From 7f3b7fccdaaaeed02e48879929d878b4247ede85 Mon Sep 17 00:00:00 2001
From: Hang Yan <hangyan@alauda.io>
Date: Thu, 5 Dec 2019 10:33:16 +0800
Subject: [PATCH] First commit

---
 basic-nginx-ingress-1.26.2.tgz                | Bin 0 -> 17552 bytes
 basic-nginx-ingress/Chart.yaml                |  18 +
 basic-nginx-ingress/OWNERS                    |   6 +
 basic-nginx-ingress/README.md                 | 322 +++++++++++
 .../ci/daemonset-customconfig-values.yaml     |   4 +
 .../ci/daemonset-customnodeport-values.yaml   |  15 +
 .../ci/daemonset-headers-values.yaml          |   6 +
 .../ci/daemonset-nodeport-values.yaml         |   4 +
 ...set-tcp-udp-configMapNamespace-values.yaml |  14 +
 .../ci/daemonset-tcp-udp-values.yaml          |  10 +
 .../ci/daemonset-tcp-values.yaml              |   6 +
 .../ci/deamonset-default-values.yaml          |   2 +
 .../ci/deamonset-metrics-values.yaml          |   4 +
 .../ci/deamonset-psp-values.yaml              |   5 +
 .../ci/deamonset-webhook-and-psp-values.yaml  |   7 +
 .../ci/deamonset-webhook-values.yaml          |   4 +
 .../ci/deployment-autoscaling-values.yaml     |   3 +
 .../ci/deployment-customconfig-values.yaml    |   3 +
 .../ci/deployment-customnodeport-values.yaml  |  14 +
 .../ci/deployment-default-values.yaml         |   1 +
 .../ci/deployment-headers-values.yaml         |   5 +
 .../ci/deployment-metrics-values.yaml         |   3 +
 .../ci/deployment-nodeport-values.yaml        |   3 +
 .../ci/deployment-psp-values.yaml             |   2 +
 ...ent-tcp-udp-configMapNamespace-values.yaml |  13 +
 .../ci/deployment-tcp-udp-values.yaml         |   9 +
 .../ci/deployment-tcp-values.yaml             |   3 +
 .../ci/deployment-webhook-and-psp-values.yaml |   6 +
 .../ci/deployment-webhook-values.yaml         |   3 +
 basic-nginx-ingress/templates/NOTES.txt       |  71 +++
 basic-nginx-ingress/templates/_helpers.tpl    | 117 ++++
 .../templates/addheaders-configmap.yaml       |  14 +
 .../job-patch/clusterrole.yaml                |  30 +
 .../job-patch/clusterrolebinding.yaml         |  23 +
 .../job-patch/job-createSecret.yaml           |  55 ++
 .../job-patch/job-patchWebhook.yaml           |  57 ++
 .../admission-webhooks/job-patch/psp.yaml     |  39 ++
 .../admission-webhooks/job-patch/role.yaml    |  23 +
 .../job-patch/rolebinding.yaml                |  23 +
 .../job-patch/serviceaccount.yaml             |  15 +
 .../validating-webhook.yaml                   |  31 +
 .../templates/clusterrole.yaml                |  71 +++
 .../templates/clusterrolebinding.yaml         |  19 +
 .../templates/controller-configmap.yaml       |  22 +
 .../templates/controller-daemonset.yaml       | 236 ++++++++
 .../templates/controller-deployment.yaml      | 228 ++++++++
 .../templates/controller-hpa.yaml             |  34 ++
 .../templates/controller-metrics-service.yaml |  45 ++
 .../controller-poddisruptionbudget.yaml       |  19 +
 .../templates/controller-prometheusrules.yaml |  24 +
 .../templates/controller-psp.yaml             |  47 ++
 .../templates/controller-role.yaml            |  91 +++
 .../templates/controller-rolebinding.yaml     |  19 +
 .../templates/controller-service.yaml         |  89 +++
 .../templates/controller-serviceaccount.yaml  |  11 +
 .../templates/controller-servicemonitor.yaml  |  38 ++
 .../templates/controller-webhook-service.yaml |  42 ++
 .../templates/default-backend-deployment.yaml | 104 ++++
 .../default-backend-poddisruptionbudget.yaml  |  19 +
 .../templates/default-backend-psp.yaml        |  35 ++
 .../templates/default-backend-role.yaml       |  16 +
 .../default-backend-rolebinding.yaml          |  19 +
 .../templates/default-backend-service.yaml    |  43 ++
 .../default-backend-serviceaccount.yaml       |  11 +
 .../templates/proxyheaders-configmap.yaml     |  18 +
 .../templates/tcp-configmap.yaml              |  14 +
 .../templates/udp-configmap.yaml              |  14 +
 basic-nginx-ingress/values.yaml               | 540 ++++++++++++++++++
 index.yaml                                    |  26 +
 robots.txt                                    |   1 +
 70 files changed, 2888 insertions(+)
 create mode 100644 basic-nginx-ingress-1.26.2.tgz
 create mode 100755 basic-nginx-ingress/Chart.yaml
 create mode 100755 basic-nginx-ingress/OWNERS
 create mode 100755 basic-nginx-ingress/README.md
 create mode 100755 basic-nginx-ingress/ci/daemonset-customconfig-values.yaml
 create mode 100755 basic-nginx-ingress/ci/daemonset-customnodeport-values.yaml
 create mode 100755 basic-nginx-ingress/ci/daemonset-headers-values.yaml
 create mode 100755 basic-nginx-ingress/ci/daemonset-nodeport-values.yaml
 create mode 100755 basic-nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
 create mode 100755 basic-nginx-ingress/ci/daemonset-tcp-udp-values.yaml
 create mode 100755 basic-nginx-ingress/ci/daemonset-tcp-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deamonset-default-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deamonset-metrics-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deamonset-psp-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deamonset-webhook-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-autoscaling-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-customconfig-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-customnodeport-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-default-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-headers-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-metrics-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-nodeport-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-psp-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-tcp-udp-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-tcp-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-webhook-and-psp-values.yaml
 create mode 100755 basic-nginx-ingress/ci/deployment-webhook-values.yaml
 create mode 100755 basic-nginx-ingress/templates/NOTES.txt
 create mode 100755 basic-nginx-ingress/templates/_helpers.tpl
 create mode 100755 basic-nginx-ingress/templates/addheaders-configmap.yaml
 create mode 100755 basic-nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml
 create mode 100755 basic-nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
 create mode 100755 basic-nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml
 create mode 100755 basic-nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
 create mode 100755 basic-nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml
 create mode 100755 basic-nginx-ingress/templates/admission-webhooks/job-patch/role.yaml
 create mode 100755 basic-nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml
 create mode 100755 basic-nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml
 create mode 100755 basic-nginx-ingress/templates/admission-webhooks/validating-webhook.yaml
 create mode 100755 basic-nginx-ingress/templates/clusterrole.yaml
 create mode 100755 basic-nginx-ingress/templates/clusterrolebinding.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-configmap.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-daemonset.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-deployment.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-hpa.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-metrics-service.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-poddisruptionbudget.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-prometheusrules.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-psp.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-role.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-rolebinding.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-service.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-serviceaccount.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-servicemonitor.yaml
 create mode 100755 basic-nginx-ingress/templates/controller-webhook-service.yaml
 create mode 100755 basic-nginx-ingress/templates/default-backend-deployment.yaml
 create mode 100755 basic-nginx-ingress/templates/default-backend-poddisruptionbudget.yaml
 create mode 100755 basic-nginx-ingress/templates/default-backend-psp.yaml
 create mode 100755 basic-nginx-ingress/templates/default-backend-role.yaml
 create mode 100755 basic-nginx-ingress/templates/default-backend-rolebinding.yaml
 create mode 100755 basic-nginx-ingress/templates/default-backend-service.yaml
 create mode 100755 basic-nginx-ingress/templates/default-backend-serviceaccount.yaml
 create mode 100755 basic-nginx-ingress/templates/proxyheaders-configmap.yaml
 create mode 100755 basic-nginx-ingress/templates/tcp-configmap.yaml
 create mode 100755 basic-nginx-ingress/templates/udp-configmap.yaml
 create mode 100755 basic-nginx-ingress/values.yaml
 create mode 100644 index.yaml
 create mode 100644 robots.txt

diff --git a/basic-nginx-ingress-1.26.2.tgz b/basic-nginx-ingress-1.26.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a76e4b7af51b825bc34ff3e0531ca3a64b8052b3
GIT binary patch
literal 17552
zcmV)-K!?8{iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYMcN;gdD7ruMSK!h)$5zH{J|$(ix946(a$?=F9WF^uW-p(t
z2<!$)M9oG|15JrL&VN4(uYRDPe2B80##%G6nn0ldR22$^s=^dfY<Ijl_8vOen+J%}
z?)d@+%v!^x`yYELy<V?(G8&2h_If?@zx`hCRR3Fk?;rPigZ}`%{d8YmLdsz9AHALX
zG6(mC6zJohQ9v>A#$eTNLEn%5>{){otKV`EwFB%k@$Jk5f>yw#q!nNjj|IeaQ2^Ki
zG7wTk!8!3}c>WIhfDu3$2@qflq*~hI$1s2#qSacEB^rYTV?G^syK~GI;ncFpvU?X!
zQQ#qlXjc)YB-0kQIVQSA=(_|u);+$%OXOf^kzn5CfBF2cu1%Ip;?XW!gv)8y?%K!Q
z_Z-S^E}0XHuIAn2UeAB%q(54|H*ejc^*sq3I&O7<!l2cWgJ^N&qKSI`k5_%G-?Mt1
z-t*QHVvj-Wp+GeBARpfO0;AcPiyoloprF+OXbG`91~&m(k-+-V`h^hZ|C{rVeC#ct
z+A+9*0bI1?Upc(mq9hD#B)ZyU4p$oYK40WP>#51GDNj`L<o^n~A)@=+0LtZmzt=w*
znDT!xYUKYxN-V#}EdZe7yg|_6vJ3q2r}(hMluL?V&~!n_9p$wEKpvdB$QgqfbSV;_
zW)Qn!fF{Jn_IeC{fY=q^eaP&EY?Wxof)J^1cnRl7R{+2dT~`CSoV_P(5+I5^7F7t4
zPbg+2SdYQ)h%sa@gq-W#OB6dc3fLTZQ3D3&d~dUQR!@ENh=Z<?i)=;$HBiwtan3xC
zFtIby<PQNR0cPuS7gG9O$l`Wej*bLu489wUhT>0(f)%!-(ZF12=z*cYgYM;oj={%Y
z)mOfYeGgse*(kW2L>;7mxE9j>3VL&tY)h7yox34rvT3|15k?b%r$!S1w)Xk9q}%Y7
zp3Sg_*;+4r$OyHei@kZ_k}u)I74ltdLplcizWj#0#J855|6q>T`Q*a~hF$zWVm>A)
zu#w03%7f!xqS`yOB*D6@rqmx4nzq(7_^MDJ+Ind?U5i~<j9hfU_s22#t{445^^Djd
zWn_7Smc9#_TD=JJKhZi`jZ}B)s{;|&Fp%zrP{#YDng~+e8XW_!FTGJM;;D7e42CZI
z9@=-vbFLLpsqQ?g*+VVg4>+KlJp@5x;$2>hwZ77c*}LNk#%>Av3*cEW*EA{qJ|~gZ
zBI!zeeeJDMe_wi-<=6a~xZx7LBcaD~zUxnXa^53$PlCI6v<U$KU6<TX0=&X5nxog8
z0HIVoBY{yWACj`+-yvLEm?U(dPIgwhshuzJg9I0PXY>O_!59pOtw@$A#Te*W7Ghzn
zG(!OHu;+}y1@c|8UP{bdJVW-{c9EKL7q5_qD4hgks)nxQ=glHObU|Ea3}la-DKT^}
zkPFw>$R?h{8B0==j{;1b%vV86{odesB!yCF+lbNxWW|?wiAc!e<}Co0hy~a#mhvWS
zKOjrQ7AT}wp&QFR$H9Erp!*h1k(&~JS(sAUO){^Xdp9BDK6AnP_rLdxC2Lgo9q~AA
z?sJx+Z#ml;wFBs*OOK&o1>G?i_Gn88=(82XF7H6CITzW`iK(j>oj+3ikh5#%?wCGt
zQUme@iH2eWB_2Z$O#e`@t@;6ZSYIQSRz>`9>SDUMPEtZ1g+jLYX@!CSI~rbqpo2e4
zb_?WIdCtXV^o0cMJ#pm1accJC;RQ&a_vD;VoA||3VG>M=iSk%T!gwP#tVrO-A8F=m
zQj^Q$KK<<`;Od2~<+dW<1%fVHoG*}l#|JD~NlvPp=7<6wuH;}(fi*Vch<(&%9R1B~
zKfyqu6aQ5x3H<tdz0`1W@ZtZTZX*8Eisi}M#7J8b&#Xd{Tx*7cCHBPn{un?TP13Y`
z!ck<zMS&&(F=Kqh<#0pafec-<05UX}%3@ku8E17#lU8ySkc6s{PzY-8_IKY=Yi<X8
z!&mrBB|aUvbWTR*c7AevJRHS4db@8OxA(9w56c8aUBPgiE2X7CR%7d^!99vpmPeYN
zpyDDCT~DN*6wg%dL>+HDPk92=5RsKaFGp@|D{l&=L`qvw@*%4!s9I;XEyg1`F+luG
z63bah2wv#AIV>z#XA-*ZHL?SwRPn@8D_&}4_KRQ&ZT>mcU4T}YAO7E9%DL<<UShG;
zwX%pBXeN-<GF3~{r?z-BC0X+9e@q>OY4`n4H?OZP_P}=PqvHPOWH1~V_P>+k{;;wC
z9irUmdl|j@$s3&oq+p7W2e3yObY0|Ft=1oZbO4@d0}BOht-G~>^|Q1b#~>^vDJ(AR
zz@LA%end>%1wmg3ZZ5gNhpV?>y5`%nhrK!fnId45<q~o^ANBacBMiJiOP{UFdWv*D
ziz`t_N4!@q<@vq_-rU?wetZAZ#p~ZDKV99t`s0uKkT@KU334eagZa&iyKstZ=7LTq
z(!c@l=?b|BQe;Is75MW{Fh@+weF{1R{7#9-&oHmre^}H<wj~tIkG)?bbpC8}Xqrhu
zJGFetam+&3<ruVq1^)c=NMi3fdLY|QDb1PF>n$ghmd@(+qfcvpztb9FFYvycY=bq&
zCxbF(Xeo$*GRQ(|LC4`}Au$5=$Di$^7RSI|5YYY^Q_SS?qTBsOp)>v_O{;(r0EMyz
z)+7v4Ou52Ptbx_efk`t!uQ!8wZMEZNPf3&HNvD=Xxny7o*MPx01R$89d#*f(3{fy6
zfsi#xkl=E{@tYz5wSH~2{+oorh90<w%wC8la+;G;>G@9NcaI$eI`>;q*z<y!iZsVI
zcqGXik@MuIi{IX#y?eb4J^REdCg&w$(18qE9N3?2&~ZT<`u?kud5S0IrA?MT@sP&~
zWDc*&>je_GS0<j|PtG#{Y&0f5A)Ofs?qT47Z}iNF1JhV&_BjmLADmh}t7rAcyjlr^
zXtt2zq;=*2^Z=K>iz0^$;bpOecZh<JB0y$hQIpqr`~aTt>fq-akN=Z)SN$nsupil|
z6-;UO73+{aCMml_Y(?is?1*Ni<vV}&lh$!59QC<Cjmb1p%?RO#ARpP|R%`-R2z12d
z!5G}%-&?A^a+OF}Qlh`49grqJa1hhjMv*RxS>7knQ<lb}x~a2Vy5BMAim%VW%>q+E
z<-H8R6cEo{g8=<I!~t?RJKwy$=HI1AQfIPAaK-Bb0CN+gk&}@bUeVleocVDuHM|aU
zX{&V^p-|BIO8|j9Olr}iBn7Zh!0?O{E&|YVz#UqHWk?x-E)~P^1G2&naxx^jib+s{
z&QPG2!8Dgv;s(s6mdzLBzow9)lMz6kO&sJ1EdLQzxkKx0l{>WNHRO3bP3U5dl(LjV
z;tOe^=G6Uc-$g+L0Q_=x_5Skxk7IC~?fN!W(jDXnh_8n8|Cl5T42V&=WO4fd@%eQ)
zEhalMtns&27UDifoe+OdeKz_ll=AccZwuu5D4-VecW?!&IRBp>kB*J=|LLgT`2QTF
z{P9QkTd=~*F`$Tn8FmpDgRi(8hxP)E!M9y;LhF9pdi~&YF)uthx$>k{58*A`QuR8(
zK{M<XXl<Ri4h&reEa_@2bTKVnc};zR2R;E7gq{sfhT@-ic^%GX_yM##F)%JI_`fBV
z=fV&vv66Ulq?NxTfI@3>xY8TpE-#xZM<D9Pz4`(6*bKD)7w!Bn+D?x|{#$K#;FGXY
zbM3MHw>D`1*4}<pFq%1jL|B7=htS0{j2x~*iqTrFUyy_@>NDO4$DGS}8*+`2k|hHF
zjCMIWM>C9EhXNQN;Nm4_avNY=dwHSe>f-%1ugiCTuA&`PPFQ@3>BJTXy~_H>Xr*<X
z!V0w}jUSTqAK!?PjbGKLwgjHhF-t;89~&ZEQ(rem&?KQ0G}-Salv4EXniQ0<`+a7F
zlzTERn8X*@v)#}sAx7({@Tj;2UlNb9AhhMtn(O|N{;d2JI{F;mYJI=vle|KnI1Pw7
zxyP;xC|>&RS{&zi!~crZ+<$ccE8)P!KmUWz<}xx<B;>HZlL2$&p@3_FR;%@aa_!WH
zp4P<y^Z?Q1&M}4jgvpPeI5JppXlrl}JqD&E<iZm}aGNt{X^#vm>3MP6+F()Ba3+u~
z;_3dzL9^@laK_m=Uh!^*ZR9DvhzRmcEJtx?G)5sQI7}oqn+uSn)N~*FlK%R;I^TY7
z44n25*fSFwz_(>&ImH>}CKigCJD|Mu<g*e|R5kSUP3ilh?J!-<lDDa%B0p>W@kg}6
z8%>P?Rhh%m8<7FOt^U!j1*B@XF{e}0XZ~D*j<k;m4efq`JYhRjH`l(nxdxa@^MbNg
zY)E-ESEIC5+2SPVSPiuvF&9$v4l5XAum$YGg}p*73_NW}4u~IMAzmWuj@VV4$oVx#
zHY9$Go2Ax)qU8z&=Va+~G1UIYtG@O3PLC_u(1%m(Vulg5{u#$$SwCW?`%lRfVNIsp
zRliIH1MRGhv|PQanu{L;68d5$CZ_L2&V*$AGb|0FYF7HAZKp-DQ{7qFZ8nmWksWKz
z`KU=J{oZaflC%E1)5}vI@=Hp&{RcXZvNLw1N8l3ro5zJ!*nfH_r-uD!&_6vrY3x6T
zD8;tzI2MfW3WoV!8t<bx-&WFkuY7mqO_J}A%Pu|R%RK4q#t-PF4U`ooZlSLL$Dmz$
z38-C;11w{SlJ|Q`Yu7N<b>TR32PiAZyNMDU)7Q5h8C}$Yj?+=h)RI%hL6HB3OSfYB
zKLPAH$YWrT+@JSjAg|(o75=A#>uC3PGVO?%zOF6rp9A8ea+y%U|NYbB6NCScPfz;|
z{~w|#{)e8EPlQJJr=@QRYgHC>5;ZZTNHB%A1w*zVfeQ7r?!FV3Zn1ok6m~^il#(!#
z12<s72(?zu<#v04+@(bqU5<2n4Ez9fl*8Lg{_oJA2hc$;eL`9M1OG$)l7-T7kc$}V
zC@pIYrf5b2)RFP2{QQ84_fq^Nyq%GQoUdMTM%VeBNJUQE?ng@$pgE>2NK%A?9pyUE
zZC2354rJJyEAf=dEg|oWS16b!n#>W4{w-q}%)?(+`%DmU8hP;Xd8`RO|J6Vfe0*-6
zUoq0vBw7NIkIzGjjMl=IC9&>oMdyaEU*U$aANfDUo`b!4!8TAO|4(|R{&za;A2;&<
z5amme|KCdrYqo(ee;Xh!x<a$D^a&D@w1gNUN1>!Hu(=K%uRIN>zayKejYvBoB`skI
z2c+#tE9IzE<VX0KIJ)d0|M|b9EmS&j6&?aA<o{?i>>Kj`<fPYY<o_Yc)5-s-Afiat
z|Nmr~Biy%OKt+=~i1<d3*AnE~QCI8FDVyur<Wj9PwcbDq+IqR6>n~uxEqizd&iJ2T
zh9C<A1Ss}w1n$10pl|gDEdUsERlMifOr$#TFkK)=#*d}~FIXyjOWK=s57fl_y2os>
z3E`*XaP^!TbeS*$f!NaXov}m6hDmzbf~K~kt1W1&HhtBwwj~|HV_Mr_5zGkYxbK|c
z=KR5J0XwsHcAPdR;l{1fY-ow4i;RHZ5F63Rii6_8pMQ?GfxzHAxjqV;Ng@(|8>n$4
ze;POp<{3Zs%zW^Voz8+#Ru&mj7(o-W^UK|uTSeNOMOStP-$)D01fE1npxH$F>5G<S
zBaQIO(LIF`fx&?3)%wZ%K}P1QpR<?X+bg<~&^Hx~$(#l8ETl3Sq~u~+EEX^rHL@AR
z0w(m%=zHQ_5yDcL=TaFV2EAVIGttQpS$5R_#lO_*Zm<8JoM!a@eslkKkn$Dk|DxAg
z>VIR&`HLL@wlWqff@)3x%?aSqP5@eF>GD+_05(zm&54j|u}<w<TQAPnRbzl#sOAE*
z&N5`;!tqryGh<w7FZ#RLr%J4)HlKo6_w3}SGBU>_YEB2u=^!pU=>I;g=?hq){||b7
z^Zs`<XzqUxQx2&A*K)8(o)FR=x$2ydaj4$UsiC<Me)@AnarSS$+0LlEFP1Q6?nUJ!
zvxE;at>>|l-%IT2%#lIpqA_?EQg+2fy2uhKQ*c}a#7`bu<gM`8+qbQx_|F5PwhWQA
z@h$ekhh!~L<IG$0Uqjz_(GqzKx=Ej>U9exNr0N3MC{?TYOXTvpz=8O~56JJxW`cw|
zDhG)8r$g?&dl)!plgqDiS8Gb$vcvvg?f9!omH*dpklFu-$EVHye~9u~`+qf#zhA}v
zUhep-ax3S!_sR{c(v3H9L*MLUo0c8rf4SqYDpm6TICKAVd^%|I{~V-z_VT}R{QYXS
zf$bcB8;{?|EIY`5WhquU97?u;D*4|ZX72w-!%-vu4^f^@{zp>Y;KfGJf9Zn$bCh#U
z$uAqr|2XDSf2*_sRmuMo^Znn!@o?D0e;=f5;!aT@$jc&kjmw*#BjQm&&yxYWd&nYT
zXl1(z%MA5DT@HzOSoevCn6>wa;z?u)7&`H~l}cqDT_q%Au1#x<{2a$Lr#^e~;Z}a!
zPlRR5_0iN|K#CL2%R>C<wW?IT^Q+fqH?LElK1?o>pEBklSxXHSNlc60ptfC%JSJ&v
zoc42w!PU{=lXc6<s@j)40;V#?XLAa5<Iz3ZmRc_VYp3`qEfw;AaC~CM|MiCbCjRdr
zB}e}kM{<?qPCO8l_qd2ne55x7nLx9yZ6~=O6eajLsDAte@_cKPc$9^UMxT)9_yl__
z{vuuwivIG6L+hB-T})$}`hDc`T6{Q6(LiwpFD*bf9B|Z{rfMYeV~F+zZ%$<pXct{3
zq#VXJ#W9-i+*^u`Z$0F*K~>itsr6E+Ow!9&&~;{e?|^n@Z*PNV+6{a3w<1*2yKh}w
zOOY#{7qmiNKINvu#bOuILk+$wAB)PvERkVGrv-d!fp3)B`+u#Qp8QgE{u}grX8ymE
z=KOb<^4aYFdG|bDzZ&oaxls0YACi|$*-Ae2RrfyRGZc$|nNlJD<JSisFaK-*WMs<!
zLGPrA|2#-h@}C5GQeLh(ctHa3zr1G;(vO3cypfjs>PDR8^r%TPyV*`sXkm(y%hpTm
z3qT?<ZLzTK?v(E~`||Lv<RnoS^*a=?#~6SFUOa?ih7om2a{H=kg?W7sc!5@1{yPvY
ziAPJ)d=-{*`9By9Gx@&;{a$nbe~=Qh;|uifJX+;K7_=|M>R%()J}R&HJz<OXktX7A
zLW<rH$|fXWVEihtSxi^Sy3va~3-yIoHjitXr;!xr7rZ_pB&XbPqOmp`PQ49B$M4W6
zJd^h)Ua5MUidWw_TD=120Ie`zzBiaM60G0iC1$DM<h%;9skF>ovj8$QUsvQ}PgjoR
z_DI57V($t;XRQ(y6op3{)#_v|DBfvmWfq8mh-f45%^h051mCPUv;uxAf-9VGczf{Y
zpJIRt$|vyekg&3__eaTLuz5Cu$|M7o^DSw)a&wPs#(~L37m4XerZ#XqS{`5@RY=cn
z0^=xBU#8?tETH*I9?54~SA<rVOxH#^7Yf!e4@f(k6Qgv|uG4YfB>~}8i)uou6?R^h
z^P!$YLn(PD?!r~Zh=QrCpBf^W0-|lgPv(Fq?J1S=Aql2<v0OYu_S$xhaYdgiRw!;B
zElhuq29;SIP>_V8n_7)d+>24K(=p!K(vLm9`s0t1_rzj9nr#j%g^%f35}<gmNP^Ch
zAgRW&hQQmIGm|h4zsS6_)U*C>^*U3;pw(}e(oycg-*_%Dm0>?U!^Sh3HS_=FJt=9`
zpawPO-Nu_U3ZWTc;&rf7kiSFMxV(5mG$V@V61M<RRYwTrCqy-}M;2yqDPy8yW!4yu
zWTs5-654@qD40?`Wz6>TP-M2RnTGC&sbL>sw!a~Yp_7YZ=sXsRp|dH9g^mq5c#9kC
zbPl2Djp;1nbv+~MU@L@i4nV%M2kbp@(51&v;6eA&KgzAikIC=lh4)d;&?KOaM;z3_
z3RDOC9q2fGo(p6`UiX_5a$V<B6X&c;@~irJuSme^!R**5V0eaY$k3~9NQ16RZ0L3q
zpQ-qx4y-%0E`)K1)^#SX_K^-fumGL~b83!LO}}cKGYRpL?^S%_%K=g(CFAzlCV4~J
zWb^2sSiOz5jlv92yx2w#kaTeZ;%C3=JR#`<9Vf5q``0(WeSi7>;<xM9S3h5#zfM(2
zB$_H!-*q)}LW>iplz}U1RbyR{w=#8Rd8V2Cbn)B!vv;qJ84#57LqL|<sS)o@t2^-A
z-zLI6R$E4d&@AoxdUAID$o&hUT}zG$-h1t>s?7#*&CSj)E?yxIQ92386r~5TV9fs!
zF>_?f-*|zb%NGA*{zw8=L^i3eawR7K)LtOI8gFiHCaIsWhZ%<M1#)4Pp)B1`PD8U>
z9|c$((Cb4@H8J5ayhJ2q8v#tWF(HcJFG_C~0ip}yI`v?htxTxO-+e=<W~($*zN{$`
zxY1q{**hk=`)XwP$lDeY){=>)!u&l)T>LR&6L$=5&L_ridRt50Cu9KV+XB%G=eLLC
zU4uaHQ~dsa0Tvr?WO-I$!~$%W=r?lCRJF<pE9oJhVT)$+@f0>WAf*XyGoX4}+!jMC
zC-dBMmKPZ?6-o2cQM;P1bLoG-RGr_)W;9zqBe}=A?2LrY9%kgj#naD7fS`j9wArTn
zdc@t<=xATtt%?8c`>g?SKO3$AbYDBJ0XA>T)n}Um*DK+Ja-*yrR+QvVT!R#;k3WmN
zfbU4?v0UGoLLqG&l~xHj<C>l?W%y=f#FB%asJJ&~OM83dcVZB^6e!Z%qpNfzibhR7
z>pyw!TIKPrh4{7`S0{7S2gzZzi%$2ZB-{q)>|)nCU8GthP8oTL=0Q5>p%i#j&pf(R
zjNm-F9IJ<aqJHXXwf>x4dYGkqjm718;;OD17XwleJ`#Mw=2j#y5><4&;<0R)A-e)V
z_9D|5KrteWxH_OW#v}2u0*z$z9k7728DGG})~>%)y|J$wR(8H|Ui4DucmNm*me><R
z|1p3znxwbXlip{wJybxXiR~jwO}p1!qf>JehybM3Ft6lghfOvv%+NA(S$u~I{WXeU
z|1($B75j#a;AczU-Q)IEv31Fy(Db<ExBBV-%by>w+{QNA!OF#dlX+&7Qs4hK_M6<)
z0l3Qlw|{Epe;G9K{|72{{ePp?ukQf7iwka4qw&H0tbK45`4mKn!jKVaLl=AV^tKcr
z-^Dg8IqHkw&$+4sOpSU6uV32u`!@c*sWCo|zpvRx<M7)!{5B51jl*x_@Y^{2HV(gg
zaQNNK-7;m=c_R1V&jsUsI}>j<E@u0ikL~d8$D0i*bao$9<FH)EVL5MXjmL81u^b`Z
zcr44(cq}&_%Z<l!<FVX$EPw7E%Z<Bm<1SoHR2#Vqe{tTtjk9gzY}+{7HqN$5tQ%+B
z#@V)Uwr!kkAK%$FpGHa>eQsMy<DjcVOXHy1IOsNIgHqf7cj3crp8%`K|2`NTXWsuh
zIc?s5KS+5*|KAdsnC};wdQ>v5(p?RbZ-%@f0sbGZ47wBIoT+LkXdHz%bQI>Zb_0Vs
zV$of~Rvz2DVa974?DR;Y_OUH@5>8T4qPl7iA2w<qS6A(&6;!H8_n0lJATTkN=aUZ~
z7<SdWEfW;j$m5HxC#nP3+DBt>rA~3J^x-f48s!++ei(g`9h|LD0Ou&ti5wot?z8o=
zeutJMSnm_@rGU6S?v1)|pi+DPR}7&YW;W3UD)#^3V02>a|HHv>*zEs@C>z~0l|A2|
z*ng{GY9fMW=z$T=u+dFkCGc7?4f)b1Rw?Qa&aD?eP|z$LbYfUY8l5KPJg09vrEXIm
zlVnaeSz@N%Q@fmK5-8j|&DM6JW%Tc8SBssjYaO>u;OIelrcD$9Cq7gd+sZ%{Qq~5f
zO`!8VbfIU*vzGo=NH>+B+PkB4Ep(DAE;wiwx#X`KPGeywCES{DPsqQWFT0pD5m5h4
z`zlE7O5VN3pwp3nn@Wt$_`ia+rRrFdAb4ey44!(I{CZ1m{m&<kgJ}@@d_$dv&b<Ch
zP!;-Le|T)Z|2G=+PaFO35G7&%DR|~P&sg(f&T@UVi;m=6JhCIuKRPOGnhN=i>YG}p
zFG9?WS7ax|xrj*fdqJ9wHR!Vr8`qaX8%)&_duJ<%T~2@{5!X?j#(Yq#)R+GOSt7PT
zAq_$o(LJ93`=>oq{tt)E`>%&7e`MePF0lcWxr;{haTU6#$ZD`89%dxq`-4paL^!Br
zH?k#6Qb1Bdd?#yi^)bRg--vWFUbEg7Os+xUYu%N$n04qlnD61xt(kkFE*vw1M`|hb
z9$02GFX%{!LJ4vnkkD6es@Dwn|0bGA4rVM6&|?LkfS1Pkam?cN<v-ox<!@Q4?tlBI
zr{?|dX=DFAOfh&gk@iAnbI^jkET2=hQ9)X#iCJ+o37-+`2Nj{a%S0_`L>L=#&NC5w
zxj}cnj(2m$U<O@^T4mvL!mky8XW)!i0eq8HE?>e5L#<ZA1x)t&JaT(_F1|eLfahrG
zv-JfI;xB$cen&P#&U4*NdLYF$9CGj7!@xP4T=I|G_+j!7my`2&pdx+u<wg7<4m_0o
zf-Cgz5C;gb1&ZSk03*Dn5a%RhARvUr6DcM^O5HJd{w}2KibH)*yemS)fN1FZE?Odw
zLHEZ<uxFdd!3WBeC{H!dzz-ytVh8YD$eRnqME_!kuv*&VYl*!v=toziOZYGbC&$Ob
z;}!rjDtbL^r`kE1Pr?t_MRZLWTE<gP(Oc|=4=JPsLTBDuFZd*B>`Xxy-O1jYW7+3Z
zYVZF6aW}g3O_Zwp-{H{Q|NFhuezX4{q8R&sFom{d2Z-;7<}>QzHyE-736%SWb@v^$
zFfq(=SHw8FePP@5=9-Aq--YTAeVp7d_@}nMBZ&e$^e@rzP+kSCP%usWI!A1CkWm^F
z8h!GK6aOJM?f7rxIX=N2E5Shi+r>2gL*x_L966nAWuv}iGRAscqX&jOPOb3(+n!V~
zus2ua+6K?S-FFo9t^Vk5MX0Kk-VoPABiE%2vM?9NXxeroAYDUbhly*|NNH7&$SyCN
zRLS)2X&6QiQo?NxwUk>Tp!*vITA_NK`GWB39_Hk{CvlN*K0dEL*NFyF?mhq2z*|G%
z5=S)@7d9ACRacGzMCIf2kRk()BsBm&))v6OCRNJl-<?LktS%ere^c!7)5WH0V3qy9
z-#7KY!KmNZ{|{0gN&ov^Qp#UU4J0m7zVup9mdsj9yUh!IdGp?AIQ<>jOzE8|UrZGU
zDaKd{wlsLsxcJCRUE0XoFS*o~|6BNd>rx^APy3ns-~RDQ^Zvs@N=Z`5Y^vU!{l6c@
z@B69zy*KppZv4A<^inGK>)y_v`%(P3_u#+1C%^4I_-pU#r~Rn@+1vYNm*zU}Tc@2~
z8(7I3I_sa|6e;Ov{fL?RXMWCFbNOxpIGbTxo}!P^#E|-}av5@46|BZ14^F1pI$t3B
z?mcmYPr4df&M!q*fF;1nJn8xOZzy8AF6Dc}i{dEelyiAow<?ZhPS<~%Ag}h(QMG?d
zdhdM0m><VcN;$Y-OecIU^Z(a?#L%rp0#JVXw`3?lImEc830EgJ;pCH^;}=}^z7TiA
zWuQIXKma~EN@O4LYLY`5L>f0EO--$=HQ5EBc`H&UBqO^d^s&~2KH8$tJ**0?w=5fF
zO039`=;!AbteW+FXgZm6tpTU9IjWX?YkAn9eH!W1r0)jG%%7B*{|y!+kp;3M`(x!|
z#7Q2D79)nX(PE@BRc^5uy#1aQBMYkjVtgqPT1{lu*IPEV|3GOb+{g@6VgKnJ4~C}y
ze}CA-e;uU6@n4$p)Arz^%K+2-qfO3Vx52;AR{q7>z&GW86~M7i{vVu-%=^FLpx5|+
zAEfLp{zuWrJ4GMc#s6HVfE+UZ$3TDE_@8nxP5e*!bZs5~Qw671{7>ZEqy3kCBclQk
z$%`2ZR?yv$5U3qMUp_Upf^O#UQXkNQcqE8tM?y(_j3NMXj~?6cKsx(z=JRGbG>V}o
z7OA7{_VGJSIo$#ss+{ATmU~lOdj8r+(DTOc6jwg3{n*E>+WWswP5TJ>zxpSm%>F-U
z@_!zrY?-)t=bPXx^hdcH-k_Vk+!lYWoB0mOx#FDDb*^!X7i_bO-C{U<z3MIQW{1n)
zdO)|h4lV|~!v*mMKx<wZ*MqpXOXMxO+brFexGd?UU$Bz8<!Cg_v5?0#zZ45`@f0>T
z<IlU4>wo5J_lZ2vd(;2=z0oko{@cX=9i$jiSS|SXa=nW*zS_CLGkL*3x3pZwcn_~P
z83=qX>A8Zu-023csf=x^)e7^~e}gF_!TK#;;<QgeUIn$iD8$tW6J(OHTo`Eh#5v3A
z@|j};sPzV7P1v>03OSd-nTL+t)GBVVj$2W7E$dyanJ=@`71qu^0F^U0n)Gwf5RXAm
zLf5^P!K^V9^Oro$FVi{?onk%J994jcc%$2el%}UI^Hb>p<pFAEUpK2<k?ZuM;c?5%
zYvOfQ%!F1kSDGT@$KCYm)=r9K8KI;3bR5A|YhF6F>Me5Q6N<Um;Y?dqo56XCT@tjF
z=c$<s!;dN(pkOfH@WEnpU;c6*$S-}=KL1(y{N>DlTE0S`Nj`2KHxiG-SF*$B`rdhl
zYxnwitpR<HFP)b{-u4OGQlLA$Vp|G#r-y7yA(y{={^(C6AC$EA`8IMn=sgkF{@zF~
z2fR=6s_|BGnjSLGDQ5iFb+HQ{W3NR<MX#BcK8%|gUBTnHpmJ;2?wQvzAp3vk)ab1=
za<_c6+q@-P0%FtmWDQW8y(wGNxW;@}yaapF`^%XrH?#k3_Xt46{cnFTFynuZd!xqw
zcaWkOGntgX%*>+`^P3jIFE%fKV*uPZKY#I*73SzSnlyR(Kbx|l{NE}Gbd~%cjm-O>
z{_*jsk^hG%IsU)JX~QaRiOd**&mc*(rra+t8X=V|Iycp`&dZxl7Mw^6T%3UyL>YXe
ztis~@Mx;`9E&}44$*DWw?CslZ{$&G*N}-&eELi6XF3YdH1NMom);j&)JLrqQbT(`8
zN0i9A73aeg|4ihs{&M3vHZ7aU|Lu|hSIPhWX-58^_M7;RgOnWkpUeTb_dTIWB3!jo
z<t7uB^6yK{&#A}u>t9E%eko;h`M-G*&`SHyNyh(cFlzFD9;AHE^8c@xL^R$84w+0e
z>UCd9MK`&rXmX4`VcAUnZ<hqLLjDhXJyZS<M!m-VbC9x?|8M<>uY5VMhZwKAfWP>t
zt}o((A}6M+V1a5xaTT=OJ#MQ2@TQSkHNe!3%_;!3X*5<{FlF&qHDK%(akXg&o5xtS
zVy~65+b7+#`tKy=jZ&3LPWAH`fmvmozHx9?!I+zHtfr*OR{GzDNx&-fzurm4|6_Q1
z(%63wQgY7!1v+4bXfg7IHR-}OI0ZkUFfQkRKOhh51%eI=XeWA7Yv1qx4316yAB_6P
z4gVjaWb^+e!n(!sUnBNLQb1l6MI43vejZ)Ker}#$Pns^nFu&O$Wn|eA^W9NX+Nw&S
zVy;eAvMjTHq+kzJQxWr1oD5Dc^^1bk9R~cPN`w{#h&;wS_f5$!<?^4|{`O)&D%JYm
zz<mFIblSZCbC6<)7nSC`5#?Kpa%TIH<Oa-l!3#qGGTT1_R<Y1K?E07Uf9O0J|2O&H
z4pI#MSDE!2{@<GaL#KlOL+5kn|DS$&|N82Be|=Q(f4^_!f9#KXjsM?a3iSPetVF7Y
z4me+6G&^(A1N0mev^s#n1q|S#6`&PH_f@r?dMr)ZyyWr!)$6m1cdxCbv!_1F`Tt}v
zI3Ae%KO8mopM#WVAhq_b*2mP}zrGO33&-8=9J56@73tdV!YK+o#1%wUO%l)%z!X3a
zT*{9i-j)GdKn6mJXsks5MgV0bK!7cf#6r34hcc|#YPD_%Z}bvC#}Tz|<E|}Cx{;dT
zLQ2OH#%;ovfOoMbVGv;yxx!kl*0X2e=Iwu8T>WROb$fej6OR%XwY~uh<SqgBD1)vG
zD1%cMb<=ZndwVOIU-IEOq0PH$wQd%eN|gpo31O54&==E@Y7F9ZX@GbDf{*`<h9oC@
z-0h}Dc?8sLHwY>A=3*W`zCrFXUK@_GMHffFhxQ$uBd~-XoTEUFauOgB*+DTwv?Uz7
z;yyv&I{BL#jTo}-;+&5}tbm>i{#A}oT-WnImF^^zByhW2chra5aoMDHI--7Dy=0ni
zc&B8!gr1|Ojv5onmwADbL(=nw<uA$#Zx9#YkUyrr{rcir>hB{!kyu>dV#=rh=EDFk
z5kmo$G;Ko<Oi=_IIlu`6K8I?snv(wkzWw$F``>;$25&KCfX{;(Jyi>PD<+9|CCTf9
zhl`dZ)IW6{<RT_nC^`QLGRs{G)huq2o$UZE$qG@Rmp(bcS`DWFQc7$L8FFH(kVGO^
z%oPn1v?6KpJUP#@-x+aTaxcaz;zHv&j~0c0PAmYK#iAo3hq!aLKsbn2e<ii=R%@aG
zfKT88Q9HmQK3V)Fs<t|v4)_G3|8LzI=ZjnLNm9H*AR*_XnE{_bqS<W<hMA9w!%M+X
zc{F6oDUe89^$FbmJA`X4`(hcPhu(={q&cZmjtGPE3Je&W^R9c=;Kb_Zfrv9*RY2ku
zRj@dRcsYAd*d#y{c`SF1bhH@<E0R53UgXTW9}t`G13(<HIPD|Pi6nyvL<0_{EWp!H
ztaV6{!#NZ?sYOg+YJu<95$%YL%Ry5NJwQCf4{x`_VH)97_7m|wBFC8%wn%p(ghhr}
zbeEjgktZ;okw7?^@LxSCeyHg1yIxg?bhjR9rpwVNJIEOp)FSumkI`<vk)qI@x@6j2
zLN2Ad4zX!Bq$udjL+t2HASH;qu?=eJ90BC901FQxk9a7B;DS*09<h58+;J=~6A~i1
z^LBv)(UN!+F+dk2bR7_co+cO$<T(YNgcJKGTi}8SA2;5N@$LS8fxIN2=Q)Gja;=EB
z;4(=lF!G*9d>4cWg_sKvxW}%`cM~X9P|SggZ6;PotSKh~@JU5}Ci_j_G%E`Suc}FS
z)Efci#i6s#{3q}ba*zXv=dJ;sf!l(c|5vg@4(_(yPE&;A(U|csXVF#`ufr=Agy{Aq
z7t9`)B?R0m2f!b2K-n*tE#Ao5w-&fY2z>O3^PB?5qe@c5w3Sx>1m)PovysneSB;8x
z)Vg7B-gP|M@k!*j(tRfW=*Z9VEoMHq4q_0C#FQ!2(j(<!I1ulyif3H-;`)_?rid}|
zTV88jNi4e$sod>mE{y7TJmR1ZRxLW%??A`le00m_F>QweLII^nZJLxp7K%NRZ{S)1
zCepp1x8{{JWN<kF3bJm&d#0Q#Jgt7b|MBwuzjBm&D>Y5RF%A>&@`6u}{)@|PCX{(G
z;Ryso-+>JAsn70K9ar2Crq>}#!^h!6Zw=ztegN`TI3S+j@f8d(r(ZEx&VNcB^ob)@
z`j0<z;GRdRD>?LQ>>wK^#HN5H4kIM92N6e+?^`Ze-d>zd#^d)tCaUC$NS9Z39q4zw
zd2$0U_<qEN1$ux>-$jLk_*q0kzayc?#4yg{30ft7${EBGVlS~tly{I1I}fZ+oI+Ta
z9%kuTkN<iJ?ibiz02m-4pQmW1&x_Falgq+u@Pj<pLqCDrkG~q)gd{DITh-LwBE``a
z97sSwLZMLyB%Cj#oKKA96S$S<%v1-|Ccb`M+TlI8BDJxgbN*ANvlKujUSHfp#z)J!
zPwzSOD5sz3S3MRPC&LJk5IBqJo}|nMFF5O&M>f&yD7z+S!Q5QjTqObq^KdDS0XeIC
zhdnV9`qT$$A`$pYa3MC}Ys3Hv!1shLIE=VL8Ws#0p*G|vq2wg<?L7$5OCX)jD0o8x
z{68E$7fgr)&Qvoo%h^pc33Z9RE0yzFK~DS%RG%*;HOw$_9Vuy-*u%?ksq<w6TV+YQ
z9TX2>2_LrV3O?j_)$bSgC0&=#Cm%jA?5dEl2?}iFF*q0Gb0cbi^T`Jg#&v)nRTAQp
zPof~D<6gU}w|8hsf^}7gOHpgPJ|pGL3Mt~s16P67TxLlSQ*awm+pU^dvFFOUmK(PO
z!8zyVeA4}{C)73m&(Ua@uX065=;kz1`wct_@a2dJ6+j(VG3B2;;&nvAikAShct6*j
zh#C2=ct+C5&_iG|8VwC}61f3|h$0R@L}I<^$X^k7p)!upq;cUNulm->QJxgnnf^4$
zF5g$wM}8it0A~uQ(qw?Vj|I60ORiy1mC{oPSj?h*NCWWZLS+|Q&xvtN6M_Xg>oT~q
zG1taLA5$bUyRLOVcR02IdFX+?)HbGAcQQIn=An!hK;G1<!vsHdP&}8aQqJV0Gv7;9
zD-NxaNJ5979vCT9siKtcVn>wSrxhrUNW7oud*uRHMly1tp{Y*-2zp>Z=QAi()bijb
z)7;5}6U6~?fEO;ODB$~d8ip8fKeN_RUNa6u?+!5x7^OWkq48zONtl<@OJu}0Y%P3X
z`Ztlw2T?}B|CXvq{`#0X=S_&2ob+7#!EPFgi)YAQ+is>caX|DN5YGbTA(0chXObJA
zn*?Chq70a8l3jfeemHe8U0myve5`I@t!@|;CH4|&6F|``q98yv31TZ0&Yr*mG~+A^
z*n&``>m@LgYGE02K4goZRwxLtBW9nde`|G9pZ--deGZoTZ_a6+<__AyR2l+25}~I}
z6;ktZ)aesbfT)jb3|)84PkXb_%^FFfZCT72N$$?lNK&;~(d2IRNxpcRH;gDuQ0k%T
zteaG2)lGpO)#W6Y!gGTcIm{Oq$PbXsXW$6j5J0rjf1Buf7LcV$GUcnBYeo8$*Iw61
z9N-bHVW&#j$r39OD**ekRAu&Xb7(gK-@xsZ4JofaTl+|^`g`Iasj-j%+`dhO4@!HB
z95ElvTVg|3SW1+l_fZMQ%L(uU#6hcjpA!2L3mFM8bYlZkS3>DvzxyouXJ<yDH_~b6
z9<xP<qs%v6J|98>X)D?(U^<zT{d|G!yLgPdO-P2FDyBa{33Bq%Gy0KJvAkP!fJC=r
zb9}YM8G)E;l#2b}6N(No!xo>ZsSCZkmjHqQdJb7iyp-W5F;OzMJR)MD2}#RAkwi?#
z(u#G7O=euz5HR?^cug=>Rly596WQ)aAY??%9+H8u(waaSm+6-iaDI7lMP*h%&X6KA
ze4TC!8Bwst8+CBOGdX47^|W1liU9EupB>KI3ArUiMFmKjgvk$5+XIb*aN}dvwLXr-
zKgw&5CG;aZlrmU8j|P@=mr~RT-Le;XX3XB7=zjd{F!UsdyB}X2t%~sUb1+N-pb>;Z
z6r}w4BtnM`?N&o#L~ZXJP)e@kLi7}S6&`~#q6=ZZn^a4%io>YxxZc_q@n0JKyo2*o
z<FBZydH~E$vq#hc=Qikx3$!&?KT&`@8#!RQ2K<O{ht^VCxm6Gf_3OB=(Al*w1tHT{
z<x?}a;?CZM(Lq_a06uTRXI!?DR^fiH1iWt^{@;*$KxPaHneL-tMgpnDN!S(O(r<xq
zc)xHJEN;&$P(VV?q{k(I%(p){sCVjEX>-Nc4jEn{{k#aG(fx|*hbZ?HiXFtyv#KIj
z%;Ajdz6-d*-dsE)!u9x1pkIQH`Cdp7I;vhJHnP_=CIUm`NMwd(Yo;`$=*nB2v!k1D
zgC4|wFE73U@x)MjgX58LxUPDHCPQ^mlUig~_7u%FbXWQaO$Fig%OE{D<yAaYb70al
z*R6{7Osc3ud`rXvY*XX-eXFjC)gfjQkR@UZ6jGq-7n~wBw3-H%9JnP`5)*jpsI8CH
zMJjRvZsx3Q0^ae=oimggQ)L{yOQt6G0G_9Bn_c8usJ58+$2*vm^>ly(irIZ4T~EcD
zXx;bkfA0^=VVX*C3DA@>91~<2_;<v^j08z`zE0XFq_HIie4T1$G9~d*0Oh+<HAq<Z
z9Xm(FmiWZAt~SaiTv>&ohY}MTeOPudwaH3I(CIpfUp1|2oEF3*L5xn~Phc+yp~_)Y
zwth}ElEecxab59%Fjd~B@-9(Uur`~Sf=l#!Vc$}9mum2lSv@|#D#NEZv@Q^!aGAJM
z2T*w_YqRfW7$vW6K4!k=`jOZqKtv?$Q0vjr^dg<@Ry}JtvU=SMVv8$#=~oARY%QH<
zvA2Qh;z&@X_Gt$9oIK)6@^&_WzTgFE{g!`<t3l*0vt9<m$*k5aNKnE{Y6acMa=U_@
z{MbE0UXtoWZN7DX0=L6n!92&aauvF$Hb17DWp>G$3~6+}Jwux4?81=-Ql-3L_WMZ8
zV4x(@pbG{N|B8t|t`}Jl<4;`?x6Ha}_fhDgfMIX`n*h~4Qp#Z53}6rZ_u0F*e2JHk
zy#&&#DSgJHldN>RvU0Dcoh7DRF#Uq2;-)J}WapBcwC7w@7u@U0;AiM!N8Ti>k8*h>
z9?AP7y7m}+D3WzqJd`>d8`yu4AG8;?7+eM;4xU%6g09uzGZR9>gk>7BvQP>%)H6dv
z&7fJPCl&XyqefYZMXe>-N@p(ZHlsxscWS7%*@fF!vn}rH@pRLAeVSV8+x=^)#fTXC
zYVkxDnre$-YrXYG>8-`YQAcgfVQa|jMXslvkV+vHH-7;V)=i&K7J2ze>A?t?BTqW{
zKyZF0>e*Zf&oJjR(-+v!*;Sb<j?NG3m$Db(*(k12)n*gPswnX2{LIR~L?{|zUL?*{
z9ByM^spppKBXha6fZxefFvahPF=Q{q{Z>a+?C=rKk+%shDi{ac!1*TKuliQcs+6<I
zj?y7Jmzn6CI=vQ$?-cc&>v1wsAC(Jkot~@Zf$A^g#$;|P$)0{E(?VaSq8?0FtM|k~
zQF>U>gZ811nN)6&f}r()%<g1Hup5<g!iwIrN_gq0Fk0n4C7sY@Go@}t87p!otO));
z(K-$O4y}`2#Njk$(4pg~EMOU6W0`;3hd7`~z#kRrDk)g*jj=lK#F4)$oTzT}Q1=;h
z9Gze7NcpcRD=tOiu?eo-`oyCs@*Hz<k&9e9-`Qt2QkhGRB33zG;V7nut73#`&UhE`
zI4@pLu3n#?-Mqed2|iE+N~eWy4G0R8Y6hnCV7z90r<e=M6I(Kk0%yn!ToK{^_(3{5
zQdKvXX_8zLoo8;M7}02Y5{Hu_S14xtCGeQ-$G!-gfDN58u%WXF*!*xU6)G9|e(9*M
zRA{Q&B6Ctso8b|qV2u30S%`TXY!+f!yzAX})SBCYIP1xVIvFusIwzx|F4aC-)t8EF
z?OVr1fYSS96}<BJ*8Iu&jAC3pG9`|1+zSM|o*W+!bEdc`NThgnvXLTrAa{uBN`s4b
zaiOjoUFkFHo5<5b-QC2eRinkeZ=#32iY~Uh6)Xk0>5X(Lu&22jEJf)lt_L$OrSJRh
zIJ>AjUms_ec9$FEN@$-2r9Aab@<|4xJqE}akoOTJW2yz)MU!O2?zRynSwOo*m1L-+
zD)PhJ*OK8MB~RN|g@ELOt%w83;GT#D$$?iVAjF*Byd$~^x-2v#yIea2?wB1HAYIeP
z!GvbokE@;@O2rXmw4IV*f;z7uZElJ#8ICqYS3g#ix4iXiz_p$o+S%&6;k!Zm^hPLo
zL?`JrP&9jmw%0l@Xc*2v3J}b6qTgZxKY4M;4W5BD2}MMq3NF;|{p!OBBO;<capbp(
z&xHnp`j{vV)`_EH0cy&QDg5(wREmsCPy>x(d0ql20b&~2kDWx?Go5NRvOVo-)VHl$
zaUhz6u6r#WgimD&ke^~vny}^g0bcQS3DBIMz1Do49OQAmkH*}ecu_TfS^u{%^j>{`
zb{?mwODsp>>#JqZCd7%QtZbGBu0_N~<Y%s}R*e!T)fn%Zbd%$HehAW$3m>4B@F;nM
zDI>x9E#Dg>B%@86xDHsz8ZvT^6MztAT(SU;Jtrsuw9ikF%7Oakd=ibxFbT>Gbn*kH
z0P%kbq#*?`ji%U}l$-R2i$aK-0c_nY5KZM%Q~m}%q!c+|g&}x@+~so$ZaW={*exJJ
zA=xlpVotih|0ADn<3K^N`{OGa*LQo{YMr@aAL3fMyXH$RFYB?3q^E?4Ih<kTIFz`y
zH&XWL5e8(1xu$u);2?}Ndm@9J1%4obzVd&$X^P04F?VJ<1>G7hT{SE%x%jy6I5|0J
z8qNWxG(_rNOGA`CD%j(cuTpuqWd0VdklTWkE3I~br^o>x7brkGrsHA(38yYU9T6r{
zRyfZDW=C60gt5qx?Z{fa8i;8~q(=O25{fm_$x8Ij`Y|zezrINPaU?TbX7%M(>pfv8
zcE`<AsUv|dE;U6Ktf}Y|d&m*dzQT_;J{<_*A|#J+^cBhAUbf`3DGb~TZ<r;#6Mx~Q
zPbkG)&u4@)qa8{K%1=)!Q_y@Nml`}f?GH|K*No3_S5PGFO0wwkx-xIok_4Q3XGACZ
zjBZiiNmi1X72hYFZ&Kl}!mCA?z_Ol?)*gs{V@B5mz)t`Pl#G*No@1}d!Bx}$*#d@0
zQM!XByhPtWsSD|sqJo$*>4<GONQx~<8eS_fG5td2>ZRvW{Pll+Q%SOXI7eOnZ#iBR
zv|1CsagmUMl}yyH(qTq9Xcv$xL8;gs-roB5Hk}9+OkHB%=}b!^Na-GsDPMGkfD=X+
zVR3#=naNE!O?d^RHEw;&fBx9B`X^R@duenox^jsSLB0M-|42sPuNVa{RybfGbVV`}
zz+@z=N-K5*97q>a0s{x!L#mRQIuTZbq1D?LR)b+rVU<`d0GYHc_rL3X*VFR~LFnNJ
zK#6^a7`R7Mxtdb;#D)RLfJ<!X@_|_`kP?fxb{M#z)8T+R3Q(6VeZ`9sg^q-4@!x?;
zDjY$SH5F;y>MMf6Op#p4k;f*i(Bk|;f{0hBhkYM0c`W^y$;K*YYM+xWHL#9iL*aAE
zm>+S*vuEJ7I=5cDzt(J;rutUv%y9tpz{f<@3LHDwv%{%ysnzG=j^oiIBjL2Tj!7I&
zwS<y+c*W+Q<P#A8E}qaxKZMOovNH?1{sLO*C~Cf_@|lVRvf5kGCQB>ISbg@(HF$dp
zUcdcbDi_z+Z^2ER2B+0h7P<^MKnm!B+<W@E#aL$dRJt?lpmvDNUtM@lyY8tD1n;<~
za+j|+cZuj-J$HiklaB*S{NgV;^R4%bDPrbK!+Y9s33NKza?qjF6>dIb00VCf@97xY
z%kjVd)%n-I`2UUnrOP<s{?yeUJ30R+%Qm>^i_!QE<2D~>d)slzXO<-px)qc-p=<{`
zF6yYeg)w+OJn8kGr|43o-8&w3meBV(8{Z^7(2JNV_Wk;pZqGG{WM+qadb}e(S9TH7
zWGGtEZW`86A_2WamJoZ=ESlhZaVT{>dMgdm_2@PEbPfQH$LCu0+%6){xc@O|=d*h|
zk)U3(XY6~ZotIjzU--lorHR%`1?X9W<G;O3c>UyPkv?%$ng=QaepLb-p?eF}T6=IM
zmg{yEc|0rctCW1cP2Nt-5M+V~2=D{6LLLKC=tQW9eP@cKi<P=Rke)lj;$~Hi70Y2-
z-vW{DSM0?C&%0!n{Ql@~FL}KaFvAbvqYCM!;f6;oKXl#h=y=eVCl`Le1}F$fAak^Y
z{ycyV_U2=8rnM3e-CufQ%H%0>4BG8h>ryJMFhFs`qz))%21bji!zX&yuy4r(cYSMM
z4ft$%0@4z$!Ccr_6jCm}Ljt0t=+<lgbqqdCe!M!ncny9yyL|ilB6`&qwEtgT5|i7O
zH<|+T8bcbZgonJ*av6$4hNR{Tk)oIDxC^dFdHn3Y79-~hUBzl74^d(P`ooja$q|@_
zOzIMpxGOo%NXh3%mfMGihle6#eH<|&!z4rj7zF40Wnqy@rg2IHzN@WMOsv&voe7Oy
zugz`W8k|_Y+q4${5=_^C;-&Adh5bt!E(E1}YY@$(oWPghcDI?nmE7tP;1X}n)l%CI
z13<B7Codp)^QbD5+3GxT6DsU<d;%Q;?lE0Rjuo~R08MoHe2B+6w7CYm=p{fNmGT}k
zaf+tk-yvbhv6|O~9;M{H|6}8Bly*x!O)G_SCt-QnppVM;zj~+U`_IGPN%Q{CAxc_3
zkq`Yv>DXF8sbEt32&qc#l+-Y}2y8dZ`K6Yc{I9cYZ6yJ!_<z_xHu?YLbky+wAxahh
zrw`a`AB};|b|gMUiGcJ0h1tITCjfu%^?GA4?DhWMQ{O@-{c~Ub+;6p1L)oOQEdO1G
zC>wv*`>xk+wNzW#DzC;<Pv#d`D*0b|{cpMTi&DA&pPU%{-yaN`{r@1PivQzC9?7=<
z>iiJECF=a-OS1%Ukhg9DU_^aHl}T_90|z;s30E1U;f*$o`q`99{@-cmm!*pTd#59l
z|3{<d{ojL>UH1Q{#=R-KmrDL;w%-XIzmpAGt1S_#^?&pHKRWF-{C|+L1^-7j&{jg*
z&yvSjd+)RoT7Ox!<^=Err8fURqW(YV_09dif84zPeUP#f|2G`_#g|(AzXR|8N1gNk
z(A58X!^Zx1m{QLF)ePRS_Lp6X_#Z*V|2oCPBkupbVb=aPZ1n$wlyd%mYV4Zw*rk&H
zmGAna^8e{D!~e&P{r@1PO8-~OFZF*FurQV{u01vCP1!@K<bR(&zW(1EnEL;yvHu;W
zROtVi$YWls5d&XOspNm1%M^Ofwz8m-|Bp@k-{7R-|HG8(`+p<tX`Uv~h>0(@)aL)k
z^#AFZ{(t?!XwdNgA<AC(|EUMjl&wo4|NAakFOkPOFl2<<(8b<k`TzHhGycEBLBszC
zDQW&staZcZe~D7f|GNhORr3EyhX0TI4gVjcr1`&z_W7%oy8OS38*ml>4>I=uVZYaF
z`2P^4ES*LZ?eq1QYX0Bd0ibgKA7%ajoBRL6lxN^AnlUhSp(hd$a{h|a?#U%@80{-A
z)%?GE0ALmW_jCAv(D463igEsLqW%72rJDbDcL1u~|1<Z0{n2s5{|6~){%^c}{%WO~
z|91}nuI7K!|EGU4YR>-$DfQ3)PmO6)9-~zA|LzWe)#rcH{?|L{H~fE)(s=ItwM#Ys
z@16jlivI_v=KbGszjxa3{~=1{{@+CVf7PWv|39Mr@7T=$(I1{R`~N}82K?V}>{nRo
z@&6<1|C#;2chc)O{C|kj1o;28OEv%R9spFi{}0Ulf7omE|HBmX{;!Gl`D>N>{Qrpe
re<zvv|Iw(4|366Cg8!cy<)$>HDNSk09?Jg>0096017*_P0BQmN$jYje

literal 0
HcmV?d00001

diff --git a/basic-nginx-ingress/Chart.yaml b/basic-nginx-ingress/Chart.yaml
new file mode 100755
index 0000000..1b66203
--- /dev/null
+++ b/basic-nginx-ingress/Chart.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+appVersion: 0.26.1
+description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration.
+engine: gotpl
+home: https://github.com/kubernetes/ingress-nginx
+icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
+keywords:
+- ingress
+- nginx
+kubeVersion: '>=1.10.0-0'
+maintainers:
+- name: ChiefAlexander
+- email: Trevor.G.Wood@gmail.com
+  name: taharah
+name: basic-nginx-ingress
+sources:
+- https://github.com/kubernetes/ingress-nginx
+version: 1.26.2
diff --git a/basic-nginx-ingress/OWNERS b/basic-nginx-ingress/OWNERS
new file mode 100755
index 0000000..0001de3
--- /dev/null
+++ b/basic-nginx-ingress/OWNERS
@@ -0,0 +1,6 @@
+approvers:
+- ChiefAlexander
+- taharah
+reviewers:
+- ChiefAlexander
+- taharah
diff --git a/basic-nginx-ingress/README.md b/basic-nginx-ingress/README.md
new file mode 100755
index 0000000..f96aa53
--- /dev/null
+++ b/basic-nginx-ingress/README.md
@@ -0,0 +1,322 @@
+# nginx-ingress
+
+[nginx-ingress](https://github.com/kubernetes/ingress-nginx) is an Ingress controller that uses ConfigMap to store the nginx configuration.
+
+To use, add the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
+
+## TL;DR;
+
+```console
+$ helm install stable/nginx-ingress
+```
+
+## Introduction
+
+This chart bootstraps an nginx-ingress deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+  - Kubernetes 1.6+
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install --name my-release stable/nginx-ingress
+```
+
+The command deploys nginx-ingress on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the nginx-ingress chart and their default values.
+
+Parameter | Description | Default
+--- | --- | ---
+`controller.name` | name of the controller component | `controller`
+`controller.image.repository` | controller container image repository | `quay.io/kubernetes-ingress-controller/nginx-ingress-controller`
+`controller.image.tag` | controller container image tag | `0.26.1`
+`controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent`
+`controller.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. By default uses debian one. | `33`
+`controller.containerPort.http` | The port that the controller container listens on for http connections. | `80`
+`controller.containerPort.https` | The port that the controller container listens on for https connections. | `443`
+`controller.config` | nginx [ConfigMap](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md) entries | none
+`controller.hostNetwork` | If the nginx deployment / daemonset should run on the host's network namespace. Do not set this when `controller.service.externalIPs` is set and `kube-proxy` is used as there will be a port-conflict for port `80` | false
+`controller.defaultBackendService` | default 404 backend service; needed only if `defaultBackend.enabled = false` | `""`
+`controller.dnsPolicy` | If using `hostNetwork=true`, change to `ClusterFirstWithHostNet`. See [pod's dns policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for details | `ClusterFirst`
+`controller.reportNodeInternalIp` | If using `hostNetwork=true`, setting `reportNodeInternalIp=true`, will pass the flag `report-node-internal-ip-address` to nginx-ingress. This sets the status of all Ingress objects to the internal IP address of all nodes running the NGINX Ingress controller.
+`controller.electionID` | election ID to use for the status update | `ingress-controller-leader`
+`controller.extraEnvs` | any additional environment variables to set in the pods | `{}`
+`controller.extraContainers` | Sidecar containers to add to the controller pod. See [LemonLDAP::NG controller](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller) as example | `{}`
+`controller.extraVolumeMounts` | Additional volumeMounts to the controller main container | `{}`
+`controller.extraVolumes` | Additional volumes to the controller pod | `{}`
+`controller.extraInitContainers` | Containers, which are run before the app containers are started | `[]`
+`controller.ingressClass` | name of the ingress class to route through this controller | `nginx`
+`controller.scope.enabled` | limit the scope of the ingress controller | `false` (watch all namespaces)
+`controller.scope.namespace` | namespace to watch for ingress | `""` (use the release namespace)
+`controller.extraArgs` | Additional controller container arguments | `{}`
+`controller.kind` | install as Deployment, DaemonSet or Both | `Deployment`
+`controller.autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | false
+`controller.autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2`
+`controller.autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `11`
+`controller.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage to scale | `"50"`
+`controller.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage to scale | `"50"`
+`controller.daemonset.useHostPort` | If `controller.kind` is `DaemonSet`, this will enable `hostPort` for TCP/80 and TCP/443 | false
+`controller.daemonset.hostPorts.http` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"80"`
+`controller.daemonset.hostPorts.https` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"443"`
+`controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
+`controller.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}`
+`controller.terminationGracePeriodSeconds` | how many seconds to wait before terminating a pod | `60`
+`controller.minReadySeconds` | how many seconds a pod needs to be ready before killing the next, during update | `0`
+`controller.nodeSelector` | node labels for pod assignment | `{}`
+`controller.podAnnotations` | annotations to be added to pods | `{}`
+`controller.podLabels` | labels to add to the pod container metadata | `{}`
+`controller.podSecurityContext` | Security context policies to add to the controller pod | `{}`
+`controller.replicaCount` | desired number of controller pods | `1`
+`controller.minAvailable` | minimum number of available controller pods for PodDisruptionBudget | `1`
+`controller.resources` | controller pod resource requests & limits | `{}`
+`controller.priorityClassName` | controller priorityClassName | `nil`
+`controller.lifecycle` | controller pod lifecycle hooks | `{}`
+`controller.service.annotations` | annotations for controller service | `{}`
+`controller.service.labels` | labels for controller service | `{}`
+`controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `false`
+`controller.publishService.pathOverride` | override of the default publish-service name | `""`
+`controller.service.enabled` | if disabled no service will be created. This is especially useful when `controller.kind` is set to `DaemonSet` and `controller.daemonset.useHostPorts` is `true` | true
+`controller.service.clusterIP` | internal controller cluster service IP | `nil`
+`controller.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the controller service | `false`
+`controller.service.externalIPs` | controller service external IP addresses. Do not set this when `controller.hostNetwork` is set to `true` and `kube-proxy` is used as there will be a port-conflict for port `80` | `[]`
+`controller.service.externalTrafficPolicy` | If `controller.service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `"Cluster"`
+`controller.service.healthCheckNodePort` | If `controller.service.type` is `NodePort` or `LoadBalancer` and `controller.service.externalTrafficPolicy` is set to `Local`, set this to [the managed health-check port the kube-proxy will expose](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport). If blank, a random port in the `NodePort` range will be assigned | `""`
+`controller.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
+`controller.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
+`controller.service.enableHttp` | if port 80 should be opened for service | `true`
+`controller.service.enableHttps` | if port 443 should be opened for service | `true`
+`controller.service.targetPorts.http` | Sets the targetPort that maps to the Ingress' port 80 | `80`
+`controller.service.targetPorts.https` | Sets the targetPort that maps to the Ingress' port 443 | `443`
+`controller.service.ports.http` | Sets service http port | `80`
+`controller.service.ports.https` | Sets service https port | `443`
+`controller.service.type` | type of controller service to create | `LoadBalancer`
+`controller.service.nodePorts.http` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 80 | `""`
+`controller.service.nodePorts.https` | If `controller.service.type` is either `NodePort` or `LoadBalancer` and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 | `""`
+`controller.service.nodePorts.tcp` | Sets the nodePort for an entry referenced by its key from `tcp` | `{}`
+`controller.service.nodePorts.udp` | Sets the nodePort for an entry referenced by its key from `udp` | `{}`
+`controller.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 10
+`controller.livenessProbe.periodSeconds` | How often to perform the probe | 10
+`controller.livenessProbe.timeoutSeconds` | When the probe times out | 5
+`controller.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
+`controller.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
+`controller.livenessProbe.port` | The port number that the liveness probe will listen on. | 10254
+`controller.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 10
+`controller.readinessProbe.periodSeconds` | How often to perform the probe | 10
+`controller.readinessProbe.timeoutSeconds` | When the probe times out | 1
+`controller.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
+`controller.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
+`controller.readinessProbe.port` | The port number that the readiness probe will listen on. | 10254
+`controller.metrics.enabled` | if `true`, enable Prometheus metrics | `false`
+`controller.metrics.service.annotations` | annotations for Prometheus metrics service | `{}`
+`controller.metrics.service.clusterIP` | cluster IP address to assign to service | `nil`
+`controller.metrics.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the metrics service | `false`
+`controller.metrics.service.externalIPs` | Prometheus metrics service external IP addresses | `[]`
+`controller.metrics.service.labels` | labels for metrics service | `{}`
+`controller.metrics.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
+`controller.metrics.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
+`controller.metrics.service.servicePort` | Prometheus metrics service port | `9913`
+`controller.metrics.service.type` | type of Prometheus metrics service to create | `ClusterIP`
+`controller.metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false`
+`controller.metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}`
+`controller.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false`
+`controller.metrics.serviceMonitor.namespace` | namespace where servicemonitor resource should be created | `the same namespace as nginx ingress`
+`controller.metrics.serviceMonitor.namespaceSelector` | [namespaceSelector](https://github.com/coreos/prometheus-operator/blob/v0.34.0/Documentation/api.md#namespaceselector) to configure what namespaces to scrape | `will scrape the helm release namespace only`
+`controller.metrics.serviceMonitor.scrapeInterval` | interval between Prometheus scraping | `30s`
+`controller.metrics.prometheusRule.enabled` | Set this to `true` to create prometheusRules for Prometheus operator | `false`
+`controller.metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}`
+`controller.metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `the same namespace as nginx ingress`
+`controller.metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be prometheus in YAML format, check values for an example. | `[]`
+`controller.admissionWebhooks.enabled` | Create Ingress admission webhooks. Validating webhook will check the ingress syntax. | `false`
+`controller.admissionWebhooks.failurePolicy` | Failure policy for admission webhooks | `Fail`
+`controller.admissionWebhooks.port` | Admission webhook port | `8080`
+`controller.admissionWebhooks.service.annotations` | Annotations for admission webhook service | `{}`
+`controller.admissionWebhooks.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the admission webhook service | `false`
+`controller.admissionWebhooks.service.clusterIP` | cluster IP address to assign to admission webhook service | `nil`
+`controller.admissionWebhooks.service.externalIPs` | Admission webhook service external IP addresses | `[]`
+`controller.admissionWebhooks.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
+`controller.admissionWebhooks.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]`
+`controller.admissionWebhooks.service.servicePort` | Admission webhook service port | `443`
+`controller.admissionWebhooks.service.type` | Type of admission webhook service to create | `ClusterIP`
+`controller.admissionWebhooks.patch.enabled` | If true, will use a pre and post install hooks to generate a CA and certificate to use for the prometheus operator tls proxy, and patch the created webhooks with the CA. | `true`
+`controller.admissionWebhooks.patch.image.repository` | Repository to use for the webhook integration jobs | `jettech/kube-webhook-certgen`
+`controller.admissionWebhooks.patch.image.tag` |  Tag to use for the webhook integration jobs | `v1.0.0`
+`controller.admissionWebhooks.patch.image.pullPolicy` | Image pull policy for the webhook integration jobs | `IfNotPresent`
+`controller.admissionWebhooks.patch.priorityClassName` | Priority class for the webhook integration jobs | `""`
+`controller.admissionWebhooks.patch.podAnnotations` | Annotations for the webhook job pods | `{}`
+`controller.admissionWebhooks.patch.nodeSelector` | Node selector for running admission hook patch jobs | `{}`
+`controller.customTemplate.configMapName` | configMap containing a custom nginx template | `""`
+`controller.customTemplate.configMapKey` | configMap key containing the nginx template | `""`
+`controller.addHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers) added before sending response to the client | `{}`
+`controller.proxySetHeaders` | configMap key:value pairs containing [custom headers](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#proxy-set-headers) added before sending request to the backends| `{}`
+`controller.headers` | DEPRECATED, Use `controller.proxySetHeaders` instead. | `{}`
+`controller.updateStrategy` | allows setting of RollingUpdate strategy | `{}`
+`controller.configMapNamespace` | The nginx-configmap namespace name | `""`
+`controller.tcp.configMapNamespace` | The tcp-services-configmap namespace name | `""`
+`controller.udp.configMapNamespace` | The udp-services-configmap namespace name | `""`
+`defaultBackend.enabled` | Use default backend component | `true`
+`defaultBackend.name` | name of the default backend component | `default-backend`
+`defaultBackend.image.repository` | default backend container image repository | `k8s.gcr.io/defaultbackend-amd64`
+`defaultBackend.image.tag` | default backend container image tag | `1.5`
+`defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent`
+`defaultBackend.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. By default uses nobody user. | `65534`
+`defaultBackend.extraArgs` | Additional default backend container arguments | `{}`
+`defaultBackend.extraEnvs` | any additional environment variables to set in the defaultBackend pods | `[]`
+`defaultBackend.port` | Http port number | `8080`
+`defaultBackend.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30
+`defaultBackend.livenessProbe.periodSeconds` | How often to perform the probe | 10
+`defaultBackend.livenessProbe.timeoutSeconds` | When the probe times out | 5
+`defaultBackend.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
+`defaultBackend.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3
+`defaultBackend.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 0
+`defaultBackend.readinessProbe.periodSeconds` | How often to perform the probe | 5
+`defaultBackend.readinessProbe.timeoutSeconds` | When the probe times out | 5
+`defaultBackend.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1
+`defaultBackend.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6
+`defaultBackend.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
+`defaultBackend.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}`
+`defaultBackend.nodeSelector` | node labels for pod assignment | `{}`
+`defaultBackend.podAnnotations` | annotations to be added to pods | `{}`
+`defaultBackend.podLabels` | labels to add to the pod container metadata | `{}`
+`defaultBackend.replicaCount` | desired number of default backend pods | `1`
+`defaultBackend.minAvailable` | minimum number of available default backend pods for PodDisruptionBudget | `1`
+`defaultBackend.resources` | default backend pod resource requests & limits | `{}`
+`defaultBackend.priorityClassName` | default backend  priorityClassName | `nil`
+`defaultBackend.podSecurityContext` | Security context policies to add to the default backend | `{}`
+`defaultBackend.service.annotations` | annotations for default backend service | `{}`
+`defaultBackend.service.clusterIP` | internal default backend cluster service IP | `nil`
+`defaultBackend.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the default backend service | `false`
+`defaultBackend.service.externalIPs` | default backend service external IP addresses | `[]`
+`defaultBackend.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
+`defaultBackend.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
+`defaultBackend.service.type` | type of default backend service to create | `ClusterIP`
+`defaultBackend.serviceAccount.create` | if `true`, create a backend service account. Only useful if you need a pod security policy to run the backend. | `true`
+`defaultBackend.serviceAccount.name` | The name of the backend service account to use. If not set and `create` is `true`, a name is generated using the fullname template. Only useful if you need a pod security policy to run the backend. | ``
+`imagePullSecrets` | name of Secret resource containing private registry credentials | `nil`
+`rbac.create` | if `true`, create & use RBAC resources | `true`
+`podSecurityPolicy.enabled` | if `true`, create & use Pod Security Policy resources | `false`
+`serviceAccount.create` | if `true`, create a service account for the controller | `true`
+`serviceAccount.name` | The name of the controller service account to use. If not set and `create` is `true`, a name is generated using the fullname template. | ``
+`revisionHistoryLimit` | The number of old history to retain to allow rollback. | `10`
+`tcp` | TCP service key:value pairs. The value is evaluated as a template. | `{}`
+`udp` | UDP service key:value pairs The value is evaluated as a template. | `{}`
+
+These parameters can be passed via Helm's `--set` option
+```console
+$ helm install stable/nginx-ingress --name my-release \
+    --set controller.metrics.enabled=true
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install stable/nginx-ingress --name my-release -f values.yaml
+```
+
+A useful trick to debug issues with ingress is to increase the logLevel
+as described [here](https://github.com/kubernetes/ingress-nginx/blob/master/docs/troubleshooting.md#debug)
+
+```console
+$ helm install stable/nginx-ingress --set controller.extraArgs.v=2
+```
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## PodDisruptionBudget
+
+Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one,
+else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info.
+
+## Prometheus Metrics
+
+The Nginx ingress controller can export Prometheus metrics.
+
+```console
+$ helm install stable/nginx-ingress --name my-release \
+    --set controller.metrics.enabled=true
+```
+
+You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`.
+
+## nginx-ingress nginx\_status page/stats server
+
+Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller:
+* in [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
+* in [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
+  You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230) to re-enable the http server
+
+## ExternalDNS Service configuration
+
+Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service:
+
+```yaml
+controller:
+  service:
+    annotations:
+      external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
+```
+
+## AWS L7 ELB with SSL Termination
+
+Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/master/deploy/aws/l7/service-l7.yaml):
+
+```yaml
+controller:
+  service:
+    targetPorts:
+      http: http
+      https: http
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
+```
+
+## AWS route53-mapper
+
+To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label:
+
+```yaml
+controller:
+  service:
+    labels:
+      dns: "route53"
+    annotations:
+      domainName: "kubernetes-example.com"
+```
+
+## Ingress Admission Webhooks
+
+With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
+
+With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
+
+## Helm error when upgrading: spec.clusterIP: Invalid value: ""
+
+If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
+
+```
+Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable
+```
+
+Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
+
+As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. If you do wish to provide a clusterIP value in your values file, ensure that it is quoted.
diff --git a/basic-nginx-ingress/ci/daemonset-customconfig-values.yaml b/basic-nginx-ingress/ci/daemonset-customconfig-values.yaml
new file mode 100755
index 0000000..f12eac3
--- /dev/null
+++ b/basic-nginx-ingress/ci/daemonset-customconfig-values.yaml
@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  config:
+    use-proxy-protocol: "true"
diff --git a/basic-nginx-ingress/ci/daemonset-customnodeport-values.yaml b/basic-nginx-ingress/ci/daemonset-customnodeport-values.yaml
new file mode 100755
index 0000000..382bc50
--- /dev/null
+++ b/basic-nginx-ingress/ci/daemonset-customnodeport-values.yaml
@@ -0,0 +1,15 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: NodePort
+    nodePorts:
+      tcp:
+        9000: 30090
+      udp:
+        9001: 30091
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/basic-nginx-ingress/ci/daemonset-headers-values.yaml b/basic-nginx-ingress/ci/daemonset-headers-values.yaml
new file mode 100755
index 0000000..a29690f
--- /dev/null
+++ b/basic-nginx-ingress/ci/daemonset-headers-values.yaml
@@ -0,0 +1,6 @@
+controller:
+  kind: DaemonSet
+  addHeaders:
+    X-Frame-Options: deny
+  proxySetHeaders:
+    X-Forwarded-Proto: https
diff --git a/basic-nginx-ingress/ci/daemonset-nodeport-values.yaml b/basic-nginx-ingress/ci/daemonset-nodeport-values.yaml
new file mode 100755
index 0000000..ebc8f10
--- /dev/null
+++ b/basic-nginx-ingress/ci/daemonset-nodeport-values.yaml
@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: NodePort
diff --git a/basic-nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/basic-nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
new file mode 100755
index 0000000..3484704
--- /dev/null
+++ b/basic-nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,14 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: ClusterIP
+  tcp:
+    configMapNamespace: default
+  udp:
+    configMapNamespace: default
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/basic-nginx-ingress/ci/daemonset-tcp-udp-values.yaml b/basic-nginx-ingress/ci/daemonset-tcp-udp-values.yaml
new file mode 100755
index 0000000..e6866d7
--- /dev/null
+++ b/basic-nginx-ingress/ci/daemonset-tcp-udp-values.yaml
@@ -0,0 +1,10 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: ClusterIP
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/basic-nginx-ingress/ci/daemonset-tcp-values.yaml b/basic-nginx-ingress/ci/daemonset-tcp-values.yaml
new file mode 100755
index 0000000..f0a6060
--- /dev/null
+++ b/basic-nginx-ingress/ci/daemonset-tcp-values.yaml
@@ -0,0 +1,6 @@
+controller:
+  kind: DaemonSet
+
+tcp:
+  9000: "default/test:8080"
+  9001: "default/test:8080"
diff --git a/basic-nginx-ingress/ci/deamonset-default-values.yaml b/basic-nginx-ingress/ci/deamonset-default-values.yaml
new file mode 100755
index 0000000..ddb2562
--- /dev/null
+++ b/basic-nginx-ingress/ci/deamonset-default-values.yaml
@@ -0,0 +1,2 @@
+controller:
+  kind: DaemonSet
diff --git a/basic-nginx-ingress/ci/deamonset-metrics-values.yaml b/basic-nginx-ingress/ci/deamonset-metrics-values.yaml
new file mode 100755
index 0000000..5ce435d
--- /dev/null
+++ b/basic-nginx-ingress/ci/deamonset-metrics-values.yaml
@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  metrics:
+    enabled: true
diff --git a/basic-nginx-ingress/ci/deamonset-psp-values.yaml b/basic-nginx-ingress/ci/deamonset-psp-values.yaml
new file mode 100755
index 0000000..b441c1a
--- /dev/null
+++ b/basic-nginx-ingress/ci/deamonset-psp-values.yaml
@@ -0,0 +1,5 @@
+controller:
+  kind: DaemonSet
+
+podSecurityPolicy:
+  enabled: true
diff --git a/basic-nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml b/basic-nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml
new file mode 100755
index 0000000..2cf9d6f
--- /dev/null
+++ b/basic-nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml
@@ -0,0 +1,7 @@
+controller:
+  kind: DaemonSet
+  admissionWebhooks:
+    enabled: true
+
+podSecurityPolicy:
+  enabled: true
diff --git a/basic-nginx-ingress/ci/deamonset-webhook-values.yaml b/basic-nginx-ingress/ci/deamonset-webhook-values.yaml
new file mode 100755
index 0000000..2d2cb47
--- /dev/null
+++ b/basic-nginx-ingress/ci/deamonset-webhook-values.yaml
@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  admissionWebhooks:
+    enabled: true
diff --git a/basic-nginx-ingress/ci/deployment-autoscaling-values.yaml b/basic-nginx-ingress/ci/deployment-autoscaling-values.yaml
new file mode 100755
index 0000000..e9701da
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-autoscaling-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  autoscaling:
+    enabled: true
diff --git a/basic-nginx-ingress/ci/deployment-customconfig-values.yaml b/basic-nginx-ingress/ci/deployment-customconfig-values.yaml
new file mode 100755
index 0000000..401aea4
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-customconfig-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  config:
+    use-proxy-protocol: "true"
diff --git a/basic-nginx-ingress/ci/deployment-customnodeport-values.yaml b/basic-nginx-ingress/ci/deployment-customnodeport-values.yaml
new file mode 100755
index 0000000..6958eaa
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-customnodeport-values.yaml
@@ -0,0 +1,14 @@
+controller:
+  service:
+    type: NodePort
+    nodePorts:
+      tcp:
+        9000: 30090
+      udp:
+        9001: 30091
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/basic-nginx-ingress/ci/deployment-default-values.yaml b/basic-nginx-ingress/ci/deployment-default-values.yaml
new file mode 100755
index 0000000..b15f0e4
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-default-values.yaml
@@ -0,0 +1 @@
+# Left blank to test default values
diff --git a/basic-nginx-ingress/ci/deployment-headers-values.yaml b/basic-nginx-ingress/ci/deployment-headers-values.yaml
new file mode 100755
index 0000000..f3873af
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-headers-values.yaml
@@ -0,0 +1,5 @@
+controller:
+  addHeaders:
+    X-Frame-Options: deny
+  proxySetHeaders:
+    X-Forwarded-Proto: https
diff --git a/basic-nginx-ingress/ci/deployment-metrics-values.yaml b/basic-nginx-ingress/ci/deployment-metrics-values.yaml
new file mode 100755
index 0000000..9a93fa5
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-metrics-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  metrics:
+    enabled: true
diff --git a/basic-nginx-ingress/ci/deployment-nodeport-values.yaml b/basic-nginx-ingress/ci/deployment-nodeport-values.yaml
new file mode 100755
index 0000000..ffdc47b
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-nodeport-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  service:
+    type: NodePort
diff --git a/basic-nginx-ingress/ci/deployment-psp-values.yaml b/basic-nginx-ingress/ci/deployment-psp-values.yaml
new file mode 100755
index 0000000..7aae860
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-psp-values.yaml
@@ -0,0 +1,2 @@
+podSecurityPolicy:
+  enabled: true
diff --git a/basic-nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/basic-nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml
new file mode 100755
index 0000000..7b06c1e
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,13 @@
+controller:
+  service:
+    type: ClusterIP
+  tcp:
+    configMapNamespace: default
+  udp:
+    configMapNamespace: default
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/basic-nginx-ingress/ci/deployment-tcp-udp-values.yaml b/basic-nginx-ingress/ci/deployment-tcp-udp-values.yaml
new file mode 100755
index 0000000..7c55d44
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-tcp-udp-values.yaml
@@ -0,0 +1,9 @@
+controller:
+  service:
+    type: ClusterIP
+
+tcp:
+  9000: "default/test:8080"
+
+udp:
+  9001: "default/test:8080"
diff --git a/basic-nginx-ingress/ci/deployment-tcp-values.yaml b/basic-nginx-ingress/ci/deployment-tcp-values.yaml
new file mode 100755
index 0000000..c8bc204
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-tcp-values.yaml
@@ -0,0 +1,3 @@
+tcp:
+  9000: "default/test:8080"
+  9001: "default/test:8080"
diff --git a/basic-nginx-ingress/ci/deployment-webhook-and-psp-values.yaml b/basic-nginx-ingress/ci/deployment-webhook-and-psp-values.yaml
new file mode 100755
index 0000000..0590d7c
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-webhook-and-psp-values.yaml
@@ -0,0 +1,6 @@
+controller:
+  admissionWebhooks:
+    enabled: true
+
+podSecurityPolicy:
+  enabled: true
diff --git a/basic-nginx-ingress/ci/deployment-webhook-values.yaml b/basic-nginx-ingress/ci/deployment-webhook-values.yaml
new file mode 100755
index 0000000..07e1a92
--- /dev/null
+++ b/basic-nginx-ingress/ci/deployment-webhook-values.yaml
@@ -0,0 +1,3 @@
+controller:
+  admissionWebhooks:
+    enabled: true
diff --git a/basic-nginx-ingress/templates/NOTES.txt b/basic-nginx-ingress/templates/NOTES.txt
new file mode 100755
index 0000000..57bbc9e
--- /dev/null
+++ b/basic-nginx-ingress/templates/NOTES.txt
@@ -0,0 +1,71 @@
+The nginx-ingress controller has been installed.
+
+{{- if contains "NodePort" .Values.controller.service.type }}
+Get the application URL by running these commands:
+
+{{- if (not (empty .Values.controller.service.nodePorts.http)) }}
+  export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
+{{- else }}
+  export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ template "nginx-ingress.controller.fullname" . }})
+{{- end }}
+{{- if (not (empty .Values.controller.service.nodePorts.https)) }}
+  export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
+{{- else }}
+  export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ template "nginx-ingress.controller.fullname" . }})
+{{- end }}
+  export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
+
+  echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
+  echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
+{{- else if contains "LoadBalancer" .Values.controller.service.type }}
+It may take a few minutes for the LoadBalancer IP to be available.
+You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ template "nginx-ingress.controller.fullname" . }}'
+{{- else if contains "ClusterIP"  .Values.controller.service.type }}
+Get the application URL by running these commands:
+  export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "nginx-ingress.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}")
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+  echo "Visit http://127.0.0.1:8080 to access your application."
+{{- end }}
+
+An example Ingress that makes use of the controller:
+
+  apiVersion: extensions/v1beta1
+  kind: Ingress
+  metadata:
+    annotations:
+      kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }}
+    name: example
+    namespace: foo
+  spec:
+    rules:
+      - host: www.example.com
+        http:
+          paths:
+            - backend:
+                serviceName: exampleService
+                servicePort: 80
+              path: /
+    # This section is only required if TLS is to be enabled for the Ingress
+    tls:
+        - hosts:
+            - www.example.com
+          secretName: example-tls
+
+If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
+
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: example-tls
+    namespace: foo
+  data:
+    tls.crt: <base64 encoded cert>
+    tls.key: <base64 encoded key>
+  type: kubernetes.io/tls
+
+{{- if .Values.controller.headers }}
+#################################################################################
+######   WARNING: `controller.headers` has been deprecated!                 #####
+######            It has been renamed to `controller.proxySetHeaders`.      #####
+#################################################################################
+{{- end }}
diff --git a/basic-nginx-ingress/templates/_helpers.tpl b/basic-nginx-ingress/templates/_helpers.tpl
new file mode 100755
index 0000000..0360253
--- /dev/null
+++ b/basic-nginx-ingress/templates/_helpers.tpl
@@ -0,0 +1,117 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nginx-ingress.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nginx-ingress.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "nginx-ingress.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified controller name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "nginx-ingress.controller.fullname" -}}
+{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct the path for the publish-service.
+
+By convention this will simply use the <namespace>/<controller-name> to match the name of the
+service generated.
+
+Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
+
+*/}}
+{{- define "nginx-ingress.controller.publishServicePath" -}}
+{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "nginx-ingress.controller.fullname" .) -}}
+{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
+{{- print $servicePath | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified default backend name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "nginx-ingress.defaultBackend.fullname" -}}
+{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "nginx-ingress.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "nginx-ingress.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
+*/}}
+{{- define "nginx-ingress.defaultBackend.serviceAccountName" -}}
+{{- if .Values.defaultBackend.serviceAccount.create -}}
+    {{ default (printf "%s-backend" (include "nginx-ingress.fullname" .)) .Values.defaultBackend.serviceAccount.name }}
+{{- else -}}
+    {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for deployment.
+*/}}
+{{- define "deployment.apiVersion" -}}
+{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "apps/v1" -}}
+{{- else -}}
+{{- print "extensions/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiGroup for PodSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiGroup" -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy" -}}
+{{- else -}}
+{{- print "extensions" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for podSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy/v1beta1" -}}
+{{- else -}}
+{{- print "extensions/v1beta1" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/basic-nginx-ingress/templates/addheaders-configmap.yaml b/basic-nginx-ingress/templates/addheaders-configmap.yaml
new file mode 100755
index 0000000..04a04aa
--- /dev/null
+++ b/basic-nginx-ingress/templates/addheaders-configmap.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.controller.addHeaders }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}-custom-add-headers
+data:
+{{ toYaml .Values.controller.addHeaders | indent 2 }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml b/basic-nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml
new file mode 100755
index 0000000..97d7a2a
--- /dev/null
+++ b/basic-nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml
@@ -0,0 +1,30 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+    verbs:
+      - get
+      - update
+{{- if .Values.podSecurityPolicy.enabled }}
+  - apiGroups: ['extensions']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames:
+    - {{ template "nginx-ingress.fullname" . }}-admission
+{{- end }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/basic-nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
new file mode 100755
index 0000000..57c2104
--- /dev/null
+++ b/basic-nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "nginx-ingress.fullname" . }}-admission
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.fullname" . }}-admission
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml b/basic-nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml
new file mode 100755
index 0000000..4e4b6b5
--- /dev/null
+++ b/basic-nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -0,0 +1,55 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}-admission-create
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name: {{ template "nginx-ingress.fullname" . }}-admission-create
+{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
+      annotations:
+{{ toYaml .  | indent 8 }}
+{{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        chart: {{ template "nginx-ingress.chart" . }}
+        component: "{{ .Values.controller.name }}"
+        heritage: {{ .Release.Service }}
+        release: {{ .Release.Name }}
+    spec:
+      {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
+      priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
+      {{- end }}
+      containers:
+        - name: create
+          image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
+          imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
+          args:
+            - create
+            - --host={{ template "nginx-ingress.controller.fullname" . }}-admission,{{ template "nginx-ingress.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc
+            - --namespace={{ .Release.Namespace }}
+            - --secret-name={{ template "nginx-ingress.fullname". }}-admission
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission
+      {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 2000
+{{- end }}
diff --git a/basic-nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/basic-nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
new file mode 100755
index 0000000..2182e53
--- /dev/null
+++ b/basic-nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -0,0 +1,57 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}-admission-patch
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name:   {{ template "nginx-ingress.fullname" . }}-admission-patch
+{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
+      annotations:
+{{ toYaml .  | indent 8 }}
+{{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        chart: {{ template "nginx-ingress.chart" . }}
+        component: "{{ .Values.controller.name }}"
+        heritage: {{ .Release.Service }}
+        release: {{ .Release.Name }}
+    spec:
+      {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
+      priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
+      {{- end }}
+      containers:
+        - name: patch
+          image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
+          imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }}
+          args:
+            - patch
+            - --webhook-name={{ template "nginx-ingress.fullname" . }}-admission
+            - --namespace={{ .Release.Namespace }}
+            - --patch-mutating=false
+            - --secret-name={{ template "nginx-ingress.fullname". }}-admission
+            - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission
+      {{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 2000
+{{- end }}
diff --git a/basic-nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml b/basic-nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml
new file mode 100755
index 0000000..3b69e00
--- /dev/null
+++ b/basic-nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  allowPrivilegeEscalation: false
+  fsGroup:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    rule: MustRunAsNonRoot
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+{{- end }}
diff --git a/basic-nginx-ingress/templates/admission-webhooks/job-patch/role.yaml b/basic-nginx-ingress/templates/admission-webhooks/job-patch/role.yaml
new file mode 100755
index 0000000..4557662
--- /dev/null
+++ b/basic-nginx-ingress/templates/admission-webhooks/job-patch/role.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - create
+{{- end }}
diff --git a/basic-nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml b/basic-nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml
new file mode 100755
index 0000000..0e0907d
--- /dev/null
+++ b/basic-nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "nginx-ingress.fullname" . }}-admission
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.fullname" . }}-admission
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml b/basic-nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml
new file mode 100755
index 0000000..11d249c
--- /dev/null
+++ b/basic-nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name:  {{ template "nginx-ingress.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/admission-webhooks/validating-webhook.yaml b/basic-nginx-ingress/templates/admission-webhooks/validating-webhook.yaml
new file mode 100755
index 0000000..53f37b2
--- /dev/null
+++ b/basic-nginx-ingress/templates/admission-webhooks/validating-webhook.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.controller.admissionWebhooks.enabled }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}-admission
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "admission-webhook"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}-admission
+webhooks:
+  - name: validate.nginx.ingress.kubernetes.io
+    rules:
+      - apiGroups:
+          - extensions
+          - networking.k8s.io
+        apiVersions:
+          - v1beta1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+    failurePolicy: Fail
+    clientConfig:
+      service:
+        namespace: {{ .Release.Namespace }}
+        name: {{ template "nginx-ingress.controller.fullname" . }}-admission
+        path: /extensions/v1beta1/ingresses
+{{- end }}
diff --git a/basic-nginx-ingress/templates/clusterrole.yaml b/basic-nginx-ingress/templates/clusterrole.yaml
new file mode 100755
index 0000000..e39029b
--- /dev/null
+++ b/basic-nginx-ingress/templates/clusterrole.yaml
@@ -0,0 +1,71 @@
+{{- if and .Values.rbac.create (not .Values.controller.scope.enabled) -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - endpoints
+      - nodes
+      - pods
+      - secrets
+    verbs:
+      - list
+      - watch
+{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    resourceNames:
+      - "{{ .Values.controller.scope.namespace }}"
+    verbs:
+      - get
+{{- end }}
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - update
+      - watch
+  - apiGroups:
+      - extensions
+      - "networking.k8s.io" # k8s 1.14+
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - extensions
+      - "networking.k8s.io" # k8s 1.14+
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+{{- end -}}
diff --git a/basic-nginx-ingress/templates/clusterrolebinding.yaml b/basic-nginx-ingress/templates/clusterrolebinding.yaml
new file mode 100755
index 0000000..d5aa547
--- /dev/null
+++ b/basic-nginx-ingress/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.rbac.create (not .Values.controller.scope.enabled) -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "nginx-ingress.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/basic-nginx-ingress/templates/controller-configmap.yaml b/basic-nginx-ingress/templates/controller-configmap.yaml
new file mode 100755
index 0000000..e80dae2
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-configmap.yaml
@@ -0,0 +1,22 @@
+{{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+data:
+{{- if .Values.controller.addHeaders }}
+  add-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-add-headers
+{{- end }}
+{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
+  proxy-set-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
+{{- end }}
+{{- if .Values.controller.config }}
+{{ toYaml .Values.controller.config | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-daemonset.yaml b/basic-nginx-ingress/templates/controller-daemonset.yaml
new file mode 100755
index 0000000..1f11178
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-daemonset.yaml
@@ -0,0 +1,236 @@
+{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") }}
+{{- $useHostPort := .Values.controller.daemonset.useHostPort -}}
+{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
+apiVersion: {{ template "deployment.apiVersion" . }}
+kind: DaemonSet
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ .Release.Name }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  updateStrategy:
+{{ toYaml .Values.controller.updateStrategy | indent 4 }}
+  minReadySeconds: {{ .Values.controller.minReadySeconds }}
+  template:
+    metadata:
+      {{- if .Values.controller.podAnnotations }}
+      annotations:
+      {{- range $key, $value := .Values.controller.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
+      {{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        component: "{{ .Values.controller.name }}"
+        release: {{ .Release.Name }}
+        {{- if .Values.controller.podLabels }}
+{{ toYaml .Values.controller.podLabels | indent 8}}
+        {{- end }}
+    spec:
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: "{{ .Values.controller.priorityClassName }}"
+{{- end }}
+      {{- if .Values.controller.podSecurityContext }}
+      securityContext:
+{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
+          image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
+          imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
+          {{- if .Values.controller.lifecycle }}
+          lifecycle:
+{{ toYaml .Values.controller.lifecycle | indent 12 }}
+          {{- end }}
+          args:
+            - /nginx-ingress-controller
+            - --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }}{{ else }}{{ .Values.controller.defaultBackendService }}{{ end }}
+          {{- if and (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) .Values.controller.publishService.enabled }}
+            - --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
+            - --election-id={{ .Values.controller.electionID }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
+            - --ingress-class={{ .Values.controller.ingressClass }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
+            - --configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
+          {{- else }}
+            - --nginx-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
+          {{- end }}
+          {{- if .Values.tcp }}
+            - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
+          {{- end }}
+          {{- if .Values.udp }}
+            - --udp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-udp
+          {{- end }}
+          {{- if .Values.controller.scope.enabled }}
+            - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
+          {{- end }}
+          {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork)}}
+            - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
+          {{- end }}
+          {{- if .Values.controller.admissionWebhooks.enabled }}
+            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
+            - --validating-webhook-certificate=/usr/local/certificates/cert
+            - --validating-webhook-key=/usr/local/certificates/key
+          {{- end }}
+          {{- range $key, $value := .Values.controller.extraArgs }}
+            {{- if $value }}
+            - --{{ $key }}={{ $value }}
+            {{- else }}
+            - --{{ $key }}
+            {{- end }}
+          {{- end }}
+          {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }}
+          securityContext:
+            capabilities:
+                drop:
+                - ALL
+                add:
+                - NET_BIND_SERVICE
+            runAsUser: {{ .Values.controller.image.runAsUser }}
+            allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
+          {{- end }}
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.controller.extraEnvs }}
+{{ toYaml .Values.controller.extraEnvs | indent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.livenessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
+          ports:
+          {{- range $key, $value := .Values.controller.containerPort }}
+            - name: {{ $key }}
+              containerPort: {{ $value }}
+              protocol: TCP
+              {{- if $useHostPort }}
+              hostPort: {{ index $hostPorts $key | default $value }}
+              {{- end }}
+          {{- end }}
+          {{- if .Values.controller.metrics.enabled }}
+            - name: metrics
+              containerPort: {{ .Values.controller.metrics.port }}
+              protocol: TCP
+          {{- end }}
+          {{- if .Values.controller.admissionWebhooks.enabled }}
+            - name: webhook
+              containerPort: {{ .Values.controller.admissionWebhooks.port }}
+              protocol: TCP
+          {{- end }}
+          {{- range $key, $value := .Values.tcp }}
+            - name: "{{ $key }}-tcp"
+              containerPort: {{ $key }}
+              protocol: TCP
+              {{- if $useHostPort }}
+              hostPort: {{ $key }}
+              {{- end }}
+          {{- end }}
+          {{- range $key, $value := .Values.udp }}
+            - name: "{{ $key }}-udp"
+              containerPort: {{ $key }}
+              protocol: UDP
+              {{- if $useHostPort }}
+              hostPort: {{ $key }}
+              {{- end }}
+          {{- end }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.readinessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
+{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
+          volumeMounts:
+{{- end }}
+{{- if .Values.controller.customTemplate.configMapName }}
+            - mountPath: /etc/nginx/template
+              name: nginx-template-volume
+              readOnly: true
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+            - name: webhook-cert
+              mountPath: "/usr/local/certificates/"
+              readOnly: true
+{{- end }}
+{{- if .Values.controller.extraVolumeMounts }}
+{{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
+{{- end }}
+          resources:
+{{ toYaml .Values.controller.resources | indent 12 }}
+{{- if .Values.controller.extraContainers }}
+{{ toYaml .Values.controller.extraContainers | indent 8}}
+{{- end }}
+{{- if .Values.controller.extraInitContainers }}
+      initContainers:
+{{ toYaml .Values.controller.extraInitContainers | indent 8}}
+{{- end }}
+      hostNetwork: {{ .Values.controller.hostNetwork }}
+    {{- if .Values.controller.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.controller.nodeSelector | indent 8 }}
+    {{- end }}
+    {{- if .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml .Values.controller.tolerations | indent 8 }}
+    {{- end }}
+    {{- if .Values.controller.affinity }}
+      affinity:
+{{ toYaml .Values.controller.affinity | indent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }}
+      terminationGracePeriodSeconds: 60
+{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
+      volumes:
+{{- end }}
+{{- if .Values.controller.customTemplate.configMapName }}
+        - name: nginx-template-volume
+          configMap:
+            name: {{ .Values.controller.customTemplate.configMapName }}
+            items:
+            - key: {{ .Values.controller.customTemplate.configMapKey }}
+              path: nginx.tmpl
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+        - name: webhook-cert
+          secret:
+            secretName: {{ template "nginx-ingress.fullname". }}-admission
+{{- end }}
+{{- if .Values.controller.extraVolumes }}
+{{ toYaml .Values.controller.extraVolumes | indent 8}}
+{{- end }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-deployment.yaml b/basic-nginx-ingress/templates/controller-deployment.yaml
new file mode 100755
index 0000000..7f52c69
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-deployment.yaml
@@ -0,0 +1,228 @@
+{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
+apiVersion: {{ template "deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ .Release.Name }}
+{{- if not .Values.controller.autoscaling.enabled }}
+  replicas: {{ .Values.controller.replicaCount }}
+{{- end }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  strategy:
+{{ toYaml .Values.controller.updateStrategy | indent 4 }}
+  minReadySeconds: {{ .Values.controller.minReadySeconds }}
+  template:
+    metadata:
+      {{- if .Values.controller.podAnnotations }}
+      annotations:
+      {{- range $key, $value := .Values.controller.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
+      {{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        component: "{{ .Values.controller.name }}"
+        release: {{ .Release.Name }}
+        {{- if .Values.controller.podLabels }}
+{{ toYaml .Values.controller.podLabels | indent 8 }}
+        {{- end }}
+    spec:
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: "{{ .Values.controller.priorityClassName }}"
+{{- end }}
+      {{- if .Values.controller.podSecurityContext }}
+      securityContext:
+{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
+          image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
+          imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
+          {{- if .Values.controller.lifecycle }}
+          lifecycle:
+{{ toYaml .Values.controller.lifecycle | indent 12 }}
+          {{- end }}
+          args:
+            - /nginx-ingress-controller
+            - --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }}{{ else }}{{ .Values.controller.defaultBackendService }}{{ end }}
+          {{- if and (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) .Values.controller.publishService.enabled }}
+            - --publish-service={{ template "nginx-ingress.controller.publishServicePath" . }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
+            - --election-id={{ .Values.controller.electionID }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
+            - --ingress-class={{ .Values.controller.ingressClass }}
+          {{- end }}
+          {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }}
+            - --configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }}
+          {{- else }}
+            - --nginx-configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }}
+          {{- end }}
+          {{- if .Values.tcp }}
+            - --tcp-services-configmap={{ default .Release.Namespace .Values.controller.tcp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
+          {{- end }}
+          {{- if .Values.udp }}
+            - --udp-services-configmap={{ default .Release.Namespace .Values.controller.udp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-udp
+          {{- end }}
+          {{- if .Values.controller.scope.enabled }}
+            - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
+          {{- end }}
+          {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork) }}
+            - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
+          {{- end }}
+          {{- if .Values.controller.admissionWebhooks.enabled }}
+            - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
+            - --validating-webhook-certificate=/usr/local/certificates/cert
+            - --validating-webhook-key=/usr/local/certificates/key
+          {{- end }}
+          {{- range $key, $value := .Values.controller.extraArgs }}
+            {{- if $value }}
+            - --{{ $key }}={{ $value }}
+            {{- else }}
+            - --{{ $key }}
+            {{- end }}
+          {{- end }}
+          {{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }}
+          securityContext:
+            capabilities:
+                drop:
+                - ALL
+                add:
+                - NET_BIND_SERVICE
+            runAsUser: {{ .Values.controller.image.runAsUser }}
+            allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
+          {{- end }}
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.controller.extraEnvs }}
+{{ toYaml .Values.controller.extraEnvs | indent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.livenessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
+          ports:
+          {{- range $key, $value := .Values.controller.containerPort }}
+            - name: {{ $key }}
+              containerPort: {{ $value }}
+              protocol: TCP
+          {{- end }}
+          {{- if .Values.controller.metrics.enabled }}
+            - name: metrics
+              containerPort: {{ .Values.controller.metrics.port }}
+              protocol: TCP
+          {{- end }}
+          {{- if .Values.controller.admissionWebhooks.enabled }}
+            - name: webhook
+              containerPort: {{ .Values.controller.admissionWebhooks.port }}
+              protocol: TCP
+          {{- end }}
+          {{- range $key, $value := .Values.tcp }}
+            - name: "{{ $key }}-tcp"
+              containerPort: {{ $key }}
+              protocol: TCP
+          {{- end }}
+          {{- range $key, $value := .Values.udp }}
+            - name: "{{ $key }}-udp"
+              containerPort: {{ $key }}
+              protocol: UDP
+          {{- end }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.controller.readinessProbe.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
+{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
+          volumeMounts:
+{{- end }}
+{{- if .Values.controller.customTemplate.configMapName }}
+            - mountPath: /etc/nginx/template
+              name: nginx-template-volume
+              readOnly: true
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+            - name: webhook-cert
+              mountPath: "/usr/local/certificates/"
+              readOnly: true
+{{- end }}
+{{- if .Values.controller.extraVolumeMounts }}
+{{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
+{{- end }}
+          resources:
+{{ toYaml .Values.controller.resources | indent 12 }}
+{{- if .Values.controller.extraContainers }}
+{{ toYaml .Values.controller.extraContainers | indent 8}}
+{{- end }}
+{{- if .Values.controller.extraInitContainers }}
+      initContainers:
+{{ toYaml .Values.controller.extraInitContainers | indent 8}}
+{{- end }}
+      hostNetwork: {{ .Values.controller.hostNetwork }}
+    {{- if .Values.controller.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.controller.nodeSelector | indent 8 }}
+    {{- end }}
+    {{- if .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml .Values.controller.tolerations | indent 8 }}
+    {{- end }}
+    {{- if .Values.controller.affinity }}
+      affinity:
+{{ toYaml .Values.controller.affinity | indent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }}
+      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
+{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
+      volumes:
+{{- end }}
+{{- if .Values.controller.customTemplate.configMapName }}
+        - name: nginx-template-volume
+          configMap:
+            name: {{ .Values.controller.customTemplate.configMapName }}
+            items:
+            - key: {{ .Values.controller.customTemplate.configMapKey }}
+              path: nginx.tmpl
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+        - name: webhook-cert
+          secret:
+            secretName: {{ template "nginx-ingress.fullname". }}-admission
+{{- end }}
+{{- if .Values.controller.extraVolumes }}
+{{ toYaml .Values.controller.extraVolumes | indent 8}}
+{{- end }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-hpa.yaml b/basic-nginx-ingress/templates/controller-hpa.yaml
new file mode 100755
index 0000000..dc993eb
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-hpa.yaml
@@ -0,0 +1,34 @@
+{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
+{{- if .Values.controller.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: {{ template "deployment.apiVersion" . }}
+    kind: Deployment
+    name: {{ template "nginx-ingress.controller.fullname" . }}
+  minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
+  metrics:
+{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-metrics-service.yaml b/basic-nginx-ingress/templates/controller-metrics-service.yaml
new file mode 100755
index 0000000..1cc0a71
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-metrics-service.yaml
@@ -0,0 +1,45 @@
+{{- if .Values.controller.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.metrics.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.controller.metrics.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+{{- if .Values.controller.metrics.service.labels }}
+{{ toYaml .Values.controller.metrics.service.labels | indent 4 }}
+{{- end }}
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}-metrics
+spec:
+{{- if not .Values.controller.metrics.service.omitClusterIP }}
+  {{ with .Values.controller.metrics.service.clusterIP }}clusterIP: {{ . }}{{ end }}
+{{- end }}
+{{- if .Values.controller.metrics.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.controller.metrics.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.controller.metrics.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+  ports:
+    - name: metrics
+      port: {{ .Values.controller.metrics.service.servicePort }}
+      targetPort: metrics
+  selector:
+    app: {{ template "nginx-ingress.name" . }}
+    component: "{{ .Values.controller.name }}"
+    release: {{ .Release.Name }}
+  type: "{{ .Values.controller.metrics.service.type }}"
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-poddisruptionbudget.yaml b/basic-nginx-ingress/templates/controller-poddisruptionbudget.yaml
new file mode 100755
index 0000000..70a59c1
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-poddisruptionbudget.yaml
@@ -0,0 +1,19 @@
+{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ .Release.Name }}
+      component: "{{ .Values.controller.name }}"
+  minAvailable: {{ .Values.controller.minAvailable }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-prometheusrules.yaml b/basic-nginx-ingress/templates/controller-prometheusrules.yaml
new file mode 100755
index 0000000..9cee0e9
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-prometheusrules.yaml
@@ -0,0 +1,24 @@
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+  {{- if .Values.controller.metrics.prometheusRule.namespace }}
+  namespace: {{ .Values.controller.metrics.prometheusRule.namespace }}
+  {{- end }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    {{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
+{{ toYaml .Values.controller.metrics.prometheusRule.additionalLabels | indent 4 }}
+    {{- end }}
+spec:
+  {{- with .Values.controller.metrics.prometheusRule.rules }}
+  groups:
+  - name: {{ template "nginx-ingress.name" $ }}
+    rules: {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-psp.yaml b/basic-nginx-ingress/templates/controller-psp.yaml
new file mode 100755
index 0000000..6e4a0e0
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-psp.yaml
@@ -0,0 +1,47 @@
+{{- if .Values.podSecurityPolicy.enabled}}
+apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  allowedCapabilities:
+    - NET_BIND_SERVICE
+  privileged: false
+  allowPrivilegeEscalation: true
+  # Allow core volume types.
+  volumes:
+    - 'configMap'
+    #- 'emptyDir'
+    #- 'projected'
+    - 'secret'
+    #- 'downwardAPI'
+  hostNetwork: {{ .Values.controller.hostNetwork }}
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: 'MustRunAsNonRoot'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  seLinux:
+    rule: 'RunAsAny'
+  hostPorts:
+    - max: 65535
+      min: 1
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-role.yaml b/basic-nginx-ingress/templates/controller-role.yaml
new file mode 100755
index 0000000..30c5a9c
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-role.yaml
@@ -0,0 +1,91 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - endpoints
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - update
+      - watch
+  - apiGroups:
+      - extensions
+      - "networking.k8s.io" # k8s 1.14+
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - "networking.k8s.io" # k8s 1.14+
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    resourceNames:
+      - {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+    verbs:
+      - create
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+{{- if .Values.podSecurityPolicy.enabled }}
+  - apiGroups:      ['{{ template "podSecurityPolicy.apiGroup" . }}']
+    resources:      ['podsecuritypolicies']
+    verbs:          ['use']
+    resourceNames:  [{{ template "nginx-ingress.fullname" . }}]
+{{- end }}
+
+{{- end -}}
diff --git a/basic-nginx-ingress/templates/controller-rolebinding.yaml b/basic-nginx-ingress/templates/controller-rolebinding.yaml
new file mode 100755
index 0000000..2022d9c
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-rolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "nginx-ingress.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/basic-nginx-ingress/templates/controller-service.yaml b/basic-nginx-ingress/templates/controller-service.yaml
new file mode 100755
index 0000000..bf0abde
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-service.yaml
@@ -0,0 +1,89 @@
+{{- if .Values.controller.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.controller.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+{{- if .Values.controller.service.labels }}
+{{ toYaml .Values.controller.service.labels | indent 4 }}
+{{- end }}
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+spec:
+{{- if not .Values.controller.service.omitClusterIP }}
+  {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }}
+{{- end }}
+{{- if .Values.controller.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.controller.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.controller.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.externalTrafficPolicy) }}
+  externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}"
+{{- end }}
+{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.healthCheckNodePort) }}
+  healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
+{{- end }}
+  ports:
+    {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
+    {{- if .Values.controller.service.enableHttp }}
+    - name: http
+      port: {{ .Values.controller.service.ports.http }}
+      protocol: TCP
+      targetPort: {{ .Values.controller.service.targetPorts.http }}
+      {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
+      nodePort: {{ .Values.controller.service.nodePorts.http }}
+      {{- end }}
+    {{- end }}
+    {{- if .Values.controller.service.enableHttps }}
+    - name: https
+      port: {{ .Values.controller.service.ports.https }}
+      protocol: TCP
+      targetPort: {{ .Values.controller.service.targetPorts.https }}
+      {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
+      nodePort: {{ .Values.controller.service.nodePorts.https }}
+      {{- end }}
+    {{- end }}
+  {{- range $key, $value := .Values.tcp }}
+    - name: "{{ $key }}-tcp"
+      port: {{ $key }}
+      protocol: TCP
+      targetPort: "{{ $key }}-tcp"
+     {{- if $.Values.controller.service.nodePorts.tcp }}
+      {{- if index $.Values.controller.service.nodePorts.tcp $key }}
+      nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
+      {{- end }}
+     {{- end }}
+  {{- end }}
+  {{- range $key, $value := .Values.udp }}
+    - name: "{{ $key }}-udp"
+      port: {{ $key }}
+      protocol: UDP
+      targetPort: "{{ $key }}-udp"
+     {{- if $.Values.controller.service.nodePorts.udp }}
+      {{- if index $.Values.controller.service.nodePorts.udp $key }}
+      nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
+      {{- end }}
+     {{- end }}
+  {{- end }}
+  selector:
+    app: {{ template "nginx-ingress.name" . }}
+    component: "{{ .Values.controller.name }}"
+    release: {{ .Release.Name }}
+  type: "{{ .Values.controller.service.type }}"
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-serviceaccount.yaml b/basic-nginx-ingress/templates/controller-serviceaccount.yaml
new file mode 100755
index 0000000..4ad9063
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if or .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.serviceAccountName" . }}
+{{- end -}}
diff --git a/basic-nginx-ingress/templates/controller-servicemonitor.yaml b/basic-nginx-ingress/templates/controller-servicemonitor.yaml
new file mode 100755
index 0000000..e082b2f
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-servicemonitor.yaml
@@ -0,0 +1,38 @@
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "nginx-ingress.controller.fullname" . }}
+  {{- if .Values.controller.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
+  {{- end }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
+{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - port: metrics
+      interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
+      {{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
+      honorLabels: true
+      {{- end }}
+  {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
+  namespaceSelector:
+{{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | indent 4 -}}
+  {{ else }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      component: "{{ .Values.controller.name }}"
+      release: {{ .Release.Name }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/controller-webhook-service.yaml b/basic-nginx-ingress/templates/controller-webhook-service.yaml
new file mode 100755
index 0000000..a3b2551
--- /dev/null
+++ b/basic-nginx-ingress/templates/controller-webhook-service.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.controller.admissionWebhooks.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.admissionWebhooks.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.controller.admissionWebhooks.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.controller.fullname" . }}-admission
+spec:
+{{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }}
+  {{ with .Values.controller.admissionWebhooks.service.clusterIP }}clusterIP: {{ . }}{{ end }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+  ports:
+    - name: https-webhook
+      port: 443
+      targetPort: webhook
+  selector:
+    app: {{ template "nginx-ingress.name" . }}
+    component: "{{ .Values.controller.name }}"
+    release: {{ .Release.Name }}
+  type: "{{ .Values.controller.admissionWebhooks.service.type }}"
+{{- end }}
diff --git a/basic-nginx-ingress/templates/default-backend-deployment.yaml b/basic-nginx-ingress/templates/default-backend-deployment.yaml
new file mode 100755
index 0000000..835a737
--- /dev/null
+++ b/basic-nginx-ingress/templates/default-backend-deployment.yaml
@@ -0,0 +1,104 @@
+{{- if .Values.defaultBackend.enabled }}
+apiVersion: {{ template "deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.defaultBackend.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ .Release.Name }}
+  replicas: {{ .Values.defaultBackend.replicaCount }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  template:
+    metadata:
+    {{- if .Values.defaultBackend.podAnnotations }}
+      annotations:
+      {{- range $key, $value := .Values.defaultBackend.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
+    {{- end }}
+      labels:
+        app: {{ template "nginx-ingress.name" . }}
+        component: "{{ .Values.defaultBackend.name }}"
+        release: {{ .Release.Name }}
+        {{- if .Values.defaultBackend.podLabels }}
+{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
+        {{- end }}
+    spec:
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+{{- if .Values.defaultBackend.priorityClassName }}
+      priorityClassName: "{{ .Values.defaultBackend.priorityClassName }}"
+{{- end }}
+      {{- if .Values.defaultBackend.podSecurityContext }}
+      securityContext:
+{{ toYaml .Values.defaultBackend.podSecurityContext | indent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ template "nginx-ingress.name" . }}-{{ .Values.defaultBackend.name }}
+          image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
+          imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}"
+          args:
+          {{- range $key, $value := .Values.defaultBackend.extraArgs }}
+            {{- if $value }}
+            - --{{ $key }}={{ $value }}
+            {{- else }}
+            - --{{ $key }}
+            {{- end }}
+          {{- end }}
+          securityContext:
+            runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
+          {{- if .Values.defaultBackend.extraEnvs }}
+          env:
+{{ toYaml .Values.defaultBackend.extraEnvs | indent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.defaultBackend.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.defaultBackend.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.defaultBackend.port }}
+              protocol: TCP
+          resources:
+{{ toYaml .Values.defaultBackend.resources | indent 12 }}
+    {{- if .Values.defaultBackend.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
+    {{- if .Values.defaultBackend.tolerations }}
+      tolerations:
+{{ toYaml .Values.defaultBackend.tolerations | indent 8 }}
+    {{- end }}
+    {{- if .Values.defaultBackend.affinity }}
+      affinity:
+{{ toYaml .Values.defaultBackend.affinity | indent 8 }}
+    {{- end }}
+      terminationGracePeriodSeconds: 60
+{{- end }}
diff --git a/basic-nginx-ingress/templates/default-backend-poddisruptionbudget.yaml b/basic-nginx-ingress/templates/default-backend-poddisruptionbudget.yaml
new file mode 100755
index 0000000..af0ec73
--- /dev/null
+++ b/basic-nginx-ingress/templates/default-backend-poddisruptionbudget.yaml
@@ -0,0 +1,19 @@
+{{- if gt (.Values.defaultBackend.replicaCount | int) 1 }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.defaultBackend.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "nginx-ingress.name" . }}
+      release: {{ .Release.Name }}
+      component: "{{ .Values.defaultBackend.name }}"
+  minAvailable: {{ .Values.defaultBackend.minAvailable }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/default-backend-psp.yaml b/basic-nginx-ingress/templates/default-backend-psp.yaml
new file mode 100755
index 0000000..beed249
--- /dev/null
+++ b/basic-nginx-ingress/templates/default-backend-psp.yaml
@@ -0,0 +1,35 @@
+{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "nginx-ingress.fullname" . }}-backend
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  allowPrivilegeEscalation: false
+  fsGroup:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    rule: MustRunAsNonRoot
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+{{- end -}}
diff --git a/basic-nginx-ingress/templates/default-backend-role.yaml b/basic-nginx-ingress/templates/default-backend-role.yaml
new file mode 100755
index 0000000..5770acb
--- /dev/null
+++ b/basic-nginx-ingress/templates/default-backend-role.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}-backend
+rules:
+  - apiGroups:      ['{{ template "podSecurityPolicy.apiGroup" . }}']
+    resources:      ['podsecuritypolicies']
+    verbs:          ['use']
+    resourceNames:  [{{ template "nginx-ingress.fullname" . }}-backend]
+{{- end -}}
diff --git a/basic-nginx-ingress/templates/default-backend-rolebinding.yaml b/basic-nginx-ingress/templates/default-backend-rolebinding.yaml
new file mode 100755
index 0000000..589e4bd
--- /dev/null
+++ b/basic-nginx-ingress/templates/default-backend-rolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}-backend
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "nginx-ingress.fullname" . }}-backend
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/basic-nginx-ingress/templates/default-backend-service.yaml b/basic-nginx-ingress/templates/default-backend-service.yaml
new file mode 100755
index 0000000..1f9e38b
--- /dev/null
+++ b/basic-nginx-ingress/templates/default-backend-service.yaml
@@ -0,0 +1,43 @@
+{{- if .Values.defaultBackend.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.defaultBackend.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.defaultBackend.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.defaultBackend.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
+spec:
+{{- if not .Values.defaultBackend.service.omitClusterIP }}
+  {{ with .Values.defaultBackend.service.clusterIP }}clusterIP: {{ . }}{{ end }}
+{{- end }}
+{{- if .Values.defaultBackend.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.defaultBackend.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+  ports:
+    - name: http
+      port: {{ .Values.defaultBackend.service.servicePort }}
+      protocol: TCP
+      targetPort: http
+  selector:
+    app: {{ template "nginx-ingress.name" . }}
+    component: "{{ .Values.defaultBackend.name }}"
+    release: {{ .Release.Name }}
+  type: "{{ .Values.defaultBackend.service.type }}"
+{{- end }}
diff --git a/basic-nginx-ingress/templates/default-backend-serviceaccount.yaml b/basic-nginx-ingress/templates/default-backend-serviceaccount.yaml
new file mode 100755
index 0000000..39d3c65
--- /dev/null
+++ b/basic-nginx-ingress/templates/default-backend-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.defaultBackend.enabled  .Values.defaultBackend.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/proxyheaders-configmap.yaml b/basic-nginx-ingress/templates/proxyheaders-configmap.yaml
new file mode 100755
index 0000000..725e120
--- /dev/null
+++ b/basic-nginx-ingress/templates/proxyheaders-configmap.yaml
@@ -0,0 +1,18 @@
+{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
+data:
+{{- if .Values.controller.proxySetHeaders }}
+{{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
+{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
+{{ toYaml .Values.controller.headers | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/tcp-configmap.yaml b/basic-nginx-ingress/templates/tcp-configmap.yaml
new file mode 100755
index 0000000..d1a9901
--- /dev/null
+++ b/basic-nginx-ingress/templates/tcp-configmap.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.tcp }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}-tcp
+data:
+{{ tpl (toYaml .Values.tcp) . | indent 2 }}
+{{- end }}
diff --git a/basic-nginx-ingress/templates/udp-configmap.yaml b/basic-nginx-ingress/templates/udp-configmap.yaml
new file mode 100755
index 0000000..945ecc9
--- /dev/null
+++ b/basic-nginx-ingress/templates/udp-configmap.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.udp }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "nginx-ingress.name" . }}
+    chart: {{ template "nginx-ingress.chart" . }}
+    component: "{{ .Values.controller.name }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "nginx-ingress.fullname" . }}-udp
+data:
+{{ tpl (toYaml .Values.udp) . | indent 2 }}
+{{- end }}
diff --git a/basic-nginx-ingress/values.yaml b/basic-nginx-ingress/values.yaml
new file mode 100755
index 0000000..185cfdb
--- /dev/null
+++ b/basic-nginx-ingress/values.yaml
@@ -0,0 +1,540 @@
+## nginx configuration
+## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md
+##
+controller:
+  name: controller
+  image:
+    repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller
+    tag: "0.26.1"
+    pullPolicy: IfNotPresent
+    # www-data -> uid 33
+    runAsUser: 33
+    allowPrivilegeEscalation: true
+
+  # Configures the ports the nginx-controller listens on
+  containerPort:
+    http: 80
+    https: 443
+
+  # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
+  config: {}
+
+  # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
+  proxySetHeaders: {}
+
+  # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
+  addHeaders: {}
+
+  # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
+  # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
+  # is merged
+  hostNetwork: false
+
+  # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
+  # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
+  # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
+  dnsPolicy: ClusterFirst
+
+  # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
+  # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
+  reportNodeInternalIp: false
+
+  ## Use host ports 80 and 443
+  daemonset:
+    useHostPort: false
+
+    hostPorts:
+      http: 80
+      https: 443
+
+  ## Required only if defaultBackend.enabled = false
+  ## Must be <namespace>/<service_name>
+  ##
+  defaultBackendService: ""
+
+  ## Election ID to use for status update
+  ##
+  electionID: ingress-controller-leader
+
+  ## Name of the ingress class to route through this controller
+  ##
+  ingressClass: nginx
+
+  # labels to add to the pod container metadata
+  podLabels: {}
+  #  key: value
+
+  ## Security Context policies for controller pods
+  ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
+  ## notes on enabling and using sysctls
+  ##
+  podSecurityContext: {}
+
+  ## Allows customization of the external service
+  ## the ingress will be bound to via DNS
+  publishService:
+    enabled: false
+    ## Allows overriding of the publish service to bind to
+    ## Must be <namespace>/<service_name>
+    ##
+    pathOverride: ""
+
+  ## Limit the scope of the controller
+  ##
+  scope:
+    enabled: false
+    namespace: ""   # defaults to .Release.Namespace
+
+  ## Allows customization of the configmap / nginx-configmap namespace
+  ##
+  configMapNamespace: ""   # defaults to .Release.Namespace
+
+  ## Allows customization of the tcp-services-configmap namespace
+  ##
+  tcp:
+    configMapNamespace: ""   # defaults to .Release.Namespace
+
+  ## Allows customization of the udp-services-configmap namespace
+  ##
+  udp:
+    configMapNamespace: ""   # defaults to .Release.Namespace
+
+  ## Additional command line arguments to pass to nginx-ingress-controller
+  ## E.g. to specify the default SSL certificate you can use
+  ## extraArgs:
+  ##   default-ssl-certificate: "<namespace>/<secret_name>"
+  extraArgs: {}
+
+  ## Additional environment variables to set
+  extraEnvs: []
+  # extraEnvs:
+  #   - name: FOO
+  #     valueFrom:
+  #       secretKeyRef:
+  #         key: FOO
+  #         name: secret-resource
+
+  ## DaemonSet or Deployment
+  ##
+  kind: Deployment
+
+  # The update strategy to apply to the Deployment or DaemonSet
+  ##
+  updateStrategy: {}
+  #  rollingUpdate:
+  #    maxUnavailable: 1
+  #  type: RollingUpdate
+
+  # minReadySeconds to avoid killing pods before we are ready
+  ##
+  minReadySeconds: 0
+
+
+  ## Node tolerations for server scheduling to nodes with taints
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  ##
+  tolerations: []
+  #  - key: "key"
+  #    operator: "Equal|Exists"
+  #    value: "value"
+  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+  ## Affinity and anti-affinity
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+    # # An example of preferred pod anti-affinity, weight is in the range 1-100
+    # podAntiAffinity:
+    #   preferredDuringSchedulingIgnoredDuringExecution:
+    #   - weight: 100
+    #     podAffinityTerm:
+    #       labelSelector:
+    #         matchExpressions:
+    #         - key: app
+    #           operator: In
+    #           values:
+    #           - nginx-ingress
+    #       topologyKey: kubernetes.io/hostname
+
+    # # An example of required pod anti-affinity
+    # podAntiAffinity:
+    #   requiredDuringSchedulingIgnoredDuringExecution:
+    #   - labelSelector:
+    #       matchExpressions:
+    #       - key: app
+    #         operator: In
+    #         values:
+    #         - nginx-ingress
+    #     topologyKey: "kubernetes.io/hostname"
+
+  ## terminationGracePeriodSeconds
+  ##
+  terminationGracePeriodSeconds: 60
+
+  ## Node labels for controller pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Liveness and readiness probe values
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+  ##
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+    port: 10254
+  readinessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+    port: 10254
+
+  ## Annotations to be added to controller pods
+  ##
+  podAnnotations: {}
+
+  replicaCount: 1
+
+  minAvailable: 1
+
+  resources: {}
+  #  limits:
+  #    cpu: 100m
+  #    memory: 64Mi
+  #  requests:
+  #    cpu: 100m
+  #    memory: 64Mi
+
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 11
+    targetCPUUtilizationPercentage: 50
+    targetMemoryUtilizationPercentage: 50
+
+  ## Override NGINX template
+  customTemplate:
+    configMapName: ""
+    configMapKey: ""
+
+  service:
+    enabled: true
+
+    annotations: {}
+    labels: {}
+    ## Deprecated, instead simply do not provide a clusterIP value
+    omitClusterIP: false
+    # clusterIP: ""
+
+    ## List of IP addresses at which the controller services are available
+    ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+    ##
+    externalIPs: []
+
+    loadBalancerIP: ""
+    loadBalancerSourceRanges: []
+
+    enableHttp: true
+    enableHttps: true
+
+    ## Set external traffic policy to: "Local" to preserve source IP on
+    ## providers supporting it
+    ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
+    externalTrafficPolicy: ""
+
+    healthCheckNodePort: 0
+
+    ports:
+      http: 80
+      https: 443
+
+    targetPorts:
+      http: http
+      https: https
+
+    type: LoadBalancer
+
+    # type: NodePort
+    # nodePorts:
+    #   http: 32080
+    #   https: 32443
+    #   tcp:
+    #     8080: 32808
+    nodePorts:
+      http: ""
+      https: ""
+      tcp: {}
+      udp: {}
+
+  extraContainers: []
+  ## Additional containers to be added to the controller pod.
+  ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
+  #  - name: my-sidecar
+  #    image: nginx:latest
+  #  - name: lemonldap-ng-controller
+  #    image: lemonldapng/lemonldap-ng-controller:0.2.0
+  #    args:
+  #      - /lemonldap-ng-controller
+  #      - --alsologtostderr
+  #      - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
+  #    env:
+  #      - name: POD_NAME
+  #        valueFrom:
+  #          fieldRef:
+  #            fieldPath: metadata.name
+  #      - name: POD_NAMESPACE
+  #        valueFrom:
+  #          fieldRef:
+  #            fieldPath: metadata.namespace
+  #    volumeMounts:
+  #    - name: copy-portal-skins
+  #      mountPath: /srv/var/lib/lemonldap-ng/portal/skins
+
+  extraVolumeMounts: []
+  ## Additional volumeMounts to the controller main container.
+  #  - name: copy-portal-skins
+  #   mountPath: /var/lib/lemonldap-ng/portal/skins
+
+  extraVolumes: []
+  ## Additional volumes to the controller pod.
+  #  - name: copy-portal-skins
+  #    emptyDir: {}
+
+  extraInitContainers: []
+  ## Containers, which are run before the app containers are started.
+  # - name: init-myservice
+  #   image: busybox
+  #   command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
+
+  admissionWebhooks:
+    enabled: false
+    failurePolicy: Fail
+    port: 8443
+
+    service:
+      annotations: {}
+      ## Deprecated, instead simply do not provide a clusterIP value
+      omitClusterIP: false
+      # clusterIP: ""
+      externalIPs: []
+      loadBalancerIP: ""
+      loadBalancerSourceRanges: []
+      servicePort: 443
+      type: ClusterIP
+
+    patch:
+      enabled: true
+      image:
+        repository: jettech/kube-webhook-certgen
+        tag: v1.0.0
+        pullPolicy: IfNotPresent
+      ## Provide a priority class name to the webhook patching job
+      ##
+      priorityClassName: ""
+      podAnnotations: {}
+      nodeSelector: {}
+
+  metrics:
+    port: 10254
+    # if this port is changed, change healthz-port: in extraArgs: accordingly
+    enabled: false
+
+    service:
+      annotations: {}
+      # prometheus.io/scrape: "true"
+      # prometheus.io/port: "10254"
+
+      ## Deprecated, instead simply do not provide a clusterIP value
+      omitClusterIP: false
+      # clusterIP: ""
+
+      ## List of IP addresses at which the stats-exporter service is available
+      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+      ##
+      externalIPs: []
+
+      loadBalancerIP: ""
+      loadBalancerSourceRanges: []
+      servicePort: 9913
+      type: ClusterIP
+
+    serviceMonitor:
+      enabled: false
+      additionalLabels: {}
+      namespace: ""
+      namespaceSelector: {}
+      # Default: scrape .Release.Namespace only
+      # To scrape all, use the following:
+      # namespaceSelector:
+      #   any: true
+      scrapeInterval: 30s
+      # honorLabels: true
+
+    prometheusRule:
+      enabled: false
+      additionalLabels: {}
+      namespace: ""
+      rules: []
+        # # These are just examples rules, please adapt them to your needs
+        # - alert: TooMany500s
+        #   expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
+        #   for: 1m
+        #   labels:
+        #     severity: critical
+        #   annotations:
+        #     description: Too many 5XXs
+        #     summary: More than 5% of the all requests did return 5XX, this require your attention
+        # - alert: TooMany400s
+        #   expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
+        #   for: 1m
+        #   labels:
+        #     severity: critical
+        #   annotations:
+        #     description: Too many 4XXs
+        #     summary: More than 5% of the all requests did return 4XX, this require your attention
+
+
+  lifecycle: {}
+
+  priorityClassName: ""
+
+## Rollback limit
+##
+revisionHistoryLimit: 10
+
+## Default 404 backend
+##
+defaultBackend:
+
+  ## If false, controller.defaultBackendService must be provided
+  ##
+  enabled: true
+
+  name: default-backend
+  image:
+    repository: k8s.gcr.io/defaultbackend-amd64
+    tag: "1.5"
+    pullPolicy: IfNotPresent
+    # nobody user -> uid 65534
+    runAsUser: 65534
+
+  extraArgs: {}
+
+  serviceAccount:
+    create: true
+    name:
+  ## Additional environment variables to set for defaultBackend pods
+  extraEnvs: []
+
+  port: 8080
+
+  ## Readiness and liveness probes for default backend
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+  ##
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 5
+  readinessProbe:
+    failureThreshold: 6
+    initialDelaySeconds: 0
+    periodSeconds: 5
+    successThreshold: 1
+    timeoutSeconds: 5
+
+  ## Node tolerations for server scheduling to nodes with taints
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  ##
+  tolerations: []
+  #  - key: "key"
+  #    operator: "Equal|Exists"
+  #    value: "value"
+  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+  affinity: {}
+
+  ## Security Context policies for controller pods
+  ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
+  ## notes on enabling and using sysctls
+  ##
+  podSecurityContext: {}
+
+  # labels to add to the pod container metadata
+  podLabels: {}
+  #  key: value
+
+  ## Node labels for default backend pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Annotations to be added to default backend pods
+  ##
+  podAnnotations: {}
+
+  replicaCount: 1
+
+  minAvailable: 1
+
+  resources: {}
+  # limits:
+  #   cpu: 10m
+  #   memory: 20Mi
+  # requests:
+  #   cpu: 10m
+  #   memory: 20Mi
+
+  service:
+    annotations: {}
+    ## Deprecated, instead simply do not provide a clusterIP value
+    omitClusterIP: false
+    # clusterIP: ""
+
+    ## List of IP addresses at which the default backend service is available
+    ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+    ##
+    externalIPs: []
+
+    loadBalancerIP: ""
+    loadBalancerSourceRanges: []
+    servicePort: 80
+    type: ClusterIP
+
+  priorityClassName: ""
+
+## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266
+rbac:
+  create: true
+
+# If true, create & use Pod Security Policy resources
+# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+podSecurityPolicy:
+  enabled: false
+
+serviceAccount:
+  create: true
+  name:
+
+## Optional array of imagePullSecrets containing private registry credentials
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# - name: secretName
+
+# TCP service key:value pairs
+# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
+##
+tcp: {}
+#  8080: "default/example-tcp-svc:9000"
+
+# UDP service key:value pairs
+# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
+##
+udp: {}
+#  53: "kube-system/kube-dns:53"
diff --git a/index.yaml b/index.yaml
new file mode 100644
index 0000000..c91b58d
--- /dev/null
+++ b/index.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+entries:
+  basic-nginx-ingress:
+  - apiVersion: v1
+    appVersion: 0.26.1
+    created: "2019-12-05T10:32:22.951059+08:00"
+    description: An nginx Ingress controller that uses ConfigMap to store the nginx
+      configuration.
+    digest: 318b7bc67b15fbdbc0c17389348c0c3c89574c8142507613eeadb6debf2f1026
+    home: https://github.com/kubernetes/ingress-nginx
+    icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
+    keywords:
+    - ingress
+    - nginx
+    kubeVersion: '>=1.10.0-0'
+    maintainers:
+    - name: ChiefAlexander
+    - email: Trevor.G.Wood@gmail.com
+      name: taharah
+    name: basic-nginx-ingress
+    sources:
+    - https://github.com/kubernetes/ingress-nginx
+    urls:
+    - https://alauda.github.io/captain-test-charts/basic-nginx-ingress-1.26.2.tgz
+    version: 1.26.2
+generated: "2019-12-05T10:32:22.945811+08:00"
diff --git a/robots.txt b/robots.txt
new file mode 100644
index 0000000..954f34b
--- /dev/null
+++ b/robots.txt
@@ -0,0 +1 @@
+“User-Agent: *nDisallow: /”