Add ingress-nginx chart

Add ingress-nginx, an ingress controller for other deploys to take advantage of.
2021-08-28 12:26:12 -04:00
parent e79441688b
commit 1027a45a0c
84 changed files with 3559 additions and 3 deletions
--- a/README.md
+++ b/README.md
@@ -5,6 +5,21 @@ A collection of helm charts for ducoterra.net
 ## Adding a chart
 1. Create a folder with the name of your desired chart in `charts`
-2. Copy the chart contents in with `rsync -r ../app/chart/ charts/app/<version>`
+2. Copy the chart contents in with `rsync -r ../$APP/chart/ charts/$APP/$VERSION`
-3. Copy the README into the charts folder with `cp ../app/README.md charts/app/<version>`
+3. Create a `questions.yaml` in `charts/$APP/$VERSION`
-4. Create a "default_values.yaml" with `cp charts/app/<version>/values.yaml charts/app/<version>/default_values.yaml`
+4. Copy the README into the charts folder with `cp ../app/README.md charts/$APP/$VERSION`
 5. Create an "ix_values.yaml" with `cp charts/$APP/$VERSION/values.yaml charts/$APP/$VERSION/ix_values.yaml`
 ```bash
 APP=app_name
 APP_PATH=/path/to/app/repo
 CHART_PATH=/path/to/chart
 VERSION=0.1.0
 mkdir -p charts/$APP
 rsync -r $CHART_PATH/ charts/$APP/$VERSION
 touch charts/$APP/$VERSION/questions.yaml
 touch charts/$APP/item.yaml
 cp $APP_PATH/README.md charts/$APP/$VERSION
 cp charts/$APP/$VERSION/values.yaml charts/$APP/$VERSION/ix_values.yaml
 ```
--- a/charts/ingress-nginx/3.34.0/.helmignore
+++ b/charts/ingress-nginx/3.34.0/.helmignore
@@ -0,0 +1,22 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/charts/ingress-nginx/3.34.0/CHANGELOG.md
+++ b/charts/ingress-nginx/3.34.0/CHANGELOG.md
@@ -0,0 +1,250 @@
 # Changelog
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 ### 3.34.0
 - [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates
 ### 3.33.0
 - [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1
 ### 3.32.0
 - [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA
 ### 3.31.0
 - [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes
 ### 3.30.0
 - [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints
 ### 3.29.0
 - [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
 ### 3.28.0
 - [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs
 ### 3.27.0
 - Update ingress-nginx v0.45.0
 ### 3.26.0
 - [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics
 ### 3.25.0
 - [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken
 ### 3.24.0
 - [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment
 ### 3.23.0
 - Update ingress-nginx v0.44.0
 ### 3.22.0
 - [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file
 - [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart
 ### 3.21.0
 - [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject
 - [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values
 - [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled
 - [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1
 ### 3.20.1
 - Do not create KEDA in case of DaemonSets.
 - Fix KEDA v2 definition
 ### 3.20.0
 - [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled.
 ### 3.19.0
 - Update ingress-nginx v0.43.0
 ### 3.18.0
 - [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy
 - [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters
 ### 3.17.0
 - Update ingress-nginx v0.42.0
 ### 3.16.1
 - Fix chart-releaser action
 ### 3.16.0
 - [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service
 ### 3.15.1
 - Fix chart-releaser action
 ### 3.15.0
 - [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml
 ### 3.14.0
 - [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend
 ### 3.13.0
 - [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable
 ### 3.12.0
 - [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs
 ### 3.11.1
 - [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling
 ### 3.11.0
 - Support Keda Autoscaling
 ### 3.10.1
 - Fix regression introduced in 0.41.0 with external authentication
 ### 3.10.0
 - Fix routing regression introduced in 0.41.0 with PathType Exact
 ### 3.9.0
 - [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling
 ### 3.8.0
 - [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image
 - [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs
 - [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend
 - [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations
 - [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog
 ### 3.7.1
 - [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart
 ### 3.7.0
 - [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315)
 ### 3.6.0
 - [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector
 ### 3.5.1
 - [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release
 ### 3.5.0
 - [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations
 ### 3.4.0
 - [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288
 ### 3.3.1
 - [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart
 - [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link
 - [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0
 ### 3.3.1
 - [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test
 ### 3.3.0
 - [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values
 - [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort
 - [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression
 - [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules
 ### 3.0.0
 - [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements
 ### 2.16.0
 - [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
 ### 2.15.0
 - [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
 ### 2.14.0
 - [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
 ### 2.13.0
 - [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
 ### 2.13.0
 - [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
 - [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
 ### 2.12.1
 - [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
 ### 2.12.0
 - [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
 - [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
 ### 2.11.3
 - [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
 ### 2.11.2
 - [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
 ### 2.11.1
 - [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
 ### 2.11.0
 - [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
 - [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
 ### 2.10.0
 - [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
 ### 2.9.1
 - [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823)
 ### 2.9.0
 - [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
 ### TODO
 Keep building the changelog using *git log charts* checking the tag
--- a/charts/ingress-nginx/3.34.0/Chart.yaml
+++ b/charts/ingress-nginx/3.34.0/Chart.yaml
@@ -0,0 +1,19 @@
 annotations:
  artifacthub.io/changes: |
    - Add namespace field in the namespace scoped resource templates
 apiVersion: v2
 appVersion: 0.47.0
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
 home: https://github.com/kubernetes/ingress-nginx
 icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
 keywords:
 - ingress
 - nginx
 kubeVersion: '>=1.16.0-0'
 maintainers:
 - name: ChiefAlexander
 name: ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
 type: application
 version: 3.34.0
--- a/charts/ingress-nginx/3.34.0/OWNERS
+++ b/charts/ingress-nginx/3.34.0/OWNERS
@@ -0,0 +1,5 @@
 approvers:
  - ChiefAlexander
 reviewers:
  - ChiefAlexander
--- a/charts/ingress-nginx/3.34.0/README.md
+++ b/charts/ingress-nginx/3.34.0/README.md
@@ -0,0 +1,49 @@
 # Nginx ingress
 1. Install nginx
    ```bash
    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
    helm repo update
    helm install ingress-nginx ingress-nginx/ingress-nginx
    ```
 2. Install cert-manager
    ```bash
    kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml
    ```
 3. Apply nginx
    ```bash
    kubectl apply -f letsencrypt-issuer.yaml
    ```
 ## Ingress Examples
 ```yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
  name: {{ .Release.Name }}
 spec:
  rules:
  - host: {{ .Release.Name }}.ducoterra.net
    http:
      paths:
      - backend:
          service:
            name: {{ .Release.Name }}
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - {{ .Release.Name }}.ducoterra.net
    secretName: {{.Release.Name}}-tls-cert
 ```
--- a/charts/ingress-nginx/3.34.0/app-readme.md
+++ b/charts/ingress-nginx/3.34.0/app-readme.md
@@ -0,0 +1,3 @@
 # Ingress Nginx
 nginx ingress for kubernetes
--- a/charts/ingress-nginx/3.34.0/ci/daemonset-customconfig-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/daemonset-customconfig-values.yaml
@@ -0,0 +1,9 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
  config:
    use-proxy-protocol: "true"
--- a/charts/ingress-nginx/3.34.0/ci/daemonset-customnodeport-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/daemonset-customnodeport-values.yaml
@@ -0,0 +1,18 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  service:
    type: NodePort
    nodePorts:
      tcp:
        9000: 30090
      udp:
        9001: 30091
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/ingress-nginx/3.34.0/ci/daemonset-headers-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/daemonset-headers-values.yaml
@@ -0,0 +1,10 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  addHeaders:
    X-Frame-Options: deny
  proxySetHeaders:
    X-Forwarded-Proto: https
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ci/daemonset-internal-lb-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/daemonset-internal-lb-values.yaml
@@ -0,0 +1,10 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
    internal:
      enabled: true
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
--- a/charts/ingress-nginx/3.34.0/ci/daemonset-nodeport-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/daemonset-nodeport-values.yaml
@@ -0,0 +1,6 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  service:
    type: NodePort
--- a/charts/ingress-nginx/3.34.0/ci/daemonset-podannotations-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/daemonset-podannotations-values.yaml
@@ -0,0 +1,13 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  metrics:
    enabled: true
  service:
    type: ClusterIP
  podAnnotations:
    prometheus.io/path: /metrics
    prometheus.io/port: "10254"
    prometheus.io/scheme: http
    prometheus.io/scrape: "true"
--- a/charts/ingress-nginx/3.34.0/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,16 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
  tcp:
    configMapNamespace: default
  udp:
    configMapNamespace: default
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/ingress-nginx/3.34.0/ci/daemonset-tcp-udp-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/daemonset-tcp-udp-values.yaml
@@ -0,0 +1,12 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/ingress-nginx/3.34.0/ci/daemonset-tcp-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/daemonset-tcp-values.yaml
@@ -0,0 +1,10 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
 tcp:
  9000: "default/test:8080"
  9001: "default/test:8080"
--- a/charts/ingress-nginx/3.34.0/ci/deamonset-default-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deamonset-default-values.yaml
@@ -0,0 +1,6 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ci/deamonset-metrics-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deamonset-metrics-values.yaml
@@ -0,0 +1,8 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  metrics:
    enabled: true
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ci/deamonset-psp-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deamonset-psp-values.yaml
@@ -0,0 +1,9 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
 podSecurityPolicy:
  enabled: true
--- a/charts/ingress-nginx/3.34.0/ci/deamonset-webhook-and-psp-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deamonset-webhook-and-psp-values.yaml
@@ -0,0 +1,9 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: true
  service:
    type: ClusterIP
 podSecurityPolicy:
  enabled: true
--- a/charts/ingress-nginx/3.34.0/ci/deamonset-webhook-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deamonset-webhook-values.yaml
@@ -0,0 +1,6 @@
 controller:
  kind: DaemonSet
  admissionWebhooks:
    enabled: true
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ci/deployment-autoscaling-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-autoscaling-values.yaml
@@ -0,0 +1,7 @@
 controller:
  autoscaling:
    enabled: true
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ci/deployment-customconfig-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-customconfig-values.yaml
@@ -0,0 +1,7 @@
 controller:
  config:
    use-proxy-protocol: "true"
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ci/deployment-customnodeport-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-customnodeport-values.yaml
@@ -0,0 +1,16 @@
 controller:
  admissionWebhooks:
    enabled: false
  service:
    type: NodePort
    nodePorts:
      tcp:
        9000: 30090
      udp:
        9001: 30091
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/ingress-nginx/3.34.0/ci/deployment-default-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-default-values.yaml
@@ -0,0 +1,4 @@
 # Left blank to test default values
 controller:
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ci/deployment-headers-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-headers-values.yaml
@@ -0,0 +1,9 @@
 controller:
  admissionWebhooks:
    enabled: false
  addHeaders:
    X-Frame-Options: deny
  proxySetHeaders:
    X-Forwarded-Proto: https
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ci/deployment-internal-lb-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-internal-lb-values.yaml
@@ -0,0 +1,9 @@
 controller:
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
    internal:
      enabled: true
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
--- a/charts/ingress-nginx/3.34.0/ci/deployment-metrics-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-metrics-values.yaml
@@ -0,0 +1,7 @@
 controller:
  admissionWebhooks:
    enabled: false
  metrics:
    enabled: true
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ci/deployment-nodeport-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-nodeport-values.yaml
@@ -0,0 +1,5 @@
 controller:
  admissionWebhooks:
    enabled: false
  service:
    type: NodePort
--- a/charts/ingress-nginx/3.34.0/ci/deployment-podannotations-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-podannotations-values.yaml
@@ -0,0 +1,12 @@
 controller:
  admissionWebhooks:
    enabled: false
  metrics:
    enabled: true
  service:
    type: ClusterIP
  podAnnotations:
    prometheus.io/path: /metrics
    prometheus.io/port: "10254"
    prometheus.io/scheme: http
    prometheus.io/scrape: "true"
--- a/charts/ingress-nginx/3.34.0/ci/deployment-psp-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-psp-values.yaml
@@ -0,0 +1,6 @@
 controller:
  service:
    type: ClusterIP
 podSecurityPolicy:
  enabled: true
--- a/charts/ingress-nginx/3.34.0/ci/deployment-tcp-udp-configMapNamespace-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,15 @@
 controller:
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
  tcp:
    configMapNamespace: default
  udp:
    configMapNamespace: default
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/ingress-nginx/3.34.0/ci/deployment-tcp-udp-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-tcp-udp-values.yaml
@@ -0,0 +1,11 @@
 controller:
  admissionWebhooks:
    enabled: false
  service:
    type: ClusterIP
 tcp:
  9000: "default/test:8080"
 udp:
  9001: "default/test:8080"
--- a/charts/ingress-nginx/3.34.0/ci/deployment-tcp-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-tcp-values.yaml
@@ -0,0 +1,7 @@
 controller:
  service:
    type: ClusterIP
 tcp:
  9000: "default/test:8080"
  9001: "default/test:8080"
--- a/charts/ingress-nginx/3.34.0/ci/deployment-webhook-and-psp-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-webhook-and-psp-values.yaml
@@ -0,0 +1,8 @@
 controller:
  admissionWebhooks:
    enabled: true
  service:
    type: ClusterIP
 podSecurityPolicy:
  enabled: true
--- a/charts/ingress-nginx/3.34.0/ci/deployment-webhook-values.yaml
+++ b/charts/ingress-nginx/3.34.0/ci/deployment-webhook-values.yaml
@@ -0,0 +1,5 @@
 controller:
  admissionWebhooks:
    enabled: true
  service:
    type: ClusterIP
--- a/charts/ingress-nginx/3.34.0/ix_values.yaml
+++ b/charts/ingress-nginx/3.34.0/ix_values.yaml
@@ -0,0 +1,11 @@
 image:
  repository: k8s.gcr.io
  image: ingress-nginx/controller
  tag: "v0.47.0"
 controller:
  service:
    type: NodePort
    nodePorts:
      http: 9080
      https: 9443
--- a/charts/ingress-nginx/3.34.0/questions.yaml
+++ b/charts/ingress-nginx/3.34.0/questions.yaml
@@ -0,0 +1,12 @@
 groups:
  - name: "Let's Encrypt Config"
    description: "Let's Encrypt configuration details for cert-manager"
  - name: "Nginx Config"
    description: "Nginx configuration details"
 questions:
  - variable: email
    description: "Let's Encrypt Email"
    group: "Let's Encrypt Config"
    label: "Let's Encrypt Email"
    schema:
      type: string
--- a/charts/ingress-nginx/3.34.0/templates/NOTES.txt
+++ b/charts/ingress-nginx/3.34.0/templates/NOTES.txt
@@ -0,0 +1,71 @@
 The ingress-nginx controller has been installed.
 {{- if contains "NodePort" .Values.controller.service.type }}
 Get the application URL by running these commands:
 {{- if (not (empty .Values.controller.service.nodePorts.http)) }}
  export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
 {{- else }}
  export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }})
 {{- end }}
 {{- if (not (empty .Values.controller.service.nodePorts.https)) }}
  export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
 {{- else }}
  export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }})
 {{- end }}
  export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
  echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
  echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
 {{- else if contains "LoadBalancer" .Values.controller.service.type }}
 It may take a few minutes for the LoadBalancer IP to be available.
 You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}'
 {{- else if contains "ClusterIP"  .Values.controller.service.type }}
 Get the application URL by running these commands:
  export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}")
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
  echo "Visit http://127.0.0.1:8080 to access your application."
 {{- end }}
 An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }}
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                serviceName: exampleService
                servicePort: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - www.example.com
          secretName: example-tls
 If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls
 {{- if .Values.controller.headers }}
 #################################################################################
 ######   WARNING: `controller.headers` has been deprecated!                 #####
 ######            It has been renamed to `controller.proxySetHeaders`.      #####
 #################################################################################
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/_helpers.tpl
+++ b/charts/ingress-nginx/3.34.0/templates/_helpers.tpl
@@ -0,0 +1,134 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "ingress-nginx.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "ingress-nginx.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "ingress-nginx.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create a default fully qualified controller name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "ingress-nginx.controller.fullname" -}}
 {{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Construct the path for the publish-service.
 By convention this will simply use the <namespace>/<controller-name> to match the name of the
 service generated.
 Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
 */}}
 {{- define "ingress-nginx.controller.publishServicePath" -}}
 {{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}}
 {{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
 {{- print $servicePath | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified default backend name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "ingress-nginx.defaultBackend.fullname" -}}
 {{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "ingress-nginx.labels" -}}
 helm.sh/chart: {{ include "ingress-nginx.chart" . }}
 {{ include "ingress-nginx.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Selector labels
 */}}
 {{- define "ingress-nginx.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "ingress-nginx.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Create the name of the controller service account to use
 */}}
 {{- define "ingress-nginx.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create -}}
    {{ default (include "ingress-nginx.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
 */}}
 {{- define "ingress-nginx.defaultBackend.serviceAccountName" -}}
 {{- if .Values.defaultBackend.serviceAccount.create -}}
    {{ default (printf "%s-backend" (include "ingress-nginx.fullname" .)) .Values.defaultBackend.serviceAccount.name }}
 {{- else -}}
    {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Return the appropriate apiGroup for PodSecurityPolicy.
 */}}
 {{- define "podSecurityPolicy.apiGroup" -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 {{- print "policy" -}}
 {{- else -}}
 {{- print "extensions" -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Check the ingress controller version tag is at most three versions behind the last release
 */}}
 {{- define "isControllerTagValid" -}}
 {{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}}
 {{- fail "Controller container image tag should be 0.27.0 or higher" -}}
 {{- end -}}
 {{- end -}}
 {{/*
 IngressClass parameters.
 */}}
 {{- define "ingressClass.parameters" -}}
  {{- if .Values.controller.ingressClassResource.parameters -}}
          parameters:
 {{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}}
  {{ end }}
 {{- end -}}
--- a/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/clusterrole.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/clusterrole.yaml
@@ -0,0 +1,31 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
 rules:
  - apiGroups:
      - admissionregistration.k8s.io
    resources:
      - validatingwebhookconfigurations
    verbs:
      - get
      - update
 {{- if .Values.podSecurityPolicy.enabled }}
  - apiGroups: ['extensions']
    resources: ['podsecuritypolicies']
    verbs:     ['use']
    resourceNames:
    {{- with .Values.controller.admissionWebhooks.existingPsp }}
    - {{ . }}
    {{- else }}
    - {{ include "ingress-nginx.fullname" . }}-admission
    {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@@ -0,0 +1,20 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name:  {{ include "ingress-nginx.fullname" . }}-admission
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "ingress-nginx.fullname" . }}-admission
 subjects:
  - kind: ServiceAccount
    name: {{ include "ingress-nginx.fullname" . }}-admission
    namespace: {{ .Release.Namespace | quote }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/job-createSecret.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -0,0 +1,61 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission-create
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
 spec:
 {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
  # Alpha feature since k8s 1.12
  ttlSecondsAfterFinished: 0
 {{- end }}
  template:
    metadata:
      name: {{ include "ingress-nginx.fullname" . }}-admission-create
    {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
      annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
    {{- end }}
      labels:
        {{- include "ingress-nginx.labels" . | nindent 8 }}
        app.kubernetes.io/component: admission-webhook
    spec:
    {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
      priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
    {{- end }}
    {{- if .Values.imagePullSecrets }}
      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
    {{- end }}
      containers:
        - name: create
          {{- with .Values.controller.admissionWebhooks.patch.image }}
          image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
          {{- end }}
          imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
          args:
            - create
            - --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc
            - --namespace=$(POD_NAMESPACE)
            - --secret-name={{ include "ingress-nginx.fullname" . }}-admission
          env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
      restartPolicy: OnFailure
      serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
    {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
      nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.admissionWebhooks.patch.tolerations }}
      tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
    {{- end }}
      securityContext:
        runAsNonRoot: true
        runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -0,0 +1,63 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission-patch
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
 spec:
 {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
  # Alpha feature since k8s 1.12
  ttlSecondsAfterFinished: 0
 {{- end }}
  template:
    metadata:
      name: {{ include "ingress-nginx.fullname" . }}-admission-patch
    {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
      annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
    {{- end }}
      labels:
        {{- include "ingress-nginx.labels" . | nindent 8 }}
        app.kubernetes.io/component: admission-webhook
    spec:
    {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
      priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
    {{- end }}
    {{- if .Values.imagePullSecrets }}
      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
    {{- end }}
      containers:
        - name: patch
          {{- with .Values.controller.admissionWebhooks.patch.image }}
          image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
          {{- end }}
          imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
          args:
            - patch
            - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission
            - --namespace=$(POD_NAMESPACE)
            - --patch-mutating=false
            - --secret-name={{ include "ingress-nginx.fullname" . }}-admission
            - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
          env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
      restartPolicy: OnFailure
      serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
    {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
      nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.admissionWebhooks.patch.tolerations }}
      tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
    {{- end }}
      securityContext:
        runAsNonRoot: true
        runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/psp.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/psp.yaml
@@ -0,0 +1,36 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
 spec:
  allowPrivilegeEscalation: false
  fsGroup:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  requiredDropCapabilities:
  - ALL
  runAsUser:
    rule: MustRunAsNonRoot
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  volumes:
  - configMap
  - emptyDir
  - projected
  - secret
  - downwardAPI
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/role.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/role.yaml
@@ -0,0 +1,21 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name:  {{ include "ingress-nginx.fullname" . }}-admission
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/rolebinding.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/rolebinding.yaml
@@ -0,0 +1,21 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ include "ingress-nginx.fullname" . }}-admission
 subjects:
  - kind: ServiceAccount
    name: {{ include "ingress-nginx.fullname" . }}-admission
    namespace: {{ .Release.Namespace | quote }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/serviceaccount.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/admission-webhooks/job-patch/serviceaccount.yaml
@@ -0,0 +1,13 @@
 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-admission
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/admission-webhooks/validating-webhook.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/admission-webhooks/validating-webhook.yaml
@@ -0,0 +1,46 @@
 {{- if .Values.controller.admissionWebhooks.enabled -}}
 # before changing this value, check the required kubernetes version
 # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  {{- if .Values.controller.admissionWebhooks.annotations }}
  annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
  {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: admission-webhook
  name: {{ include "ingress-nginx.fullname" . }}-admission
 webhooks:
  - name: validate.nginx.ingress.kubernetes.io
    matchPolicy: Equivalent
    rules:
      - apiGroups:
          - networking.k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - ingresses
    failurePolicy: {{ .Values.controller.admissionWebhooks.failurePolicy | default "Fail" }}
    sideEffects: None
    admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      service:
        namespace: {{ .Release.Namespace | quote }}
        name: {{ include "ingress-nginx.controller.fullname" . }}-admission
        path: /networking/v1beta1/ingresses
    {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
    timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}
    {{- end }}
    {{- if .Values.controller.admissionWebhooks.namespaceSelector }}
    namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }}
    {{- end }}
    {{- if .Values.controller.admissionWebhooks.objectSelector }}
    objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }}
    {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/clusterrole.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/clusterrole.yaml
@@ -0,0 +1,75 @@
 {{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
  name: {{ include "ingress-nginx.fullname" . }}
 rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
    verbs:
      - list
      - watch
 {{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
  - apiGroups:
      - ""
    resources:
      - namespaces
    resourceNames:
      - "{{ .Values.controller.scope.namespace }}"
    verbs:
      - get
 {{- end }}
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/clusterrolebinding.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/clusterrolebinding.yaml
@@ -0,0 +1,16 @@
 {{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
  name: {{ include "ingress-nginx.fullname" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "ingress-nginx.fullname" . }}
 subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.serviceAccountName" . }}
    namespace: {{ .Release.Namespace | quote }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-configmap-addheaders.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-configmap-addheaders.yaml
@@ -0,0 +1,11 @@
 {{- if .Values.controller.addHeaders -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
  namespace: {{ .Release.Namespace }}
 data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-configmap-proxyheaders.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-configmap-proxyheaders.yaml
@@ -0,0 +1,16 @@
 {{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
  namespace: {{ .Release.Namespace }}
 data:
 {{- if .Values.controller.proxySetHeaders }}
 {{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
 {{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
 {{ toYaml .Values.controller.headers | indent 2 }}
 {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-configmap-tcp.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-configmap-tcp.yaml
@@ -0,0 +1,14 @@
 {{- if .Values.tcp -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
 {{- if .Values.controller.tcp.annotations }}
  annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
 {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-tcp
  namespace: {{ .Release.Namespace }}
 data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-configmap-udp.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-configmap-udp.yaml
@@ -0,0 +1,14 @@
 {{- if .Values.udp -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
 {{- if .Values.controller.udp.annotations }}
  annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
 {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}-udp
  namespace: {{ .Release.Namespace }}
 data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-configmap.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-configmap.yaml
@@ -0,0 +1,25 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
 {{- if .Values.controller.configAnnotations }}
  annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
 {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
  namespace: {{ .Release.Namespace }}
 data:
 {{- if .Values.controller.addHeaders }}
  add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
 {{- end }}
 {{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
  proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
 {{- end }}
 {{- if .Values.dhParam }}
  ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }}
 {{- end }}
 {{- range $key, $value := .Values.controller.config }}
    {{ $key | nindent 2 }}: {{ $value | quote }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-daemonset.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-daemonset.yaml
@@ -0,0 +1,244 @@
 {{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
    {{- with .Values.controller.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
  namespace: {{ .Release.Namespace }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
 spec:
  selector:
    matchLabels:
      {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: controller
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
  {{- if .Values.controller.updateStrategy }}
  updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
  {{- end }}
  minReadySeconds: {{ .Values.controller.minReadySeconds }}
  template:
    metadata:
    {{- if .Values.controller.podAnnotations }}
      annotations:
      {{- range $key, $value := .Values.controller.podAnnotations }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
    {{- end }}
      labels:
        {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: controller
      {{- if .Values.controller.podLabels }}
        {{- toYaml .Values.controller.podLabels | nindent 8 }}
      {{- end }}
    spec:
    {{- if .Values.controller.dnsConfig }}
      dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
    {{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
    {{- if .Values.imagePullSecrets }}
      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.priorityClassName }}
      priorityClassName: {{ .Values.controller.priorityClassName }}
    {{- end }}
    {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
      securityContext:
    {{- end }}
    {{- if .Values.controller.podSecurityContext  }}
        {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.sysctls }}
        sysctls:
    {{- range $sysctl, $value := .Values.controller.sysctls }}
        - name: {{ $sysctl | quote }}
          value: {{ $value | quote }}
    {{- end }}
    {{- end }}
      containers:
        - name: {{ .Values.controller.containerName }}
          {{- with .Values.controller.image }}
          image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
          {{- end }}
          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
        {{- if .Values.controller.lifecycle }}
          lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
        {{- end }}
          args:
            - /nginx-ingress-controller
          {{- if .Values.defaultBackend.enabled }}
            - --default-backend-service={{ .Release.Namespace }}/{{ include "ingress-nginx.defaultBackend.fullname" . }}
          {{- end }}
          {{- if .Values.controller.publishService.enabled }}
            - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}
          {{- end }}
            - --election-id={{ .Values.controller.electionID }}
            - --ingress-class={{ .Values.controller.ingressClass }}
            - --configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }}
          {{- if .Values.tcp }}
            - --tcp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-tcp
          {{- end }}
          {{- if .Values.udp }}
            - --udp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-udp
          {{- end }}
          {{- if .Values.controller.scope.enabled }}
            - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
          {{- end }}
          {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
            - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
            - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
            - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
          {{- end }}
          {{- if .Values.controller.maxmindMirror }}
            - --maxmind-mirror={{ .Values.controller.maxmindMirror }}
          {{- end}}
          {{- if .Values.controller.maxmindLicenseKey }}
            - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
          {{- end }}
          {{- if not (eq .Values.controller.healthCheckPath "/healthz") }}
            - --health-check-path={{ .Values.controller.healthCheckPath }}
          {{- end }}
          {{- range $key, $value := .Values.controller.extraArgs }}
            {{- /* Accept keys without values or with false as value */}}
            {{- if eq ($value | quote | len) 2 }}
            - --{{ $key }}
            {{- else }}
            - --{{ $key }}={{ $value }}
            {{- end }}
          {{- end }}
          securityContext:
            capabilities:
                drop:
                - ALL
                add:
                - NET_BIND_SERVICE
            runAsUser: {{ .Values.controller.image.runAsUser }}
            allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          {{- if .Values.controller.enableMimalloc }}
            - name: LD_PRELOAD
              value: /usr/local/lib/libmimalloc.so
          {{- end }}
          {{- if .Values.controller.extraEnvs }}
            {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
          {{- end }}
          {{- if .Values.controller.startupProbe }}
          startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
          {{- end }}
          livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
          readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
          ports:
          {{- range $key, $value := .Values.controller.containerPort }}
            - name: {{ $key }}
              containerPort: {{ $value }}
              protocol: TCP
              {{- if $.Values.controller.hostPort.enabled }}
              hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
              {{- end }}
          {{- end }}
          {{- if .Values.controller.metrics.enabled }}
            - name: metrics
              containerPort: {{ .Values.controller.metrics.port }}
              protocol: TCP
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - name: webhook
              containerPort: {{ .Values.controller.admissionWebhooks.port }}
              protocol: TCP
          {{- end }}
          {{- range $key, $value := .Values.tcp }}
            - name: {{ $key }}-tcp
              containerPort: {{ $key }}
              protocol: TCP
              {{- if $.Values.controller.hostPort.enabled }}
              hostPort: {{ $key }}
              {{- end }}
          {{- end }}
          {{- range $key, $value := .Values.udp }}
            - name: {{ $key }}-udp
              containerPort: {{ $key }}
              protocol: UDP
              {{- if $.Values.controller.hostPort.enabled }}
              hostPort: {{ $key }}
              {{- end }}
          {{- end }}
        {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
          volumeMounts:
          {{- if .Values.controller.customTemplate.configMapName }}
            - mountPath: /etc/nginx/template
              name: nginx-template-volume
              readOnly: true
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - name: webhook-cert
              mountPath: /usr/local/certificates/
              readOnly: true
          {{- end }}
          {{- if .Values.controller.extraVolumeMounts }}
            {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
          {{- end }}
        {{- end }}
        {{- if .Values.controller.resources }}
          resources: {{ toYaml .Values.controller.resources | nindent 12 }}
        {{- end }}
      {{- if .Values.controller.extraContainers }}
        {{ toYaml .Values.controller.extraContainers | nindent 8 }}
      {{- end }}
    {{- if .Values.controller.extraInitContainers }}
      initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.hostNetwork }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
    {{- end }}
    {{- if .Values.controller.nodeSelector }}
      nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.tolerations }}
      tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.affinity }}
      affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.topologySpreadConstraints }}
      topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
    {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
      volumes:
      {{- if .Values.controller.customTemplate.configMapName }}
        - name: nginx-template-volume
          configMap:
            name: {{ .Values.controller.customTemplate.configMapName }}
            items:
            - key: {{ .Values.controller.customTemplate.configMapKey }}
              path: nginx.tmpl
      {{- end }}
      {{- if .Values.controller.admissionWebhooks.enabled }}
        - name: webhook-cert
          secret:
            secretName: {{ include "ingress-nginx.fullname" . }}-admission
      {{- end }}
      {{- if .Values.controller.extraVolumes }}
        {{ toYaml .Values.controller.extraVolumes | nindent 8 }}
      {{- end }}
    {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-deployment.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-deployment.yaml
@@ -0,0 +1,245 @@
 {{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
    {{- with .Values.controller.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
  namespace: {{ .Release.Namespace }}
  {{- if .Values.controller.annotations }}
  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
  {{- end }}
 spec:
  selector:
    matchLabels:
      {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: controller
  {{- if not .Values.controller.autoscaling.enabled }}
  replicas: {{ .Values.controller.replicaCount }}
  {{- end }}
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
  {{- if .Values.controller.updateStrategy }}
  strategy:
    {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
  {{- end }}
  minReadySeconds: {{ .Values.controller.minReadySeconds }}
  template:
    metadata:
    {{- if .Values.controller.podAnnotations }}
      annotations:
      {{- range $key, $value := .Values.controller.podAnnotations }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
    {{- end }}
      labels:
        {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: controller
      {{- if .Values.controller.podLabels }}
        {{- toYaml .Values.controller.podLabels | nindent 8 }}
      {{- end }}
    spec:
    {{- if .Values.controller.dnsConfig }}
      dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
    {{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
    {{- if .Values.imagePullSecrets }}
      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.priorityClassName }}
      priorityClassName: {{ .Values.controller.priorityClassName }}
    {{- end }}
    {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
      securityContext:
    {{- end }}
    {{- if .Values.controller.podSecurityContext }}
        {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.sysctls }}
        sysctls:
    {{- range $sysctl, $value := .Values.controller.sysctls }}
        - name: {{ $sysctl | quote }}
          value: {{ $value | quote }}
    {{- end }}
    {{- end }}
      containers:
        - name: {{ .Values.controller.containerName }}
          {{- with .Values.controller.image }}
          image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
          {{- end }}
          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
        {{- if .Values.controller.lifecycle }}
          lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
        {{- end }}
          args:
            - /nginx-ingress-controller
          {{- if .Values.defaultBackend.enabled }}
            - --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }}
          {{- end }}
          {{- if .Values.controller.publishService.enabled }}
            - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}
          {{- end }}
            - --election-id={{ .Values.controller.electionID }}
            - --ingress-class={{ .Values.controller.ingressClass }}
            - --configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.controller.fullname" . }}
          {{- if .Values.tcp }}
            - --tcp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-tcp
          {{- end }}
          {{- if .Values.udp }}
            - --udp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-udp
          {{- end }}
          {{- if .Values.controller.scope.enabled }}
            - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }}
          {{- end }}
          {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
            - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
            - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
            - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
          {{- end }}
          {{- if .Values.controller.maxmindLicenseKey }}
            - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
          {{- end }}
          {{- if not (eq .Values.controller.healthCheckPath "/healthz") }}
            - --health-check-path={{ .Values.controller.healthCheckPath }}
          {{- end }}
          {{- range $key, $value := .Values.controller.extraArgs }}
            {{- /* Accept keys without values or with false as value */}}
            {{- if eq ($value | quote | len) 2 }}
            - --{{ $key }}
            {{- else }}
            - --{{ $key }}={{ $value }}
            {{- end }}
          {{- end }}
          securityContext:
            capabilities:
                drop:
                - ALL
                add:
                - NET_BIND_SERVICE
            runAsUser: {{ .Values.controller.image.runAsUser }}
            allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          {{- if .Values.controller.enableMimalloc }}
            - name: LD_PRELOAD
              value: /usr/local/lib/libmimalloc.so
          {{- end }}
          {{- if .Values.controller.extraEnvs }}
            {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
          {{- end }}          
          {{- if .Values.controller.startupProbe }}
          startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
          {{- end }}
          livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
          readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
          ports:
          {{- range $key, $value := .Values.controller.containerPort }}
            - name: {{ $key }}
              containerPort: {{ $value }}
              protocol: TCP
              {{- if $.Values.controller.hostPort.enabled }}
              hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
              {{- end }}
          {{- end }}
          {{- if .Values.controller.metrics.enabled }}
            - name: metrics
              containerPort: {{ .Values.controller.metrics.port }}
              protocol: TCP
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - name: webhook
              containerPort: {{ .Values.controller.admissionWebhooks.port }}
              protocol: TCP
          {{- end }}
          {{- range $key, $value := .Values.tcp }}
            - name: {{ $key }}-tcp
              containerPort: {{ $key }}
              protocol: TCP
              {{- if $.Values.controller.hostPort.enabled }}
              hostPort: {{ $key }}
              {{- end }}
          {{- end }}
          {{- range $key, $value := .Values.udp }}
            - name: {{ $key }}-udp
              containerPort: {{ $key }}
              protocol: UDP
              {{- if $.Values.controller.hostPort.enabled }}
              hostPort: {{ $key }}
              {{- end }}
          {{- end }}
        {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
          volumeMounts:
          {{- if .Values.controller.customTemplate.configMapName }}
            - mountPath: /etc/nginx/template
              name: nginx-template-volume
              readOnly: true
          {{- end }}
          {{- if .Values.controller.admissionWebhooks.enabled }}
            - name: webhook-cert
              mountPath: /usr/local/certificates/
              readOnly: true
          {{- end }}
          {{- if .Values.controller.extraVolumeMounts }}
            {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
          {{- end }}
        {{- end }}
        {{- if .Values.controller.resources }}
          resources: {{ toYaml .Values.controller.resources | nindent 12 }}
        {{- end }}
      {{- if .Values.controller.extraContainers }}
        {{ toYaml .Values.controller.extraContainers | nindent 8 }}
      {{- end }}
    {{- if .Values.controller.extraInitContainers }}
      initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.hostNetwork }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
    {{- end }}
    {{- if .Values.controller.nodeSelector }}
      nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.tolerations }}
      tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.affinity }}
      affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.topologySpreadConstraints }}
      topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
    {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
      volumes:
      {{- if .Values.controller.customTemplate.configMapName }}
        - name: nginx-template-volume
          configMap:
            name: {{ .Values.controller.customTemplate.configMapName }}
            items:
            - key: {{ .Values.controller.customTemplate.configMapKey }}
              path: nginx.tmpl
      {{- end }}
      {{- if .Values.controller.admissionWebhooks.enabled }}
        - name: webhook-cert
          secret:
            secretName: {{ include "ingress-nginx.fullname" . }}-admission
      {{- end }}
      {{- if .Values.controller.extraVolumes }}
        {{ toYaml .Values.controller.extraVolumes | nindent 8 }}
      {{- end }}
    {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-hpa.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-hpa.yaml
@@ -0,0 +1,45 @@
 {{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
 {{- if not .Values.controller.keda.enabled }}
 apiVersion: autoscaling/v2beta2
 kind: HorizontalPodAutoscaler
 metadata:
  annotations:
  {{- with .Values.controller.autoscaling.annotations }}
  {{- toYaml . | trimSuffix "\n" | nindent 4 }}
  {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ include "ingress-nginx.controller.fullname" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: {{ include "ingress-nginx.controller.fullname" . }}
  minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
  metrics:
  {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
  - type: Resource 
    resource: 
      name: memory 
      target:
        type: Utilization
        averageUtilization: {{ . }}
  {{- end }}
  {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: {{ . }}
  {{- end }}
  {{- with .Values.controller.autoscalingTemplate }}
 {{- toYaml . | nindent 2 }}
  {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-ingressclass.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-ingressclass.yaml
@@ -0,0 +1,23 @@
 {{- if and (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.ingressClassResource.enabled) -}}
 {{- if and (semverCompare "=1.18-0" .Capabilities.KubeVersion.GitVersion)  }}
 apiVersion: networking.k8s.io/v1beta1
 {{- else }}
 apiVersion: networking.k8s.io/v1
 {{- end }}
 kind: IngressClass
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
    {{- with .Values.controller.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ .Values.controller.ingressClass }}
 {{- if .Values.controller.ingressClassResource.default }}
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
 {{- end }}
 spec:
  controller: k8s.io/ingress-nginx
  {{ template "ingressClass.parameters" . }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-keda.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-keda.yaml
@@ -0,0 +1,39 @@
 {{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
 # https://keda.sh/docs/
 apiVersion: {{ .Values.controller.keda.apiVersion }}
 kind: ScaledObject
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ include "ingress-nginx.controller.fullname" . }}
  {{- if .Values.controller.keda.scaledObject.annotations }}
  annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }}
  {{- end }}
 spec:
  scaleTargetRef:
 {{- if eq .Values.controller.keda.apiVersion "keda.k8s.io/v1alpha1" }}
    deploymentName: {{ include "ingress-nginx.controller.fullname" . }}
 {{- else if eq .Values.controller.keda.apiVersion "keda.sh/v1alpha1" }}
    name: {{ include "ingress-nginx.controller.fullname" . }}
 {{- end }}
  pollingInterval: {{ .Values.controller.keda.pollingInterval }}
  cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }}
  minReplicaCount: {{ .Values.controller.keda.minReplicas }}
  maxReplicaCount: {{ .Values.controller.keda.maxReplicas }}
  triggers:
 {{- with .Values.controller.keda.triggers }}
 {{ toYaml . | indent 2 }}
 {{ end }}
  advanced:
    restoreToOriginalReplicaCount: {{ .Values.controller.keda.restoreToOriginalReplicaCount }}
 {{- if .Values.controller.keda.behavior }}
    horizontalPodAutoscalerConfig:
      behavior:
 {{ with .Values.controller.keda.behavior -}}
 {{ toYaml . | indent 8 }}
 {{ end }}
 {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-poddisruptionbudget.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-poddisruptionbudget.yaml
@@ -0,0 +1,16 @@
 {{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }}
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ include "ingress-nginx.controller.fullname" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  selector:
    matchLabels:
      {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: controller
  minAvailable: {{ .Values.controller.minAvailable }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-prometheusrules.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-prometheusrules.yaml
@@ -0,0 +1,21 @@
 {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ include "ingress-nginx.controller.fullname" . }}
 {{- if .Values.controller.metrics.prometheusRule.namespace }}
  namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }}
 {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  {{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
    {{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }}
  {{- end }}
 spec:
 {{- if .Values.controller.metrics.prometheusRule.rules }}
  groups:
  - name: {{ template "ingress-nginx.name" . }}
    rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }}
 {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-psp.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-psp.yaml
@@ -0,0 +1,86 @@
 {{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
 spec:
  allowedCapabilities:
    - NET_BIND_SERVICE
 {{- if .Values.controller.sysctls }}
  allowedUnsafeSysctls:
  {{- range $sysctl, $value := .Values.controller.sysctls }}
  - {{ $sysctl }}
  {{- end }}
 {{- end }}
  privileged: false
  allowPrivilegeEscalation: true
  # Allow core volume types.
  volumes:
    - 'configMap'
    - 'emptyDir'
    #- 'projected'
    - 'secret'
    #- 'downwardAPI'
 {{- if .Values.controller.hostNetwork }}
  hostNetwork: {{ .Values.controller.hostNetwork }}
 {{- end }}
 {{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }}
  hostPorts:
 {{- if .Values.controller.hostNetwork }}
 {{- range $key, $value := .Values.controller.containerPort }}
  # {{ $key }}
  - min: {{ $value }}
    max: {{ $value }}
 {{- end }}
 {{- else if .Values.controller.hostPort.enabled }}
 {{- range $key, $value := .Values.controller.hostPort.ports }}
  # {{ $key }}
  - min: {{ $value }}
    max: {{ $value }}
 {{- end }}
 {{- end }}
 {{- if .Values.controller.metrics.enabled }}
  # metrics
  - min: {{ .Values.controller.metrics.port }}
    max: {{ .Values.controller.metrics.port }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.enabled }}
  # admission webhooks
  - min: {{ .Values.controller.admissionWebhooks.port }}
    max: {{ .Values.controller.admissionWebhooks.port }}
 {{- end }}
 {{- range $key, $value := .Values.tcp }}
  # {{ $key }}-tcp
  - min: {{ $key }}
    max: {{ $key }}
 {{- end }}
 {{- range $key, $value := .Values.udp }}
  # {{ $key }}-udp
  - min: {{ $key }}
    max: {{ $key }}
 {{- end }}
 {{- end }}
  hostIPC: false
  hostPID: false
  runAsUser:
    # Require the container to run without root privileges.
    rule: 'MustRunAsNonRoot'
  supplementalGroups:
    rule: 'MustRunAs'
    ranges:
      # Forbid adding the root group.
      - min: 1
        max: 65535
  fsGroup:
    rule: 'MustRunAs'
    ranges:
      # Forbid adding the root group.
      - min: 1
        max: 65535
  readOnlyRootFilesystem: false
  seLinux:
    rule: 'RunAsAny'
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-role.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-role.yaml
@@ -0,0 +1,92 @@
 {{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ include "ingress-nginx.fullname" . }}
  namespace: {{ .Release.Namespace }}
 rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - configmaps
      - pods
      - secrets
      - endpoints
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - configmaps
    resourceNames:
      - {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}
    verbs:
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
 {{- if .Values.podSecurityPolicy.enabled }}
  - apiGroups:      [{{ template "podSecurityPolicy.apiGroup" . }}]
    resources:      ['podsecuritypolicies']
    verbs:          ['use']
    {{- with .Values.controller.existingPsp }}
    resourceNames:  [{{ . }}]
    {{- else }}
    resourceNames:  [{{ include "ingress-nginx.fullname" . }}]
    {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-rolebinding.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-rolebinding.yaml
@@ -0,0 +1,18 @@
 {{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ include "ingress-nginx.fullname" . }}
  namespace: {{ .Release.Namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ include "ingress-nginx.fullname" . }}
 subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.serviceAccountName" . }}
    namespace: {{ .Release.Namespace | quote }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-service-internal.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-service-internal.yaml
@@ -0,0 +1,51 @@
 {{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}}
 apiVersion: v1
 kind: Service
 metadata:
  annotations:
  {{- range $key, $value := .Values.controller.service.internal.annotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  {{- if .Values.controller.service.labels }}
    {{- toYaml .Values.controller.service.labels | nindent 4 }}
  {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}-internal
  namespace: {{ .Release.Namespace }}
 spec:
  type: "{{ .Values.controller.service.type }}"
 {{- if .Values.controller.service.internal.loadBalancerIP }}
  loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }}
 {{- end }}
 {{- if .Values.controller.service.internal.loadBalancerSourceRanges }}
  loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }}
 {{- end }}
 {{- if .Values.controller.service.internal.externalTrafficPolicy }}
  externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }}
 {{- end }}
  ports:
  {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
  {{- if .Values.controller.service.enableHttp }}
    - name: http
      port: {{ .Values.controller.service.ports.http }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.http }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
      nodePort: {{ .Values.controller.service.nodePorts.http }}
    {{- end }}
  {{- end }}
  {{- if .Values.controller.service.enableHttps }}
    - name: https
      port: {{ .Values.controller.service.ports.https }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.https }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
      nodePort: {{ .Values.controller.service.nodePorts.https }}
    {{- end }}
  {{- end }}
  selector:
    {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: controller
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-service-metrics.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-service-metrics.yaml
@@ -0,0 +1,44 @@
 {{- if .Values.controller.metrics.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.controller.metrics.service.annotations }}
  annotations: {{ toYaml .Values.controller.metrics.service.annotations | nindent 4 }}
 {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  {{- if .Values.controller.metrics.service.labels }}
    {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
  {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}-metrics
  namespace: {{ .Release.Namespace }}
 spec:
  type: {{ .Values.controller.metrics.service.type }}
 {{- if .Values.controller.metrics.service.clusterIP }}
  clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
 {{- end }}
 {{- if .Values.controller.metrics.service.externalIPs }}
  externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | nindent 4 }}
 {{- end }}
 {{- if .Values.controller.metrics.service.loadBalancerIP }}
  loadBalancerIP: {{ .Values.controller.metrics.service.loadBalancerIP }}
 {{- end }}
 {{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges: {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | nindent 4 }}
 {{- end }}
 {{- if .Values.controller.metrics.service.externalTrafficPolicy }}
  externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }}
 {{- end }}
  ports:
    - name: metrics
      port: {{ .Values.controller.metrics.service.servicePort }}
      targetPort: metrics
    {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }}
    {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }}
      nodePort: {{ .Values.controller.metrics.service.nodePort }}
    {{- end }}
  selector:
    {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: controller
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-service-webhook.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-service-webhook.yaml
@@ -0,0 +1,34 @@
 {{- if .Values.controller.admissionWebhooks.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.controller.admissionWebhooks.service.annotations }}
  annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }}
 {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ include "ingress-nginx.controller.fullname" . }}-admission
  namespace: {{ .Release.Namespace }}
 spec:
  type: {{ .Values.controller.admissionWebhooks.service.type }}
 {{- if .Values.controller.admissionWebhooks.service.clusterIP }}
  clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.service.externalIPs }}
  externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
  loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}
 {{- end }}
 {{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }}
 {{- end }}
  ports:
    - name: https-webhook
      port: 443
      targetPort: webhook
  selector:
    {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: controller
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-service.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-service.yaml
@@ -0,0 +1,85 @@
 {{- if .Values.controller.service.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
  annotations:
  {{- range $key, $value := .Values.controller.service.annotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  {{- if .Values.controller.service.labels }}
    {{- toYaml .Values.controller.service.labels | nindent 4 }}
  {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  type: {{ .Values.controller.service.type }}
 {{- if .Values.controller.service.clusterIP }}
  clusterIP: {{ .Values.controller.service.clusterIP }}
 {{- end }}
 {{- if .Values.controller.service.externalIPs }}
  externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }}
 {{- end }}
 {{- if .Values.controller.service.loadBalancerIP }}
  loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }}
 {{- end }}
 {{- if .Values.controller.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
 {{- end }}
 {{- if .Values.controller.service.externalTrafficPolicy }}
  externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
 {{- end }}
 {{- if .Values.controller.service.sessionAffinity }}
  sessionAffinity: {{ .Values.controller.service.sessionAffinity }}
 {{- end }}
 {{- if .Values.controller.service.healthCheckNodePort }}
  healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
 {{- end }}
  ports:
  {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
  {{- if .Values.controller.service.enableHttp }}
    - name: http
      port: {{ .Values.controller.service.ports.http }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.http }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
      nodePort: {{ .Values.controller.service.nodePorts.http }}
    {{- end }}
  {{- end }}
  {{- if .Values.controller.service.enableHttps }}
    - name: https
      port: {{ .Values.controller.service.ports.https }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.https }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
      nodePort: {{ .Values.controller.service.nodePorts.https }}
    {{- end }}
  {{- end }}
  {{- range $key, $value := .Values.tcp }}
    - name: {{ $key }}-tcp
      port: {{ $key }}
      protocol: TCP
      targetPort: {{ $key }}-tcp
    {{- if $.Values.controller.service.nodePorts.tcp }}
    {{- if index $.Values.controller.service.nodePorts.tcp $key }}
      nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
    {{- end }}
    {{- end }}
  {{- end }}
  {{- range $key, $value := .Values.udp }}
    - name: {{ $key }}-udp
      port: {{ $key }}
      protocol: UDP
      targetPort: {{ $key }}-udp
    {{- if $.Values.controller.service.nodePorts.udp }}
    {{- if index $.Values.controller.service.nodePorts.udp $key }}
      nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
    {{- end }}
    {{- end }}
  {{- end }}
  selector:
    {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: controller
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-serviceaccount.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-serviceaccount.yaml
@@ -0,0 +1,11 @@
 {{- if or .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ template "ingress-nginx.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/controller-servicemonitor.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/controller-servicemonitor.yaml
@@ -0,0 +1,45 @@
 {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ include "ingress-nginx.controller.fullname" . }}
 {{- if .Values.controller.metrics.serviceMonitor.namespace }}
  namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }}
 {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
    {{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
  {{- end }}
 spec:
  endpoints:
    - port: metrics
      interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
    {{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
      honorLabels: true
    {{- end }}
    {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }}
      metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }}
    {{- end }}
 {{- if .Values.controller.metrics.serviceMonitor.jobLabel }}
  jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }}
 {{- end }}
 {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
  namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }}
 {{ else }}
  namespaceSelector:
    matchNames:
      - {{ .Release.Namespace }}
 {{- end }}
 {{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
  targetLabels:
  {{- range .Values.controller.metrics.serviceMonitor.targetLabels }}
    - {{ . }}
  {{- end }}
 {{- end }}
  selector:
    matchLabels:
      {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: controller
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/default-backend-deployment.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/default-backend-deployment.yaml
@@ -0,0 +1,112 @@
 {{- if .Values.defaultBackend.enabled -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  selector:
    matchLabels:
      {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: default-backend
 {{- if not .Values.defaultBackend.autoscaling.enabled }}
  replicas: {{ .Values.defaultBackend.replicaCount }}
 {{- end }}
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
  template:
    metadata:
    {{- if .Values.defaultBackend.podAnnotations }}
      annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }}
    {{- end }}
      labels:
        {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: default-backend
      {{- if .Values.defaultBackend.podLabels }}
        {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }}
      {{- end }}
    spec:
    {{- if .Values.imagePullSecrets }}
      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
    {{- end }}
    {{- if .Values.defaultBackend.priorityClassName }}
      priorityClassName: {{ .Values.defaultBackend.priorityClassName }}
    {{- end }}
    {{- if .Values.defaultBackend.podSecurityContext }}
      securityContext: {{ toYaml .Values.defaultBackend.podSecurityContext | nindent 8 }}
    {{- end }}
      containers:
        - name: {{ template "ingress-nginx.name" . }}-default-backend
          {{- with .Values.defaultBackend.image }}
          image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
          {{- end }}
          imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
        {{- if .Values.defaultBackend.extraArgs }}
          args:
          {{- range $key, $value := .Values.defaultBackend.extraArgs }}
            {{- /* Accept keys without values or with false as value */}}
            {{- if eq ($value | quote | len) 2 }}
            - --{{ $key }}
            {{- else }}
            - --{{ $key }}={{ $value }}
            {{- end }}
          {{- end }}
        {{- end }}
          securityContext:
            capabilities:
              drop:
              - ALL
            runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
            runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
            allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
            readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}}
        {{- if .Values.defaultBackend.extraEnvs }}
          env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
        {{- end }}
          livenessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.defaultBackend.port }}
              scheme: HTTP
            initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }}
          readinessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.defaultBackend.port }}
              scheme: HTTP
            initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }}
          ports:
            - name: http
              containerPort: {{ .Values.defaultBackend.port }}
              protocol: TCP
        {{- if .Values.defaultBackend.extraVolumeMounts }}
          volumeMounts: {{- toYaml .Values.defaultBackend.extraVolumeMounts | nindent 12 }}
        {{- end }}
        {{- if .Values.defaultBackend.resources }}
          resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }}
        {{- end }}
    {{- if .Values.defaultBackend.nodeSelector }}
      nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
    {{- if .Values.defaultBackend.tolerations }}
      tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
    {{- end }}
    {{- if .Values.defaultBackend.affinity }}
      affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
    {{- end }}
      terminationGracePeriodSeconds: 60
    {{- if .Values.defaultBackend.extraVolumes }}
      volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }}
    {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/default-backend-hpa.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/default-backend-hpa.yaml
@@ -0,0 +1,30 @@
 {{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }}
 apiVersion: autoscaling/v2beta1
 kind: HorizontalPodAutoscaler
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
  name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
  minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
  metrics:
 {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
    - type: Resource
      resource:
        name: cpu
        targetAverageUtilization: {{ . }}
 {{- end }}
 {{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
    - type: Resource
      resource:
        name: memory
        targetAverageUtilization: {{ . }}
 {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/default-backend-poddisruptionbudget.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/default-backend-poddisruptionbudget.yaml
@@ -0,0 +1,16 @@
 {{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }}
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  selector:
    matchLabels:
      {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: default-backend
  minAvailable: {{ .Values.defaultBackend.minAvailable }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/default-backend-psp.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/default-backend-psp.yaml
@@ -0,0 +1,33 @@
 {{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: {{ include "ingress-nginx.fullname" . }}-backend
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
 spec:
  allowPrivilegeEscalation: false
  fsGroup:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  requiredDropCapabilities:
  - ALL
  runAsUser:
    rule: MustRunAsNonRoot
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  volumes:
  - configMap
  - emptyDir
  - projected
  - secret
  - downwardAPI
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/default-backend-role.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/default-backend-role.yaml
@@ -0,0 +1,19 @@
 {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
  name: {{ include "ingress-nginx.fullname" . }}-backend
  namespace: {{ .Release.Namespace }}
 rules:
  - apiGroups:      [{{ template "podSecurityPolicy.apiGroup" . }}]
    resources:      ['podsecuritypolicies']
    verbs:          ['use']
    {{- with .Values.defaultBackend.existingPsp }}
    resourceNames:  [{{ . }}]
    {{- else }}
    resourceNames:  [{{ include "ingress-nginx.fullname" . }}-backend]
    {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/default-backend-rolebinding.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/default-backend-rolebinding.yaml
@@ -0,0 +1,18 @@
 {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
  name: {{ include "ingress-nginx.fullname" . }}-backend
  namespace: {{ .Release.Namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ include "ingress-nginx.fullname" . }}-backend
 subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
    namespace: {{ .Release.Namespace | quote }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/default-backend-service.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/default-backend-service.yaml
@@ -0,0 +1,35 @@
 {{- if .Values.defaultBackend.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
 {{- if .Values.defaultBackend.service.annotations }}
  annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }}
 {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  type: {{ .Values.defaultBackend.service.type }}
 {{- if .Values.defaultBackend.service.clusterIP }}
  clusterIP: {{ .Values.defaultBackend.service.clusterIP }}
 {{- end }}
 {{- if .Values.defaultBackend.service.externalIPs }}
  externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }}
 {{- end }}
 {{- if .Values.defaultBackend.service.loadBalancerIP }}
  loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }}
 {{- end }}
 {{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }}
 {{- end }}
  ports:
    - name: http
      port: {{ .Values.defaultBackend.service.servicePort }}
      protocol: TCP
      targetPort: http
  selector:
    {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/default-backend-serviceaccount.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/default-backend-serviceaccount.yaml
@@ -0,0 +1,11 @@
 {{- if and .Values.defaultBackend.enabled  .Values.defaultBackend.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
  name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
 automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/dh-param-secret.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/dh-param-secret.yaml
@@ -0,0 +1,10 @@
 {{- with .Values.dhParam -}}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "ingress-nginx.controller.fullname" $ }}
  labels:
    {{- include "ingress-nginx.labels" $ | nindent 4 }}
 data:
  dhparam.pem: {{ . }}
 {{- end }}
--- a/charts/ingress-nginx/3.34.0/templates/letsencrypt-issuer.yaml
+++ b/charts/ingress-nginx/3.34.0/templates/letsencrypt-issuer.yaml
@@ -0,0 +1,18 @@
 # apiVersion: cert-manager.io/v1
 # kind: ClusterIssuer
 # metadata:
 #   name: letsencrypt-prod
 # spec:
 #   acme:
 #     # The ACME server URL
 #     server: https://acme-v02.api.letsencrypt.org/directory
 #     # Email address used for ACME registration
 #     email: {{ .Values.email }}
 #     # Name of a secret used to store the ACME account private key
 #     privateKeySecretRef:
 #       name: letsencrypt-prod
 #     # Enable the HTTP-01 challenge provider
 #     solvers:
 #     - http01:
 #         ingress:
 #           class: nginx
--- a/charts/ingress-nginx/3.34.0/values.yaml
+++ b/charts/ingress-nginx/3.34.0/values.yaml
@@ -0,0 +1,808 @@
 ## nginx configuration
 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/index.md
 ##
 ## Overrides for generated resource names
 # See templates/_helpers.tpl
 # nameOverride:
 # fullnameOverride:
 controller:
  name: controller
  image:
    registry: k8s.gcr.io
    image: ingress-nginx/controller
    # for backwards compatibility consider setting the full image url via the repository value below
    # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
    # repository:
    tag: "v0.47.0"
    digest: sha256:a1e4efc107be0bb78f32eaec37bef17d7a0c81bec8066cdf2572508d21351d0b
    pullPolicy: IfNotPresent
    # www-data -> uid 101
    runAsUser: 101
    allowPrivilegeEscalation: true
  # Use an existing PSP instead of creating one
  existingPsp: ""
  # Configures the controller container name
  containerName: controller
  # Configures the ports the nginx-controller listens on
  containerPort:
    http: 80
    https: 443
  # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
  config: {}
  ## Annotations to be added to the controller config configuration configmap
  ##
  configAnnotations: {}
  # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
  proxySetHeaders: {}
  # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
  addHeaders: {}
  # Optionally customize the pod dnsConfig.
  dnsConfig: {}
  # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
  # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
  # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
  dnsPolicy: ClusterFirst
  # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
  # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
  reportNodeInternalIp: false
  # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
  # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
  # is merged
  hostNetwork: false
  ## Use host ports 80 and 443
  ## Disabled by default
  ##
  hostPort:
    enabled: false
    ports:
      http: 80
      https: 443
  ## Election ID to use for status update
  ##
  electionID: ingress-controller-leader
  ## Name of the ingress class to route through this controller
  ##
  ingressClass: nginx
  # This section refers to the creation of the IngressClass resource
  # IngressClass resources are supported since k8s >= 1.18
  ingressClassResource:
    enabled: false
    default: false
    # Parameters is a link to a custom resource containing additional
    # configuration for the controller. This is optional if the controller
    # does not require extra parameters.
    parameters: {}
  # labels to add to the pod container metadata
  podLabels: {}
  #  key: value
  ## Security Context policies for controller pods
  ##
  podSecurityContext: {}
  ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
  ## notes on enabling and using sysctls
  ###
  sysctls: {}
  # sysctls:
  #   "net.core.somaxconn": "8192"
  ## Allows customization of the source of the IP address or FQDN to report
  ## in the ingress status field. By default, it reads the information provided
  ## by the service. If disable, the status field reports the IP address of the
  ## node or nodes where an ingress controller pod is running.
  publishService:
    enabled: true
    ## Allows overriding of the publish service to bind to
    ## Must be <namespace>/<service_name>
    ##
    pathOverride: ""
  ## Limit the scope of the controller
  ##
  scope:
    enabled: false
    namespace: ""   # defaults to .Release.Namespace
  ## Allows customization of the configmap / nginx-configmap namespace
  ##
  configMapNamespace: ""   # defaults to .Release.Namespace
  ## Allows customization of the tcp-services-configmap
  ##
  tcp:
    configMapNamespace: ""   # defaults to .Release.Namespace
    ## Annotations to be added to the tcp config configmap
    annotations: {}
  ## Allows customization of the udp-services-configmap
  ##
  udp:
    configMapNamespace: ""   # defaults to .Release.Namespace
    ## Annotations to be added to the udp config configmap
    annotations: {}
  # Maxmind license key to download GeoLite2 Databases
  # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases
  maxmindLicenseKey: ""
  ## Additional command line arguments to pass to nginx-ingress-controller
  ## E.g. to specify the default SSL certificate you can use
  ## extraArgs:
  ##   default-ssl-certificate: "<namespace>/<secret_name>"
  extraArgs: {}
  ## Additional environment variables to set
  extraEnvs: []
  # extraEnvs:
  #   - name: FOO
  #     valueFrom:
  #       secretKeyRef:
  #         key: FOO
  #         name: secret-resource
  ## DaemonSet or Deployment
  ##
  kind: Deployment
  ## Annotations to be added to the controller Deployment or DaemonSet
  ##
  annotations: {}
  #  keel.sh/pollSchedule: "@every 60m"
  ## Labels to be added to the controller Deployment or DaemonSet
  ##
  labels: {}
  #  keel.sh/policy: patch
  #  keel.sh/trigger: poll
  # The update strategy to apply to the Deployment or DaemonSet
  ##
  updateStrategy: {}
  #  rollingUpdate:
  #    maxUnavailable: 1
  #  type: RollingUpdate
  # minReadySeconds to avoid killing pods before we are ready
  ##
  minReadySeconds: 0
  ## Node tolerations for server scheduling to nodes with taints
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
  ##
  tolerations: []
  #  - key: "key"
  #    operator: "Equal|Exists"
  #    value: "value"
  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
  ## Affinity and anti-affinity
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
    # # An example of preferred pod anti-affinity, weight is in the range 1-100
    # podAntiAffinity:
    #   preferredDuringSchedulingIgnoredDuringExecution:
    #   - weight: 100
    #     podAffinityTerm:
    #       labelSelector:
    #         matchExpressions:
    #         - key: app.kubernetes.io/name
    #           operator: In
    #           values:
    #           - ingress-nginx
    #         - key: app.kubernetes.io/instance
    #           operator: In
    #           values:
    #           - ingress-nginx
    #         - key: app.kubernetes.io/component
    #           operator: In
    #           values:
    #           - controller
    #       topologyKey: kubernetes.io/hostname
    # # An example of required pod anti-affinity
    # podAntiAffinity:
    #   requiredDuringSchedulingIgnoredDuringExecution:
    #   - labelSelector:
    #       matchExpressions:
    #       - key: app.kubernetes.io/name
    #         operator: In
    #         values:
    #         - ingress-nginx
    #       - key: app.kubernetes.io/instance
    #         operator: In
    #         values:
    #         - ingress-nginx
    #       - key: app.kubernetes.io/component
    #         operator: In
    #         values:
    #         - controller
    #     topologyKey: "kubernetes.io/hostname"
  ## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ##
  topologySpreadConstraints: []
    # - maxSkew: 1
    #   topologyKey: failure-domain.beta.kubernetes.io/zone
    #   whenUnsatisfiable: DoNotSchedule
    #   labelSelector:
    #     matchLabels:
    #       app.kubernetes.io/instance: ingress-nginx-internal
  ## terminationGracePeriodSeconds
  ## wait up to five minutes for the drain of connections
  ##
  terminationGracePeriodSeconds: 300
  ## Node labels for controller pod assignment
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector:
    kubernetes.io/os: linux
  ## Liveness and readiness probe values
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
  ##
  # startupProbe:
  #   httpGet:
  #     # should match container.healthCheckPath
  #     path: "/healthz"
  #     port: 10254
  #     scheme: HTTP
  #   initialDelaySeconds: 5
  #   periodSeconds: 5
  #   timeoutSeconds: 2
  #   successThreshold: 1
  #   failureThreshold: 5
  livenessProbe:
    httpGet:
      # should match container.healthCheckPath
      path: "/healthz"
      port: 10254
      scheme: HTTP
    initialDelaySeconds: 10
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 5
  readinessProbe:
    httpGet:
      # should match container.healthCheckPath
      path: "/healthz"
      port: 10254
      scheme: HTTP
    initialDelaySeconds: 10
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  # Path of the health check endpoint. All requests received on the port defined by
  # the healthz-port parameter are forwarded internally to this path.
  healthCheckPath: "/healthz"
  ## Annotations to be added to controller pods
  ##
  podAnnotations: {}
  replicaCount: 1
  minAvailable: 1
  # Define requests resources to avoid probe issues due to CPU utilization in busy nodes
  # ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903
  # Ideally, there should be no limits.
  # https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/
  resources:
  #  limits:
  #    cpu: 100m
  #    memory: 90Mi
    requests:
      cpu: 100m
      memory: 90Mi
  # Mutually exclusive with keda autoscaling
  autoscaling:
    enabled: false
    minReplicas: 1
    maxReplicas: 11
    targetCPUUtilizationPercentage: 50
    targetMemoryUtilizationPercentage: 50
  autoscalingTemplate: []
  # Custom or additional autoscaling metrics
  # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
  # - type: Pods
  #   pods:
  #     metric:
  #       name: nginx_ingress_controller_nginx_process_requests_total
  #     target:
  #       type: AverageValue
  #       averageValue: 10000m
  # Mutually exclusive with hpa autoscaling
  keda:
    apiVersion: "keda.sh/v1alpha1"
  # apiVersion changes with keda 1.x vs 2.x
  # 2.x = keda.sh/v1alpha1
  # 1.x = keda.k8s.io/v1alpha1
    enabled: false
    minReplicas: 1
    maxReplicas: 11
    pollingInterval: 30
    cooldownPeriod: 300
    restoreToOriginalReplicaCount: false
    scaledObject:
      annotations: {}
      # Custom annotations for ScaledObject resource
      #  annotations:
      # key: value
    triggers: []
 #     - type: prometheus
 #       metadata:
 #         serverAddress: http://<prometheus-host>:9090
 #         metricName: http_requests_total
 #         threshold: '100'
 #         query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
    behavior: {}
 #     scaleDown:
 #       stabilizationWindowSeconds: 300
 #       policies:
 #       - type: Pods
 #         value: 1
 #         periodSeconds: 180
 #     scaleUp:
 #       stabilizationWindowSeconds: 300
 #       policies:
 #       - type: Pods
 #         value: 2
 #         periodSeconds: 60
  ## Enable mimalloc as a drop-in replacement for malloc.
  ## ref: https://github.com/microsoft/mimalloc
  ##
  enableMimalloc: true
  ## Override NGINX template
  customTemplate:
    configMapName: ""
    configMapKey: ""
  service:
    enabled: true
    annotations: {}
    labels: {}
    # clusterIP: ""
    ## List of IP addresses at which the controller services are available
    ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
    ##
    externalIPs: []
    # loadBalancerIP: ""
    loadBalancerSourceRanges: []
    enableHttp: true
    enableHttps: true
    ## Set external traffic policy to: "Local" to preserve source IP on
    ## providers supporting it
    ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
    # externalTrafficPolicy: ""
    # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
    # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
    # sessionAffinity: ""
    # specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified,
    # the service controller allocates a port from your cluster’s NodePort range.
    # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
    # healthCheckNodePort: 0
    ports:
      http: 80
      https: 443
    targetPorts:
      http: http
      https: https
    type: LoadBalancer
    # type: NodePort
    # nodePorts:
    #   http: 32080
    #   https: 32443
    #   tcp:
    #     8080: 32808
    nodePorts:
      http: ""
      https: ""
      tcp: {}
      udp: {}
    ## Enables an additional internal load balancer (besides the external one).
    ## Annotations are mandatory for the load balancer to come up. Varies with the cloud service.
    internal:
      enabled: false
      annotations: {}
      # loadBalancerIP: ""
      ## Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
      loadBalancerSourceRanges: []
      ## Set external traffic policy to: "Local" to preserve source IP on
      ## providers supporting it
      ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
      # externalTrafficPolicy: ""
  extraContainers: []
  ## Additional containers to be added to the controller pod.
  ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
  #  - name: my-sidecar
  #    image: nginx:latest
  #  - name: lemonldap-ng-controller
  #    image: lemonldapng/lemonldap-ng-controller:0.2.0
  #    args:
  #      - /lemonldap-ng-controller
  #      - --alsologtostderr
  #      - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
  #    env:
  #      - name: POD_NAME
  #        valueFrom:
  #          fieldRef:
  #            fieldPath: metadata.name
  #      - name: POD_NAMESPACE
  #        valueFrom:
  #          fieldRef:
  #            fieldPath: metadata.namespace
  #    volumeMounts:
  #    - name: copy-portal-skins
  #      mountPath: /srv/var/lib/lemonldap-ng/portal/skins
  extraVolumeMounts: []
  ## Additional volumeMounts to the controller main container.
  #  - name: copy-portal-skins
  #   mountPath: /var/lib/lemonldap-ng/portal/skins
  extraVolumes: []
  ## Additional volumes to the controller pod.
  #  - name: copy-portal-skins
  #    emptyDir: {}
  extraInitContainers: []
  ## Containers, which are run before the app containers are started.
  # - name: init-myservice
  #   image: busybox
  #   command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
  admissionWebhooks:
    annotations: {}
    enabled: true
    failurePolicy: Fail
    # timeoutSeconds: 10
    port: 8443
    certificate: "/usr/local/certificates/cert"
    key: "/usr/local/certificates/key"
    namespaceSelector: {}
    objectSelector: {}
    # Use an existing PSP instead of creating one
    existingPsp: ""
    service:
      annotations: {}
      # clusterIP: ""
      externalIPs: []
      # loadBalancerIP: ""
      loadBalancerSourceRanges: []
      servicePort: 443
      type: ClusterIP
    patch:
      enabled: true
      image:
        registry: docker.io
        image: jettech/kube-webhook-certgen
        # for backwards compatibility consider setting the full image url via the repository value below
        # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
        # repository:
        tag: v1.5.1
        pullPolicy: IfNotPresent
      ## Provide a priority class name to the webhook patching job
      ##
      priorityClassName: ""
      podAnnotations: {}
      nodeSelector: {}
      tolerations: []
      runAsUser: 2000
  metrics:
    port: 10254
    # if this port is changed, change healthz-port: in extraArgs: accordingly
    enabled: false
    service:
      annotations: {}
      # prometheus.io/scrape: "true"
      # prometheus.io/port: "10254"
      # clusterIP: ""
      ## List of IP addresses at which the stats-exporter service is available
      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
      ##
      externalIPs: []
      # loadBalancerIP: ""
      loadBalancerSourceRanges: []
      servicePort: 10254
      type: ClusterIP
      # externalTrafficPolicy: ""
      # nodePort: ""
    serviceMonitor:
      enabled: false
      additionalLabels: {}
      # The label to use to retrieve the job name from.
      # jobLabel: "app.kubernetes.io/name"
      namespace: ""
      namespaceSelector: {}
      # Default: scrape .Release.Namespace only
      # To scrape all, use the following:
      # namespaceSelector:
      #   any: true
      scrapeInterval: 30s
      # honorLabels: true
      targetLabels: []
      metricRelabelings: []
    prometheusRule:
      enabled: false
      additionalLabels: {}
      # namespace: ""
      rules: []
        # # These are just examples rules, please adapt them to your needs
        # - alert: NGINXConfigFailed
        #   expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0
        #   for: 1s
        #   labels:
        #     severity: critical
        #   annotations:
        #     description: bad ingress config - nginx config test failed
        #     summary: uninstall the latest ingress changes to allow config reloads to resume
        # - alert: NGINXCertificateExpiry
        #   expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800
        #   for: 1s
        #   labels:
        #     severity: critical
        #   annotations:
        #     description: ssl certificate(s) will expire in less then a week
        #     summary: renew expiring certificates to avoid downtime
        # - alert: NGINXTooMany500s
        #   expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
        #   for: 1m
        #   labels:
        #     severity: warning
        #   annotations:
        #     description: Too many 5XXs
        #     summary: More than 5% of all requests returned 5XX, this requires your attention
        # - alert: NGINXTooMany400s
        #   expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
        #   for: 1m
        #   labels:
        #     severity: warning
        #   annotations:
        #     description: Too many 4XXs
        #     summary: More than 5% of all requests returned 4XX, this requires your attention
  ## Improve connection draining when ingress controller pod is deleted using a lifecycle hook:
  ## With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds
  ## to 300, allowing the draining of connections up to five minutes.
  ## If the active connections end before that, the pod will terminate gracefully at that time.
  ## To effectively take advantage of this feature, the Configmap feature
  ## worker-shutdown-timeout new value is 240s instead of 10s.
  ##
  lifecycle:
    preStop:
      exec:
        command:
          - /wait-shutdown
  priorityClassName: ""
 ## Rollback limit
 ##
 revisionHistoryLimit: 10
 ## Default 404 backend
 ##
 defaultBackend:
  ##
  enabled: false
  name: defaultbackend
  image:
    registry: k8s.gcr.io
    image: defaultbackend-amd64
    # for backwards compatibility consider setting the full image url via the repository value below
    # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
    # repository:
    tag: "1.5"
    pullPolicy: IfNotPresent
    # nobody user -> uid 65534
    runAsUser: 65534
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
  # Use an existing PSP instead of creating one
  existingPsp: ""
  extraArgs: {}
  serviceAccount:
    create: true
    name: ""
    automountServiceAccountToken: true
  ## Additional environment variables to set for defaultBackend pods
  extraEnvs: []
  port: 8080
  ## Readiness and liveness probes for default backend
  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
  ##
  livenessProbe:
    failureThreshold: 3
    initialDelaySeconds: 30
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
  readinessProbe:
    failureThreshold: 6
    initialDelaySeconds: 0
    periodSeconds: 5
    successThreshold: 1
    timeoutSeconds: 5
  ## Node tolerations for server scheduling to nodes with taints
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
  ##
  tolerations: []
  #  - key: "key"
  #    operator: "Equal|Exists"
  #    value: "value"
  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
  affinity: {}
  ## Security Context policies for controller pods
  ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
  ## notes on enabling and using sysctls
  ##
  podSecurityContext: {}
  # labels to add to the pod container metadata
  podLabels: {}
  #  key: value
  ## Node labels for default backend pod assignment
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Annotations to be added to default backend pods
  ##
  podAnnotations: {}
  replicaCount: 1
  minAvailable: 1
  resources: {}
  # limits:
  #   cpu: 10m
  #   memory: 20Mi
  # requests:
  #   cpu: 10m
  #   memory: 20Mi
  extraVolumeMounts: []
  ## Additional volumeMounts to the default backend container.
  #  - name: copy-portal-skins
  #   mountPath: /var/lib/lemonldap-ng/portal/skins
  extraVolumes: []
  ## Additional volumes to the default backend pod.
  #  - name: copy-portal-skins
  #    emptyDir: {}
  autoscaling:
    annotations: {}
    enabled: false
    minReplicas: 1
    maxReplicas: 2
    targetCPUUtilizationPercentage: 50
    targetMemoryUtilizationPercentage: 50
  service:
    annotations: {}
    # clusterIP: ""
    ## List of IP addresses at which the default backend service is available
    ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
    ##
    externalIPs: []
    # loadBalancerIP: ""
    loadBalancerSourceRanges: []
    servicePort: 80
    type: ClusterIP
  priorityClassName: ""
 ## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266
 rbac:
  create: true
  scope: false
 # If true, create & use Pod Security Policy resources
 # https://kubernetes.io/docs/concepts/policy/pod-security-policy/
 podSecurityPolicy:
  enabled: false
 serviceAccount:
  create: true
  name: ""
  automountServiceAccountToken: true
 ## Optional array of imagePullSecrets containing private registry credentials
 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets: []
 # - name: secretName
 # TCP service key:value pairs
 # Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
 ##
 tcp: {}
 #  8080: "default/example-tcp-svc:9000"
 # UDP service key:value pairs
 # Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
 ##
 udp: {}
 #  53: "kube-system/kube-dns:53"
 # A base64ed Diffie-Hellman parameter
 # This can be generated with: openssl dhparam 4096 2> /dev/null | base64
 # Ref: https://github.com/krmichel/ingress-nginx/blob/master/docs/examples/customization/ssl-dh-param
 dhParam:
--- a/charts/ingress-nginx/item.yaml
+++ b/charts/ingress-nginx/item.yaml
@@ -0,0 +1,3 @@
 categories:
  - generic
 icon_url: "http://ix_url"
		`@@ -0,0 +1,3 @@`
							`# Ingress Nginx`

							`nginx ingress for kubernetes`