--- charts-original/values.yaml
+++ charts/values.yaml
@@ -6,8 +6,21 @@
 imagePullSecrets: {}
 
 installation:
+  controlPlaneTolerations:
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
+  - key: "node-role.kubernetes.io/etcd"
+    operator: "Exists"
+    effect: "NoExecute"
   enabled: true
+  kubeletVolumePluginPath: "None"
   kubernetesProvider: ""
+  calicoNetwork:
+    bgp: Disabled
+  imagePath: "rancher"
+  imagePrefix: "mirrored-calico-"
+  flexVolumePath: "/var/lib/kubelet/volumeplugins/"
   # imagePullSecrets are configured on all images deployed by the tigera-operator.
   # secrets specified here must exist in the tigera-operator namespace; they won't be created by the operator or helm.
   # imagePullSecrets are a slice of LocalObjectReferences, which is the same format they appear as on deployments.
@@ -16,7 +29,7 @@
   imagePullSecrets: []
 
 apiServer:
-  enabled: true
+  enabled: false
 
 certs:
   node:
@@ -51,11 +64,30 @@
 
 # Image and registry configuration for the tigera/operator pod.
 tigeraOperator:
-  image: tigera/operator
+  image: rancher/mirrored-calico-operator
   version: v1.32.3
-  registry: quay.io
+  registry: docker.io
 calicoctl:
-  image: docker.io/calico/ctl
+  image: rancher/mirrored-calico-ctl
   tag: v3.27.0
 
-kubeletVolumePluginPath: /var/lib/kubelet
+kubeletVolumePluginPath: "None"
+
+global:
+  systemDefaultRegistry: ""
+  clusterCIDRv4: ""
+  clusterCIDRv6: ""
+
+# Config required by Windows nodes
+ipamConfig:
+  strictAffinity: true
+  autoAllocateBlocks: true
+
+felixConfiguration:
+  wireguardEnabled: false
+  # Config required to fix RKE2 issue #1541
+  featureDetectOverride: "ChecksumOffloadBroken=true"
+  healthPort: 9099
+  defaultEndpointToHostAction: "Drop"
+  logSeveritySys: "Info"
+  xdpEnabled: true