.k8s.io
    resources:
      - validatingwebhookconfigurations
    verbs:
      - get
      - update
 {{- if .Values.podSecurityPolicy.enabled }}
  - apiGroups: ['extensions']
    resources: ['podsecuritypolicies']
    verbs:     ['use']
    resourceNames:
    - {{ template "nginx-ingress.fullname" . }}-admission
 {{- end }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@ -0,0 +1,23 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name:  {{ template "nginx-ingress.fullname" . }}-admission
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ template "nginx-ingress.fullname" . }}-admission
 subjects:
  - kind: ServiceAccount
    name: {{ template "nginx-ingress.fullname" . }}-admission
    namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-createSecret.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-createSecret.yaml
@ -0,0 +1,55 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ template "nginx-ingress.fullname" . }}-admission-create
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 spec:
  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
  # Alpha feature since k8s 1.12
  ttlSecondsAfterFinished: 0
  {{- end }}
  template:
    metadata:
      name: {{ template "nginx-ingress.fullname" . }}-admission-create
 {{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
      annotations:
 {{ toYaml .  | indent 8 }}
 {{- end }}
      labels:
        app: {{ template "nginx-ingress.name" . }}
        chart: {{ template "nginx-ingress.chart" . }}
        component: "{{ .Values.controller.name }}"
        heritage: {{ .Release.Service }}
        release: {{ template "nginx-ingress.releaseLabel" . }}
    spec:
      {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
      priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
      {{- end }}
      containers:
        - name: create
          image: {{ template "system_default_registry" . }}{{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
          imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
          args:
            - create
            - --host={{ template "nginx-ingress.controller.fullname" . }}-admission,{{ template "nginx-ingress.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc
            - --namespace={{ .Release.Namespace }}
            - --secret-name={{ template "nginx-ingress.fullname". }}-admission
      restartPolicy: OnFailure
      serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission
      {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
      nodeSelector:
 {{ toYaml . | indent 8 }}
      {{- end }}
      securityContext:
        runAsNonRoot: true
        runAsUser: 2000
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@ -0,0 +1,57 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ template "nginx-ingress.fullname" . }}-admission-patch
  annotations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 spec:
  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
  # Alpha feature since k8s 1.12
  ttlSecondsAfterFinished: 0
  {{- end }}
  template:
    metadata:
      name:   {{ template "nginx-ingress.fullname" . }}-admission-patch
 {{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
      annotations:
 {{ toYaml .  | indent 8 }}
 {{- end }}
      labels:
        app: {{ template "nginx-ingress.name" . }}
        chart: {{ template "nginx-ingress.chart" . }}
        component: "{{ .Values.controller.name }}"
        heritage: {{ .Release.Service }}
        release: {{ template "nginx-ingress.releaseLabel" . }}
    spec:
      {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
      priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
      {{- end }}
      containers:
        - name: patch
          image: {{ template "system_default_registry" . }}{{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
          imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }}
          args:
            - patch
            - --webhook-name={{ template "nginx-ingress.fullname" . }}-admission
            - --namespace={{ .Release.Namespace }}
            - --patch-mutating=false
            - --secret-name={{ template "nginx-ingress.fullname". }}-admission
            - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
      restartPolicy: OnFailure
      serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission
      {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
      nodeSelector:
 {{ toYaml . | indent 8 }}
      {{- end }}
      securityContext:
        runAsNonRoot: true
        runAsUser: 2000
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/psp.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/psp.yaml
@ -0,0 +1,39 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: {{ template "nginx-ingress.fullname" . }}-admission
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 spec:
  allowPrivilegeEscalation: false
  fsGroup:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  requiredDropCapabilities:
  - ALL
  runAsUser:
    rule: MustRunAsNonRoot
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  volumes:
  - configMap
  - emptyDir
  - projected
  - secret
  - downwardAPI
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/role.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/role.yaml
@ -0,0 +1,23 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name:  {{ template "nginx-ingress.fullname" . }}-admission
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/rolebinding.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/rolebinding.yaml
@ -0,0 +1,23 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name:  {{ template "nginx-ingress.fullname" . }}-admission
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ template "nginx-ingress.fullname" . }}-admission
 subjects:
  - kind: ServiceAccount
    name: {{ template "nginx-ingress.fullname" . }}-admission
    namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/serviceaccount.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/job-patch/serviceaccount.yaml
@ -0,0 +1,15 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name:  {{ template "nginx-ingress.fullname" . }}-admission
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/validating-webhook.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/admission-webhooks/validating-webhook.yaml
@ -0,0 +1,31 @@
 {{- if .Values.controller.admissionWebhooks.enabled }}
 apiVersion: admissionregistration.k8s.io/v1beta1
 kind: ValidatingWebhookConfiguration
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}-admission
    chart: {{ template "nginx-ingress.chart" . }}
    component: "admission-webhook"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}-admission
 webhooks:
  - name: validate.nginx.ingress.kubernetes.io
    rules:
      - apiGroups:
          - extensions
          - networking.k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - ingresses
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ template "nginx-ingress.controller.fullname" . }}-admission
        path: /extensions/v1beta1/ingresses
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrole.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrole.yaml
@ -0,0 +1,71 @@
 {{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}
 rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
    verbs:
      - list
      - watch
 {{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
  - apiGroups:
      - ""
    resources:
      - namespaces
    resourceNames:
      - "{{ .Values.controller.scope.namespace }}"
    verbs:
      - get
 {{- end }}
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - update
      - watch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses/status
    verbs:
      - update
 {{- end -}}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrolebinding.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/clusterrolebinding.yaml
@ -0,0 +1,19 @@
 {{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ template "nginx-ingress.fullname" . }}
 subjects:
  - kind: ServiceAccount
    name: {{ template "nginx-ingress.serviceAccountName" . }}
    namespace: {{ .Release.Namespace }}
 {{- end -}}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-configmap.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-configmap.yaml
@ -0,0 +1,22 @@
 {{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.controller.fullname" . }}
 data:
 {{- if .Values.controller.addHeaders }}
  add-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-add-headers
 {{- end }}
 {{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
  proxy-set-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
 {{- end }}
 {{- if .Values.controller.config }}
 {{ toYaml .Values.controller.config | indent 2 }}
 {{- end }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-daemonset.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-daemonset.yaml
@ -0,0 +1,257 @@
 {{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") }}
 {{- $useHostPort := .Values.controller.daemonset.useHostPort -}}
 {{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
 apiVersion: {{ template "deployment.apiVersion" . }}
 kind: DaemonSet
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
    app.kubernetes.io/component: controller
  name: {{ template "nginx-ingress.controller.fullname" . }}
  annotations:    
 {{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
 spec:
  selector:
    matchLabels:
      app: {{ template "nginx-ingress.name" . }}
      release: {{ template "nginx-ingress.releaseLabel" . }}
    {{- if .Values.controller.useComponentLabel }}
      app.kubernetes.io/component: controller
    {{- end }}
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
  updateStrategy:
 {{ toYaml .Values.controller.updateStrategy | indent 4 }}
  minReadySeconds: {{ .Values.controller.minReadySeconds }}
  template:
    metadata:
      {{- if .Values.controller.podAnnotations }}
      annotations:
      {{- range $key, $value := .Values.controller.podAnnotations }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- end }}
      labels:
        app: {{ template "nginx-ingress.name" . }}
        release: {{ template "nginx-ingress.releaseLabel" . }}
        component: "{{ .Values.controller.name }}"
        app.kubernetes.io/component: controller
        {{- if .Values.controller.podLabels }}
 {{ toYaml .Values.controller.podLabels | indent 8}}
        {{- end }}
    spec:
 {{- if .Values.controller.dnsConfig }}
      dnsConfig:
 {{ toYaml .Values.controller.dnsConfig | indent 8 }}
 {{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
      {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
      {{- end }}
 {{- if .Values.controller.priorityClassName }}
      priorityClassName: "{{ .Values.controller.priorityClassName }}"
 {{- end }}
      {{- if .Values.controller.podSecurityContext }}
      securityContext:
 {{ toYaml .Values.controller.podSecurityContext | indent 8 }}
      {{- end }}
      containers:
        - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
          imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
          {{- if .Values.controller.lifecycle }}
          lifecycle:
 {{ toYaml .Values.controller.lifecycle | indent 12 }}
          {{- end }}
          args:
            - /nginx-ingress-controller
          {{- if .Values.defaultBackend.enabled }}
            - --default-backend-service={{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }}
          {{- else }}
            {{- if (semverCompare "<0.21.0" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
            - --default-backend-service={{ required ".Values.controller.defaultBackendService is required if .Values.defaultBackend.enabled=false and .Values.controller.image.tag < 0.21.0" .Values.controller.defaultBackendService }}
            {{- else if .Values.controller.defaultBackendService }}
            - --default-backend-service={{ .Values.controller.defaultBackendService }}
            {{- end }}
          {{- end }}
          {{- if and (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) .Values.controller.publishService.enabled }}
            - --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }}
          {{- end }}
          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
            - --election-id={{ .Values.controller.electionID }}
          {{- end }}
          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
            - --ingress-class={{ .Values.controller.ingressClass }}
          {{- end }}
          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
            - --configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
          {{- else }}
            - --nginx-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
          {{- end }}
          {{- if .Values.tcp }}
            - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
          {{- end }}
          {{- if .Values.udp }}
            - --udp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-udp
          {{- end }}
          {{- if .Values.controller.scope.enabled }}
            - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
          {{- end }}
          {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork)}}
            - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
            - --validating-webhook-certificate=/usr/local/certificates/cert
            - --validating-webhook-key=/usr/local/certificates/key
          {{- end }}
          {{- if .Values.controller.maxmindLicenseKey }}
            - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
          {{- end }}
          {{- range $key, $value := .Values.controller.extraArgs }}
            {{- if $value }}
            - --{{ $key }}={{ $value }}
            {{- else }}
            - --{{ $key }}
            {{- end }}
          {{- end }}
          {{- if (semverCompare ">=0.16.0" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
          securityContext:
            capabilities:
                drop:
                - ALL
                add:
                - NET_BIND_SERVICE
            runAsUser: {{ .Values.controller.image.runAsUser }}
            allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
          {{- end }}
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          {{- if .Values.controller.extraEnvs }}
 {{ toYaml .Values.controller.extraEnvs | indent 12 }}
          {{- end }}
          livenessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.controller.livenessProbe.port }}
              scheme: HTTP
            initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
          ports:
          {{- range $key, $value := .Values.controller.containerPort }}
            - name: {{ $key }}
              containerPort: {{ $value }}
              protocol: TCP
              {{- if $useHostPort }}
              hostPort: {{ index $hostPorts $key | default $value }}
              {{- end }}
          {{- end }}
          {{- if .Values.controller.metrics.enabled }}
            - name: metrics
              containerPort: {{ .Values.controller.metrics.port }}
              protocol: TCP
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - name: webhook
              containerPort: {{ .Values.controller.admissionWebhooks.port }}
              protocol: TCP
          {{- end }}
          {{- range $key, $value := .Values.tcp }}
            - name: "{{ $key }}-tcp"
              containerPort: {{ $key }}
              protocol: TCP
              {{- if $useHostPort }}
              hostPort: {{ $key }}
              {{- end }}
          {{- end }}
          {{- range $key, $value := .Values.udp }}
            - name: "{{ $key }}-udp"
              containerPort: {{ $key }}
              protocol: UDP
              {{- if $useHostPort }}
              hostPort: {{ $key }}
              {{- end }}
          {{- end }}
          readinessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.controller.readinessProbe.port }}
              scheme: HTTP
            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
 {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
          volumeMounts:
 {{- end }}
 {{- if .Values.controller.customTemplate.configMapName }}
            - mountPath: /etc/nginx/template
              name: nginx-template-volume
              readOnly: true
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.enabled }}
            - name: webhook-cert
              mountPath: "/usr/local/certificates/"
              readOnly: true
 {{- end }}
 {{- if .Values.controller.extraVolumeMounts }}
 {{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
 {{- end }}
          resources:
 {{ toYaml .Values.controller.resources | indent 12 }}
 {{- if .Values.controller.extraContainers }}
 {{ toYaml .Values.controller.extraContainers | indent 8}}
 {{- end }}
 {{- if .Values.controller.extraInitContainers }}
      initContainers:
 {{ toYaml .Values.controller.extraInitContainers | indent 8}}
 {{- end }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
    {{- if .Values.controller.nodeSelector }}
      nodeSelector:
 {{ toYaml .Values.controller.nodeSelector | indent 8 }}
    {{- end }}
    {{- if .Values.controller.tolerations }}
      tolerations:
 {{ toYaml .Values.controller.tolerations | indent 8 }}
    {{- end }}
    {{- if .Values.controller.affinity }}
      affinity:
 {{ toYaml .Values.controller.affinity | indent 8 }}
    {{- end }}
      serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }}
      terminationGracePeriodSeconds: 60
 {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
      volumes:
 {{- end }}
 {{- if .Values.controller.customTemplate.configMapName }}
        - name: nginx-template-volume
          configMap:
            name: {{ .Values.controller.customTemplate.configMapName }}
            items:
            - key: {{ .Values.controller.customTemplate.configMapKey }}
              path: nginx.tmpl
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.enabled }}
        - name: webhook-cert
          secret:
            secretName: {{ template "nginx-ingress.fullname". }}-admission
 {{- end }}
 {{- if .Values.controller.extraVolumes }}
 {{ toYaml .Values.controller.extraVolumes | indent 8}}
 {{- end }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-deployment.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-deployment.yaml
@ -0,0 +1,255 @@
 {{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
 apiVersion: {{ template "deployment.apiVersion" . }}
 kind: Deployment
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
    app.kubernetes.io/component: controller
    {{- if .Values.controller.deploymentLabels }}
 {{ toYaml .Values.controller.deploymentLabels | indent 4 }}
    {{- end }}
  name: {{ template "nginx-ingress.controller.fullname" . }}
  annotations:
 {{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
 spec:
  selector:
    matchLabels:
      app: {{ template "nginx-ingress.name" . }}
      release: {{ template "nginx-ingress.releaseLabel" . }}
    {{- if .Values.controller.useComponentLabel }}
      app.kubernetes.io/component: controller
    {{- end }}
 {{- if not .Values.controller.autoscaling.enabled }}
  replicas: {{ .Values.controller.replicaCount }}
 {{- end }}
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
  strategy:
 {{ toYaml .Values.controller.updateStrategy | indent 4 }}
  minReadySeconds: {{ .Values.controller.minReadySeconds }}
  template:
    metadata:
      {{- if .Values.controller.podAnnotations }}
      annotations:
      {{- range $key, $value := .Values.controller.podAnnotations }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- end }}
      labels:
        app: {{ template "nginx-ingress.name" . }}
        release: {{ template "nginx-ingress.releaseLabel" . }}
        component: "{{ .Values.controller.name }}"
        app.kubernetes.io/component: controller
        {{- if .Values.controller.podLabels }}
 {{ toYaml .Values.controller.podLabels | indent 8 }}
        {{- end }}
    spec:
 {{- if .Values.controller.dnsConfig }}
      dnsConfig:
 {{ toYaml .Values.controller.dnsConfig | indent 8 }}
 {{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
      {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
      {{- end }}
 {{- if .Values.controller.priorityClassName }}
      priorityClassName: "{{ .Values.controller.priorityClassName }}"
 {{- end }}
      {{- if .Values.controller.podSecurityContext }}
      securityContext:
 {{ toYaml .Values.controller.podSecurityContext | indent 8 }}
      {{- end }}
      containers:
        - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
          imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
          {{- if .Values.controller.lifecycle }}
          lifecycle:
 {{ toYaml .Values.controller.lifecycle | indent 12 }}
          {{- end }}
          args:
            - /nginx-ingress-controller
          {{- if .Values.defaultBackend.enabled }}
            - --default-backend-service={{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }}
          {{- else }}
            {{- if (semverCompare "<0.21.0" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
            - --default-backend-service={{ required ".Values.controller.defaultBackendService is required if .Values.defaultBackend.enabled=false and .Values.controller.image.tag < 0.21.0" .Values.controller.defaultBackendService }}
            {{- else if .Values.controller.defaultBackendService }}
            - --default-backend-service={{ .Values.controller.defaultBackendService }}
            {{- end }}
          {{- end }}
          {{- if and (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) .Values.controller.publishService.enabled }}
            - --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }}
          {{- end }}
          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
            - --election-id={{ .Values.controller.electionID }}
          {{- end }}
          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
            - --ingress-class={{ .Values.controller.ingressClass }}
          {{- end }}
          {{- if (semverCompare ">=0.9.0-beta.1" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
            - --configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }}
          {{- else }}
            - --nginx-configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }}
          {{- end }}
          {{- if .Values.tcp }}
            - --tcp-services-configmap={{ default .Release.Namespace .Values.controller.tcp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
          {{- end }}
          {{- if .Values.udp }}
            - --udp-services-configmap={{ default .Release.Namespace .Values.controller.udp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-udp
          {{- end }}
          {{- if .Values.controller.scope.enabled }}
            - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
          {{- end }}
          {{- if and (.Values.controller.scope.enabled) (.Values.rbac.scope) }}
            - --update-status=false
          {{- end }}
          {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork) }}
            - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
            - --validating-webhook-certificate=/usr/local/certificates/cert
            - --validating-webhook-key=/usr/local/certificates/key
          {{- end }}
          {{- if .Values.controller.maxmindLicenseKey }}
            - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
          {{- end }}
          {{- range $key, $value := .Values.controller.extraArgs }}
            {{- if $value }}
            - --{{ $key }}={{ $value }}
            {{- else }}
            - --{{ $key }}
            {{- end }}
          {{- end }}
          {{- if (semverCompare ">=0.16.0" (trimPrefix "nginx-" .Values.controller.image.tag)) }}
          securityContext:
            capabilities:
                drop:
                - ALL
                add:
                - NET_BIND_SERVICE
            runAsUser: {{ .Values.controller.image.runAsUser }}
            allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
          {{- end }}
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          {{- if .Values.controller.extraEnvs }}
 {{ toYaml .Values.controller.extraEnvs | indent 12 }}
          {{- end }}
          livenessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.controller.livenessProbe.port }}
              scheme: HTTP
            initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
          ports:
          {{- range $key, $value := .Values.controller.containerPort }}
            - name: {{ $key }}
              containerPort: {{ $value }}
              protocol: TCP
          {{- end }}
          {{- if .Values.controller.metrics.enabled }}
            - name: metrics
              containerPort: {{ .Values.controller.metrics.port }}
              protocol: TCP
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - name: webhook
              containerPort: {{ .Values.controller.admissionWebhooks.port }}
              protocol: TCP
          {{- end }}
          {{- range $key, $value := .Values.tcp }}
            - name: "{{ $key }}-tcp"
              containerPort: {{ $key }}
              protocol: TCP
          {{- end }}
          {{- range $key, $value := .Values.udp }}
            - name: "{{ $key }}-udp"
              containerPort: {{ $key }}
              protocol: UDP
          {{- end }}
          readinessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.controller.readinessProbe.port }}
              scheme: HTTP
            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
 {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
          volumeMounts:
 {{- end }}
 {{- if .Values.controller.customTemplate.configMapName }}
            - mountPath: /etc/nginx/template
              name: nginx-template-volume
              readOnly: true
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.enabled }}
            - name: webhook-cert
              mountPath: "/usr/local/certificates/"
              readOnly: true
 {{- end }}
 {{- if .Values.controller.extraVolumeMounts }}
 {{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
 {{- end }}
          resources:
 {{ toYaml .Values.controller.resources | indent 12 }}
 {{- if .Values.controller.extraContainers }}
 {{ toYaml .Values.controller.extraContainers | indent 8}}
 {{- end }}
 {{- if .Values.controller.extraInitContainers }}
      initContainers:
 {{ toYaml .Values.controller.extraInitContainers | indent 8}}
 {{- end }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
    {{- if .Values.controller.nodeSelector }}
      nodeSelector:
 {{ toYaml .Values.controller.nodeSelector | indent 8 }}
    {{- end }}
    {{- if .Values.controller.tolerations }}
      tolerations:
 {{ toYaml .Values.controller.tolerations | indent 8 }}
    {{- end }}
    {{- if .Values.controller.affinity }}
      affinity:
 {{ toYaml .Values.controller.affinity | indent 8 }}
    {{- end }}
      serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }}
      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
 {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
      volumes:
 {{- end }}
 {{- if .Values.controller.customTemplate.configMapName }}
        - name: nginx-template-volume
          configMap:
            name: {{ .Values.controller.customTemplate.configMapName }}
            items:
            - key: {{ .Values.controller.customTemplate.configMapKey }}
              path: nginx.tmpl
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.enabled }}
        - name: webhook-cert
          secret:
            secretName: {{ template "nginx-ingress.fullname". }}-admission
 {{- end }}
 {{- if .Values.controller.extraVolumes }}
 {{ toYaml .Values.controller.extraVolumes | indent 8}}
 {{- end }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-hpa.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-hpa.yaml
@ -0,0 +1,34 @@
 {{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
 {{- if .Values.controller.autoscaling.enabled }}
 apiVersion: autoscaling/v2beta1
 kind: HorizontalPodAutoscaler
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.controller.fullname" . }}
 spec:
  scaleTargetRef:
    apiVersion: {{ template "deployment.apiVersion" . }}
    kind: Deployment
    name: {{ template "nginx-ingress.controller.fullname" . }}
  minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
  metrics:
 {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
    - type: Resource
      resource:
        name: cpu
        targetAverageUtilization: {{ . }}
 {{- end }}
 {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
    - type: Resource
      resource:
        name: memory
        targetAverageUtilization: {{ . }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-metrics-service.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-metrics-service.yaml
@ -0,0 +1,47 @@
 {{- if .Values.controller.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.controller.metrics.service.annotations }}
  annotations:
  {{- range $key, $value := .Values.controller.metrics.service.annotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
 {{- end }}
  labels:
 {{- if .Values.controller.metrics.service.labels }}
 {{ toYaml .Values.controller.metrics.service.labels | indent 4 }}
 {{- end }}
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.controller.fullname" . }}-metrics
 spec:
 {{- if not .Values.controller.metrics.service.omitClusterIP }}
  {{- with .Values.controller.metrics.service.clusterIP }}
  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
  {{- end }}
 {{- end }}
 {{- if .Values.controller.metrics.service.externalIPs }}
  externalIPs:
 {{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }}
 {{- end }}
 {{- if .Values.controller.metrics.service.loadBalancerIP }}
  loadBalancerIP: "{{ .Values.controller.metrics.service.loadBalancerIP }}"
 {{- end }}
 {{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges:
 {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
  ports:
    - name: metrics
      port: {{ .Values.controller.metrics.service.servicePort }}
      targetPort: metrics
  selector:
    app: {{ template "nginx-ingress.name" . }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
    app.kubernetes.io/component: controller
  type: "{{ .Values.controller.metrics.service.type }}"
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-poddisruptionbudget.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-poddisruptionbudget.yaml
@ -0,0 +1,19 @@
 {{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) }}
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    app.kubernetes.io/component: controller
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.controller.fullname" . }}
 spec:
  selector:
    matchLabels:
      app: {{ template "nginx-ingress.name" . }}
      release: {{ template "nginx-ingress.releaseLabel" . }}
      app.kubernetes.io/component: controller
  minAvailable: {{ .Values.controller.minAvailable }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-prometheusrules.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-prometheusrules.yaml
@ -0,0 +1,24 @@
 {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ template "nginx-ingress.controller.fullname" . }}
  {{- if .Values.controller.metrics.prometheusRule.namespace }}
  namespace: {{ .Values.controller.metrics.prometheusRule.namespace }}
  {{- end }}
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
    {{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
 {{ toYaml .Values.controller.metrics.prometheusRule.additionalLabels | indent 4 }}
    {{- end }}
 spec:
  {{- with .Values.controller.metrics.prometheusRule.rules }}
  groups:
  - name: {{ template "nginx-ingress.name" $ }}
    rules: {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-psp.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-psp.yaml
@ -0,0 +1,80 @@
 {{- if .Values.podSecurityPolicy.enabled}}
 apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
 kind: PodSecurityPolicy
 metadata:
  name: {{ template "nginx-ingress.fullname" . }}
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 spec:
  allowedCapabilities:
    - NET_BIND_SERVICE
  privileged: false
  allowPrivilegeEscalation: true
  # Allow core volume types.
  volumes:
    - 'configMap'
    #- 'emptyDir'
    - 'projected'
    - 'secret'
    #- 'downwardAPI'
  hostNetwork: {{ .Values.controller.hostNetwork }}
 {{- if or .Values.controller.hostNetwork .Values.controller.daemonset.useHostPort }}
  hostPorts:
 {{- if .Values.controller.hostNetwork }}
 {{- range $key, $value := .Values.controller.containerPort }}
  # {{ $key }}
  - min: {{ $value }}
    max: {{ $value }}
 {{- end }}
 {{- else if .Values.controller.daemonset.useHostPort }}
 {{- range $key, $value := .Values.controller.daemonset.hostPorts }}
  # {{ $key }}
  - min: {{ $value }}
    max: {{ $value }}
 {{- end }}
 {{- end }}
 {{- if .Values.controller.metrics.enabled }}
  # metrics
  - min: {{ .Values.controller.metrics.port }}
    max: {{ .Values.controller.metrics.port }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.enabled }}
  # admission webhooks
  - min: {{ .Values.controller.admissionWebhooks.port }}
    max: {{ .Values.controller.admissionWebhooks.port }}
 {{- end }}
 {{- range $key, $value := .Values.tcp }}
  # {{ $key }}-tcp
  - min: {{ $key }}
    max: {{ $key }}
 {{- end }}
 {{- range $key, $value := .Values.udp }}
  # {{ $key }}-udp
  - min: {{ $key }}
    max: {{ $key }}
 {{- end }}
 {{- end }}
  hostIPC: false
  hostPID: false
  runAsUser:
    # Require the container to run without root privileges.
    rule: 'MustRunAsNonRoot'
  supplementalGroups:
    rule: 'MustRunAs'
    ranges:
      # Forbid adding the root group.
      - min: 1
        max: 65535
  fsGroup:
    rule: 'MustRunAs'
    ranges:
      # Forbid adding the root group.
      - min: 1
        max: 65535
  readOnlyRootFilesystem: false
  seLinux:
    rule: 'RunAsAny'
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-role.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-role.yaml
@ -0,0 +1,91 @@
 {{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}
 rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - configmaps
      - pods
      - secrets
      - endpoints
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - update
      - watch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    resourceNames:
      - {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}
    verbs:
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - endpoints
    verbs:
      - create
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
 {{- if .Values.podSecurityPolicy.enabled }}
  - apiGroups:      ['{{ template "podSecurityPolicy.apiGroup" . }}']
    resources:      ['podsecuritypolicies']
    verbs:          ['use']
    resourceNames:  [{{ template "nginx-ingress.fullname" . }}]
 {{- end }}
 {{- end -}}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-rolebinding.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-rolebinding.yaml
@ -0,0 +1,19 @@
 {{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ template "nginx-ingress.fullname" . }}
 subjects:
  - kind: ServiceAccount
    name: {{ template "nginx-ingress.serviceAccountName" . }}
    namespace: {{ .Release.Namespace }}
 {{- end -}}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-service.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-service.yaml
@ -0,0 +1,94 @@
 {{- if .Values.controller.service.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.controller.service.annotations }}
  annotations:
  {{- range $key, $value := .Values.controller.service.annotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
 {{- end }}
  labels:
 {{- if .Values.controller.service.labels }}
 {{ toYaml .Values.controller.service.labels | indent 4 }}
 {{- end }}
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.controller.fullname" . }}
 spec:
 {{- if not .Values.controller.service.omitClusterIP }}
  {{- with .Values.controller.service.clusterIP }}
  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
  {{- end }}
 {{- end }}
 {{- if .Values.controller.service.externalIPs }}
  externalIPs:
 {{ toYaml .Values.controller.service.externalIPs | indent 4 }}
 {{- end }}
 {{- if .Values.controller.service.loadBalancerIP }}
  loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
 {{- end }}
 {{- if .Values.controller.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges:
 {{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
 {{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.externalTrafficPolicy) }}
  externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}"
 {{- end }}
 {{- if .Values.controller.service.sessionAffinity }}
  sessionAffinity: "{{ .Values.controller.service.sessionAffinity }}"
 {{- end }}
 {{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.healthCheckNodePort) }}
  healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
 {{- end }}
  ports:
    {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
    {{- if .Values.controller.service.enableHttp }}
    - name: http
      port: {{ .Values.controller.service.ports.http }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.http }}
      {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
      nodePort: {{ .Values.controller.service.nodePorts.http }}
      {{- end }}
    {{- end }}
    {{- if .Values.controller.service.enableHttps }}
    - name: https
      port: {{ .Values.controller.service.ports.https }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.https }}
      {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
      nodePort: {{ .Values.controller.service.nodePorts.https }}
      {{- end }}
    {{- end }}
  {{- range $key, $value := .Values.tcp }}
    - name: "{{ $key }}-tcp"
      port: {{ $key }}
      protocol: TCP
      targetPort: "{{ $key }}-tcp"
     {{- if $.Values.controller.service.nodePorts.tcp }}
      {{- if index $.Values.controller.service.nodePorts.tcp $key }}
      nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
      {{- end }}
     {{- end }}
  {{- end }}
  {{- range $key, $value := .Values.udp }}
    - name: "{{ $key }}-udp"
      port: {{ $key }}
      protocol: UDP
      targetPort: "{{ $key }}-udp"
     {{- if $.Values.controller.service.nodePorts.udp }}
      {{- if index $.Values.controller.service.nodePorts.udp $key }}
      nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
      {{- end }}
     {{- end }}
  {{- end }}
  selector:
    app: {{ template "nginx-ingress.name" . }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
    app.kubernetes.io/component: controller
  type: "{{ .Values.controller.service.type }}"
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-serviceaccount.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-serviceaccount.yaml
@ -0,0 +1,11 @@
 {{- if or .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.serviceAccountName" . }}
 {{- end -}}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-servicemonitor.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-servicemonitor.yaml
@ -0,0 +1,38 @@
 {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "nginx-ingress.controller.fullname" . }}
  {{- if .Values.controller.metrics.serviceMonitor.namespace }}
  namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
  {{- end }}
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
    {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
 {{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }}
    {{- end }}
 spec:
  endpoints:
    - port: metrics
      interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
      {{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
      honorLabels: true
      {{- end }}
  {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
  namespaceSelector:
 {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | indent 4 -}}
  {{ else }}
  namespaceSelector:
    matchNames:
      - {{ .Release.Namespace }}
  {{- end }}
  selector:
    matchLabels:
      app: {{ template "nginx-ingress.name" . }}
      component: "{{ .Values.controller.name }}"
      release: {{ template "nginx-ingress.releaseLabel" . }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-webhook-service.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/controller-webhook-service.yaml
@ -0,0 +1,44 @@
 {{- if .Values.controller.admissionWebhooks.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.controller.admissionWebhooks.service.annotations }}
  annotations:
  {{- range $key, $value := .Values.controller.admissionWebhooks.service.annotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
 {{- end }}
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.controller.fullname" . }}-admission
 spec:
 {{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }}
  {{- with .Values.controller.admissionWebhooks.service.clusterIP }}
  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
  {{- end }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.service.externalIPs }}
  externalIPs:
 {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | indent 4 }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
  loadBalancerIP: "{{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}"
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges:
 {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
  ports:
    - name: https-webhook
      port: 443
      targetPort: webhook
  selector:
    app: {{ template "nginx-ingress.name" . }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
    app.kubernetes.io/component: controller
  type: "{{ .Values.controller.admissionWebhooks.service.type }}"
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-deployment.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-deployment.yaml
@ -0,0 +1,110 @@
 {{- if .Values.defaultBackend.enabled }}
 apiVersion: {{ template "deployment.apiVersion" . }}
 kind: Deployment
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
    app.kubernetes.io/component: default-backend
    {{- if .Values.defaultBackend.deploymentLabels }}
 {{ toYaml .Values.defaultBackend.deploymentLabels | indent 4 }}
    {{- end }}
  name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
 spec:
  selector:
    matchLabels:
      app: {{ template "nginx-ingress.name" . }}
      release: {{ template "nginx-ingress.releaseLabel" . }}
    {{- if .Values.defaultBackend.useComponentLabel }}
      app.kubernetes.io/component: default-backend
    {{- end }}
  replicas: {{ .Values.defaultBackend.replicaCount }}
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
  template:
    metadata:
    {{- if .Values.defaultBackend.podAnnotations }}
      annotations:
      {{- range $key, $value := .Values.defaultBackend.podAnnotations }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
    {{- end }}
      labels:
        app: {{ template "nginx-ingress.name" . }}
        release: {{ template "nginx-ingress.releaseLabel" . }}
        app.kubernetes.io/component: default-backend
        {{- if .Values.defaultBackend.podLabels }}
 {{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
        {{- end }}
    spec:
      {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
      {{- end }}
 {{- if .Values.defaultBackend.priorityClassName }}
      priorityClassName: "{{ .Values.defaultBackend.priorityClassName }}"
 {{- end }}
      {{- if .Values.defaultBackend.podSecurityContext }}
      securityContext:
 {{ toYaml .Values.defaultBackend.podSecurityContext | indent 8 }}
      {{- end }}
      containers:
        - name: {{ template "nginx-ingress.name" . }}-{{ .Values.defaultBackend.name }}
          image:  {{ template "system_default_registry" . }}{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}
          imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}"
          args:
          {{- range $key, $value := .Values.defaultBackend.extraArgs }}
            {{- if $value }}
            - --{{ $key }}={{ $value }}
            {{- else }}
            - --{{ $key }}
            {{- end }}
          {{- end }}
          securityContext:
            runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
          {{- if .Values.defaultBackend.extraEnvs }}
          env:
 {{ toYaml .Values.defaultBackend.extraEnvs | indent 12 }}
          {{- end }}
          livenessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.defaultBackend.port }}
              scheme: HTTP
            initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }}
          readinessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.defaultBackend.port }}
              scheme: HTTP
            initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }}
          ports:
            - name: http
              containerPort: {{ .Values.defaultBackend.port }}
              protocol: TCP
          resources:
 {{ toYaml .Values.defaultBackend.resources | indent 12 }}
    {{- if .Values.defaultBackend.nodeSelector }}
      nodeSelector:
 {{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }}
    {{- end }}
      serviceAccountName: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
    {{- if .Values.defaultBackend.tolerations }}
      tolerations:
 {{ toYaml .Values.defaultBackend.tolerations | indent 8 }}
    {{- end }}
    {{- if .Values.defaultBackend.affinity }}
      affinity:
 {{ toYaml .Values.defaultBackend.affinity | indent 8 }}
    {{- end }}
      terminationGracePeriodSeconds: 60
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-poddisruptionbudget.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-poddisruptionbudget.yaml
@ -0,0 +1,19 @@
 {{- if gt (.Values.defaultBackend.replicaCount | int) 1 }}
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    app.kubernetes.io/component: default-backend
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
 spec:
  selector:
    matchLabels:
      app: {{ template "nginx-ingress.name" . }}
      release: {{ template "nginx-ingress.releaseLabel" . }}
      app.kubernetes.io/component: default-backend
  minAvailable: {{ .Values.defaultBackend.minAvailable }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-psp.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-psp.yaml
@ -0,0 +1,35 @@
 {{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
 apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
 kind: PodSecurityPolicy
 metadata:
  name: {{ template "nginx-ingress.fullname" . }}-backend
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
 spec:
  allowPrivilegeEscalation: false
  fsGroup:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  requiredDropCapabilities:
  - ALL
  runAsUser:
    rule: MustRunAsNonRoot
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  volumes:
  - configMap
  - emptyDir
  - projected
  - secret
  - downwardAPI
 {{- end -}}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-role.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-role.yaml
@ -0,0 +1,16 @@
 {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}-backend
 rules:
  - apiGroups:      ['{{ template "podSecurityPolicy.apiGroup" . }}']
    resources:      ['podsecuritypolicies']
    verbs:          ['use']
    resourceNames:  [{{ template "nginx-ingress.fullname" . }}-backend]
 {{- end -}}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-rolebinding.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-rolebinding.yaml
@ -0,0 +1,19 @@
 {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}-backend
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ template "nginx-ingress.fullname" . }}-backend
 subjects:
  - kind: ServiceAccount
    name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
    namespace: {{ .Release.Namespace }}
 {{- end -}}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-service.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-service.yaml
@ -0,0 +1,45 @@
 {{- if .Values.defaultBackend.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.defaultBackend.service.annotations }}
  annotations:
  {{- range $key, $value := .Values.defaultBackend.service.annotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
 {{- end }}
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.defaultBackend.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
 spec:
 {{- if not .Values.defaultBackend.service.omitClusterIP }}
  {{- with .Values.defaultBackend.service.clusterIP }}
  clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
  {{- end }}
 {{- end }}
 {{- if .Values.defaultBackend.service.externalIPs }}
  externalIPs:
 {{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }}
 {{- end }}
 {{- if .Values.defaultBackend.service.loadBalancerIP }}
  loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}"
 {{- end }}
 {{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges:
 {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
  ports:
    - name: http
      port: {{ .Values.defaultBackend.service.servicePort }}
      protocol: TCP
      targetPort: http
  selector:
    app: {{ template "nginx-ingress.name" . }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
    app.kubernetes.io/component: default-backend
  type: "{{ .Values.defaultBackend.service.type }}"
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-serviceaccount.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/default-backend-serviceaccount.yaml
@ -0,0 +1,11 @@
 {{- if and .Values.defaultBackend.enabled  .Values.defaultBackend.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/proxyheaders-configmap.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/proxyheaders-configmap.yaml
@ -0,0 +1,18 @@
 {{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
 data:
 {{- if .Values.controller.proxySetHeaders }}
 {{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
 {{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
 {{ toYaml .Values.controller.headers | indent 2 }}
 {{- end }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/tcp-configmap.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/tcp-configmap.yaml
@ -0,0 +1,14 @@
 {{- if .Values.tcp }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}-tcp
 data:
 {{ tpl (toYaml .Values.tcp) . | indent 2 }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/udp-configmap.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/templates/udp-configmap.yaml
@ -0,0 +1,14 @@
 {{- if .Values.udp }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    app: {{ template "nginx-ingress.name" . }}
    chart: {{ template "nginx-ingress.chart" . }}
    component: "{{ .Values.controller.name }}"
    heritage: {{ .Release.Service }}
    release: {{ template "nginx-ingress.releaseLabel" . }}
  name: {{ template "nginx-ingress.fullname" . }}-udp
 data:
 {{ tpl (toYaml .Values.udp) . | indent 2 }}
 {{- end }}
--- a/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/values.yaml
+++ b/charts/rke2-ingress-nginx/rke2-ingress-nginx/1.36.301/values.yaml
@ -0,0 +1,578 @@
 ## nginx configuration
 ## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md
 ##
 controller:
  name: controller
  image:
    repository: rancher/nginx-ingress-controller
    tag: "nginx-0.30.0-rancher1"
    pullPolicy: IfNotPresent
    # www-data -> uid 101
    runAsUser: 101
    allowPrivilegeEscalation: true
  # This will fix the issue of HPA not being able to read the metrics.
  # Note that if you enable it for existing deployments, it won't work as the labels are immutable.
  # We recommend setting this to true for new deployments.
  useComponentLabel: false
  # Configures the ports the nginx-controller listens on
  containerPort:
    http: 80
    https: 443
  # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
  config: {}
  # Maxmind license key to download GeoLite2 Databases
  # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases
  maxmindLicenseKey: ""
  # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
  proxySetHeaders: {}
  # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
  addHeaders: {}
  # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
  # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
  # is merged
  hostNetwork: true
  # Optionally customize the pod dnsConfig.
  dnsConfig: {}
  # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
  # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
  # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
  dnsPolicy: ClusterFirstWithHostNet
  # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
  # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
  reportNodeInternalIp: false
  ## Use host ports 80 and 443
  daemonset:
    useHostPort: false
    hostPorts:
      http: 80
      https: 443
  ## Required only if defaultBackend.enabled = false
  ## Must be <namespace>/<service_name>
  ##
  defaultBackendService: ""
  ## Election ID to use for status update
  ##
  electionID: ingress-controller-leader
  ## Name of the ingress class to route through this controller
  ##
  ingressClass: nginx
  # labels to add to the deployment metadata
  deploymentLabels: {}
  # labels to add to the pod container metadata
  podLabels: {}
  #  key: value
  ## Security Context policies for controller pods
  ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
  ## notes on enabling and using sysctls
  ##
  podSecurityContext: {}
  ## Allows customization of the external service
  ## the ingress will be bound to via DNS
  publishService:
    enabled: false
    ## Allows overriding of the publish service to bind to
    ## Must be <namespace>/<service_name>
    ##
    pathOverride: ""
  ## Limit the scope of the controller
  ##
  scope:
    enabled: false
    namespace: ""   # defaults to .Release.Namespace
  ## Allows customization of the configmap / nginx-configmap namespace
  ##
  configMapNamespace: ""   # defaults to .Release.Namespace
  ## Allows customization of the tcp-services-configmap namespace
  ##
  tcp:
    configMapNamespace: ""   # defaults to .Release.Namespace
  ## Allows customization of the udp-services-configmap namespace
  ##
  udp:
    configMapNamespace: ""   # defaults to .Release.Namespace
  ## Additional command line arguments to pass to nginx-ingress-controller
  ## E.g. to specify the default SSL certificate you can use
  ## extraArgs:
  ##   default-ssl-certificate: "<namespace>/<secret_name>"
  extraArgs: {}
  ## Additional environment variables to set
  extraEnvs: []
  # extraEnvs:
  #   - name: FOO
  #     valueFrom:
  #       secretKeyRef:
  #         key: FOO
  #         name: secret-resource
  ## DaemonSet or Deployment
  ##
  kind: Deployment
  ## Annotations to be added to the controller deployment
  ##
  deploymentAnnotations: {}
  # The update strategy to apply to the Deployment or DaemonSet
  ##
  updateStrategy: {}
  #  rollingUpdate:
  #    maxUnavailable: 1
  #  type: RollingUpdate
  # minReadySeconds to avoid killing pods before we are ready
  ##
  minReadySeconds: 0
  ## Node tolerations for server scheduling to nodes with taints
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
  ##
  tolerations: []
  #  - key: "key"
  #    operator: "Equal|Exists"
  #    value: "value"
  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
  ## Affinity and anti-affinity
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
    # # An example of preferred pod anti-affinity, weight is in the range 1-100
    # podAntiAffinity:
    #   preferredDuringSchedulingIgnoredDuringExecution:
    #   - weight: 100
    #     podAffinityTerm:
    #       labelSelector:
    #         matchExpressions:
    #         - key: app
    #           operator: In
    #           values:
    #           - nginx-ingress
    #       topologyKey: kubernetes.io/hostname
    # # An example of required pod anti-affinity
    # podAntiAffinity:
    #   requiredDuringSchedulingIgnoredDuringExecution:
    #   - labelSelector:
    #       matchExpressions:
    #       - key: app
    #         operator: In
    #         values:
    #         - nginx-ingress
    #     topologyKey: "kubernetes.io/hostname"
  ## terminationGracePeriodSeconds
  ##
  terminationGracePeriodSeconds: 60
  ## Node labels for controller pod assignment
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Liveness and readiness probe values
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
  ##
  livenessProbe:
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
    port: 10254
  readinessProbe:
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
    port: 10254
  ## Annotations to be added to controller pods
  ##
  podAnnotations: {}
  replicaCount: 1
  minAvailable: 1
  resources: {}
  #  limits:
  #    cpu: 100m
  #    memory: 64Mi
  #  requests:
  #    cpu: 100m
  #    memory: 64Mi
  autoscaling:
    enabled: false
    minReplicas: 2
    maxReplicas: 11
    targetCPUUtilizationPercentage: 50
    targetMemoryUtilizationPercentage: 50
  ## Override NGINX template
  customTemplate:
    configMapName: ""
    configMapKey: ""
  service:
    enabled: false
    annotations: {}
    labels: {}
    ## Deprecated, instead simply do not provide a clusterIP value
    omitClusterIP: false
    # clusterIP: ""
    ## List of IP addresses at which the controller services are available
    ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
    ##
    externalIPs: []
    loadBalancerIP: ""
    loadBalancerSourceRanges: []
    enableHttp: true
    enableHttps: true
    ## Set external traffic policy to: "Local" to preserve source IP on
    ## providers supporting it
    ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
    externalTrafficPolicy: ""
    # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
    # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
    sessionAffinity: ""
    healthCheckNodePort: 0
    ports:
      http: 80
      https: 443
    targetPorts:
      http: http
      https: https
    type: LoadBalancer
    # type: NodePort
    # nodePorts:
    #   http: 32080
    #   https: 32443
    #   tcp:
    #     8080: 32808
    nodePorts:
      http: ""
      https: ""
      tcp: {}
      udp: {}
  extraContainers: []
  ## Additional containers to be added to the controller pod.
  ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
  #  - name: my-sidecar
  #    image: nginx:latest
  #  - name: lemonldap-ng-controller
  #    image: lemonldapng/lemonldap-ng-controller:0.2.0
  #    args:
  #      - /lemonldap-ng-controller
  #      - --alsologtostderr
  #      - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
  #    env:
  #      - name: POD_NAME
  #        valueFrom:
  #          fieldRef:
  #            fieldPath: metadata.name
  #      - name: POD_NAMESPACE
  #        valueFrom:
  #          fieldRef:
  #            fieldPath: metadata.namespace
  #    volumeMounts:
  #    - name: copy-portal-skins
  #      mountPath: /srv/var/lib/lemonldap-ng/portal/skins
  extraVolumeMounts: []
  ## Additional volumeMounts to the controller main container.
  #  - name: copy-portal-skins
  #   mountPath: /var/lib/lemonldap-ng/portal/skins
  extraVolumes: []
  ## Additional volumes to the controller pod.
  #  - name: copy-portal-skins
  #    emptyDir: {}
  extraInitContainers: []
  ## Containers, which are run before the app containers are started.
  # - name: init-myservice
  #   image: busybox
  #   command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
  admissionWebhooks:
    enabled: false
    failurePolicy: Fail
    port: 8443
    service:
      annotations: {}
      ## Deprecated, instead simply do not provide a clusterIP value
      omitClusterIP: false
      # clusterIP: ""
      externalIPs: []
      loadBalancerIP: ""
      loadBalancerSourceRanges: []
      servicePort: 443
      type: ClusterIP
    patch:
      enabled: true
      image:
        repository: jettech/kube-webhook-certgen
        tag: v1.0.0
        pullPolicy: IfNotPresent
      ## Provide a priority class name to the webhook patching job
      ##
      priorityClassName: ""
      podAnnotations: {}
      nodeSelector: {}
  metrics:
    port: 10254
    # if this port is changed, change healthz-port: in extraArgs: accordingly
    enabled: false
    service:
      annotations: {}
      # prometheus.io/scrape: "true"
      # prometheus.io/port: "10254"
      ## Deprecated, instead simply do not provide a clusterIP value
      omitClusterIP: false
      # clusterIP: ""
      ## List of IP addresses at which the stats-exporter service is available
      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
      ##
      externalIPs: []
      loadBalancerIP: ""
      loadBalancerSourceRanges: []
      servicePort: 9913
      type: ClusterIP
    serviceMonitor:
      enabled: false
      additionalLabels: {}
      namespace: ""
      namespaceSelector: {}
      # Default: scrape .Release.Namespace only
      # To scrape all, use the following:
      # namespaceSelector:
      #   any: true
      scrapeInterval: 30s
      # honorLabels: true
    prometheusRule:
      enabled: false
      additionalLabels: {}
      namespace: ""
      rules: []
        # # These are just examples rules, please adapt them to your needs
        # - alert: TooMany500s
        #   expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
        #   for: 1m
        #   labels:
        #     severity: critical
        #   annotations:
        #     description: Too many 5XXs
        #     summary: More than 5% of the all requests did return 5XX, this require your attention
        # - alert: TooMany400s
        #   expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
        #   for: 1m
        #   labels:
        #     severity: critical
        #   annotations:
        #     description: Too many 4XXs
        #     summary: More than 5% of the all requests did return 4XX, this require your attention
  lifecycle: {}
  priorityClassName: ""
 ## Rollback limit
 ##
 revisionHistoryLimit: 10
 ## Default 404 backend
 ##
 defaultBackend:
  ## If false, controller.defaultBackendService must be provided
  ##
  enabled: true
  name: default-backend
  image:
    repository: rancher/nginx-ingress-controller-defaultbackend
    tag: "1.5-rancher1"
    pullPolicy: IfNotPresent
    # nobody user -> uid 65534
    runAsUser: 65534
  # This will fix the issue of HPA not being able to read the metrics.
  # Note that if you enable it for existing deployments, it won't work as the labels are immutable.
  # We recommend setting this to true for new deployments.
  useComponentLabel: false
  extraArgs: {}
  serviceAccount:
    create: true
    name:
  ## Additional environment variables to set for defaultBackend pods
  extraEnvs: []
  port: 8080
  ## Readiness and liveness probes for default backend
  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
  ##
  livenessProbe:
    failureThreshold: 3
    initialDelaySeconds: 30
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
  readinessProbe:
    failureThreshold: 6
    initialDelaySeconds: 0
    periodSeconds: 5
    successThreshold: 1
    timeoutSeconds: 5
  ## Node tolerations for server scheduling to nodes with taints
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
  ##
  tolerations: []
  #  - key: "key"
  #    operator: "Equal|Exists"
  #    value: "value"
  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
  affinity: {}
  ## Security Context policies for controller pods
  ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
  ## notes on enabling and using sysctls
  ##
  podSecurityContext: {}
  # labels to add to the deployment metadata
  deploymentLabels: {}
  # labels to add to the pod container metadata
  podLabels: {}
  #  key: value
  ## Node labels for default backend pod assignment
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Annotations to be added to default backend pods
  ##
  podAnnotations: {}
  replicaCount: 1
  minAvailable: 1
  resources: {}
  # limits:
  #   cpu: 10m
  #   memory: 20Mi
  # requests:
  #   cpu: 10m
  #   memory: 20Mi
  service:
    annotations: {}
    ## Deprecated, instead simply do not provide a clusterIP value
    omitClusterIP: false
    # clusterIP: ""
    ## List of IP addresses at which the default backend service is available
    ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
    ##
    externalIPs: []
    loadBalancerIP: ""
    loadBalancerSourceRanges: []
    servicePort: 80
    type: ClusterIP
  priorityClassName: ""
 # If provided, the value will be used as the `release` label instead of .Release.Name
 releaseLabelOverride: ""
 ## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266
 rbac:
  create: true
  scope: false
 # If true, create & use Pod Security Policy resources
 # https://kubernetes.io/docs/concepts/policy/pod-security-policy/
 podSecurityPolicy:
  enabled: false
 serviceAccount:
  create: true
  name:
 ## Optional array of imagePullSecrets containing private registry credentials
 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets: []
 # - name: secretName
 # TCP service key:value pairs
 # Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
 ##
 tcp: {}
 #  8080: "default/example-tcp-svc:9000"
 # UDP service key:value pairs
 # Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
 ##
 udp: {}
 #  53: "kube-system/kube-dns:53"
 global:
  systemDefaultRegistry: ""
--- a/index.yaml
+++ b/index.yaml
@ -210,6 +210,28 @@ entries:
    urls:
    - assets/rke2-ingress-nginx/rke2-ingress-nginx-3.3.000.tgz
    version: 3.3.000
  - apiVersion: v1
    appVersion: 0.30.0
    created: "2021-04-05T22:48:54.777720244Z"
    description: An nginx Ingress controller that uses ConfigMap to store the nginx
      configuration.
    digest: 9fb2f542e0e30850088db477fa6f9004f2252b1e0ae9b25623e5c53e1b605bb9
    home: https://github.com/kubernetes/ingress-nginx
    icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
    keywords:
    - ingress
    - nginx
    kubeVersion: '>=1.10.0-0'
    maintainers:
    - name: ChiefAlexander
    - email: Trevor.G.Wood@gmail.com
      name: taharah
    name: rke2-ingress-nginx
    sources:
    - https://github.com/kubernetes/ingress-nginx
    urls:
    - assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.301.tgz
    version: 1.36.301
  - apiVersion: v1
    appVersion: 0.30.0
    created: "2021-02-25T17:59:12.93704-08:00"